$1.58 Million Vanishes in Minutes: How a Tiny Token’s Governance Was Hijacked

A low-cap token’s weak safeguards enabled a swift takeover that uncovered ongoing dangers in DeFi voting techniques.

Blockchain safety corporations at present reported a $1.58 million exploit on Token of Power ($TOP), the place an attacker seized governance management, minted billions of tokens, and drained liquidity from a Balancer V1 pool.

How the Attack Happened

An handle funded by means of Tornado Cash acquired over 50% of $TOP voting energy as a result of token’s restricted provide and low valuation.

Using an Aragon DAO setup with MiniMeToken, the attacker held greater than half of the 16,384 whole TOP provide.

In a single transaction, they created, voted on, and executed a malicious proposal. This triggered the TokenSupervisor to mint 10 billion TOP on to the attacker’s contract.

The newly created tokens have been then swapped for 944.2 WETH (roughly $1.585 million) in the TOP/WETH Balancer V1 pool, depleting its liquidity.

🚨ALERT🚨Our system has detected a suspicious transaction involving Token of Power ($TOP), ensuing in losses of roughly $1.58 million.

An handle funded by means of @TornadoCash executed a malicious transaction that drained funds from the TOP/WETH Balancer V1 Pool.

The… pic.twitter.com/ewpQTmDA8s

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 9, 2026

Follow us on X to get the most recent information because it occurs

Security Warnings Issued

BlockSec Phalcon detailed the mechanics and urged rapid critiques:

“Projects utilizing related Lido/Aragon governance implementations ought to rigorously evaluation their voting energy distribution, quorum/cross thresholds, mint permissions, and associated governance safeguards.”

The stolen funds have been routed again by means of Tornado Cash, complicating restoration efforts. No losses occurred to Balancer’s core protocol.

Market Context and Investor Impact

This exploit provides to 2026’s pattern of governance attacks on smaller DeFi initiatives, the place low liquidity and lax parameters make takeovers inexpensive.

While main protocols have strengthened defenses with timelocks and better quorums, many rising tokens stay uncovered.

Investors in low-cap tokens and liquidity suppliers ought to confirm governance parameters, monitor giant token accumulations, and keep away from unvetted swimming pools.

Projects on related stacks will possible face elevated scrutiny and requires upgrades.

For the broader ecosystem, the occasion serves as a well timed reminder: robust governance design stays important to guard consumer funds in an period of subtle, low-cost assaults.

Stay vigilant and prioritize audited, battle-tested parameters.

The put up $1.58 Million Vanishes in Minutes: How a Tiny Token’s Governance Was Hijacked appeared first on BeInCrypto.