Token Of Power Governance Exploit Drains $1.58 Million In WETH, TRM Says

bitcoinistPublished on 2026-06-14Last updated on 2026-06-14

Abstract

Blockchain intelligence firm TRM Labs reports a governance exploit against the Token of Power protocol, resulting in a loss of approximately $1.58 million in WETH. The attacker exploited a missing timelock in the protocol's Aragon DAO setup, allowing them to propose, vote on, and execute a malicious action within a single block. The attacker funded the operation with 662 ETH from Tornado Cash, purchased enough TOP tokens to gain majority voting power, minted 10 billion new TOP tokens, and swapped them for WETH via a Balancer pool before moving funds back through Tornado Cash. The incident underscores that governance design is a critical security risk in DeFi, where parameters like timelocks provide essential reaction time. It also highlights how mixers and liquidity pools can be utilized in exploits without being directly compromised. Observers are now watching for any movement of the stolen funds and further remediation details from involved parties. This event is part of a broader shift in crypto, emphasizing the importance of underlying infrastructure, security, and governance alongside market movements.

Blockchain intelligence firm TRM Labs has detailed a governance takeover exploit against the Token of Power protocol that drained approximately $1.58 million in WETH.

According to TRM’s analysis, the attacker exploited a weakness in the protocol’s Aragon DAO setup: the absence of a timelock. That allowed the attacker to propose, vote on, and execute a malicious governance action in a single block.

The attacker reportedly funded the operation with 662 ETH withdrawn from Tornado Cash, purchased enough TOP tokens to gain majority voting power, minted 10 billion new TOP, and swapped those tokens for WETH through a Balancer pool before routing funds back through Tornado Cash.

Why Timelocks Matter

The exploit is a clear example of how governance design can become a direct security risk. Token voting can look decentralized on paper, but if a malicious actor can quickly buy voting power and execute changes without delay, the governance system can become an attack surface.

Timelocks are meant to give users, developers, and security teams time to react before a proposal becomes executable. Without that delay, a hostile vote can become a drain before anyone can stop it.

Why This Matters

For DeFi users, the story is a reminder that smart-contract risk is not limited to code bugs. Governance parameters, treasury controls, and voting thresholds can be just as important.

It also highlights how mixers and liquidity pools can be used around an exploit without being the exploited protocol themselves.

What To Watch Next

The next thing to watch is whether stolen funds move again and whether the protocol, Aragon, or affected liquidity providers publish further remediation details.

The article must not say Tornado Cash itself was hacked.

Market Context

For Bitcoinist, the story sits inside a wider shift in crypto where infrastructure, security, governance, and token utility are becoming just as important as short-term price action. Traders still care about momentum, but they also need to understand the systems, risks, and product changes behind the headlines.

The useful angle is not to overstate the development, but to explain why it belongs in the daily market conversation. Strong crypto stories increasingly come from protocol updates, official notices, security reports, court records, and on-chain data rather than recycled commentary alone.

The editorial takeaway should stay grounded: the source confirms a meaningful crypto development, but the implications depend on adoption, follow-up disclosures, or further on-chain evidence. That balance keeps the piece useful without leaning on hype or unsupported claims.

From an editorial standpoint, this makes the story worth covering as part of the day’s broader crypto operating environment rather than as a standalone hype cycle. The strongest version of the piece should stay close to the verified source, explain the practical risk or opportunity, and leave room for follow-up once more official data, filings, or project statements are available.

This report is based on information from TRM Labs’ on-chain security report.

Related Questions

QWhat vulnerability did the attacker exploit in the Token of Power protocol to drain $1.58 million?

AThe attacker exploited a weakness in the protocol's Aragon DAO setup: the absence of a timelock mechanism. This allowed them to propose, vote on, and execute a malicious governance action in a single block.

QAccording to the article, why are timelocks important in governance design?

ATimelocks are important because they give users, developers, and security teams time to review and react to a governance proposal before it becomes executable. Without this delay, a hostile actor can execute a damaging action before anyone can intervene.

QHow did the attacker fund the operation and cash out the stolen assets according to TRM's analysis?

AThe attacker funded the operation with 662 ETH withdrawn from Tornado Cash. They then purchased enough TOP tokens to gain majority voting power, minted 10 billion new TOP tokens, and swapped those tokens for WETH through a Balancer pool before routing the funds back through Tornado Cash.

QWhat key risk for DeFi users does this exploit highlight beyond smart-contract bugs?

AIt highlights that governance parameters, treasury controls, and voting thresholds can be just as critical a security risk as smart-contract code bugs. Poorly designed governance systems can themselves become an attack surface.

QWhat does the article suggest as the 'useful angle' for covering such developments in the crypto market?

AThe useful angle is to explain why the event belongs in the daily market conversation by focusing on protocol infrastructure, security, and governance, rather than overstating it or relying on hype. Coverage should stay close to verified sources, explain the practical risk or opportunity, and leave room for follow-up information.

Related Reads

As the US and Japan Hike Interest Rates, Which Asset Class is Most at Risk?

This week, global markets face two major events: the Bank of Japan's likely interest rate hike and the US Federal Reserve's FOMC meeting. For risk assets, it is a pivotal and volatile week. In the US, expectations for rate cuts have faded dramatically. May's higher-than-expected CPI and resilient jobs data have shifted the Fed's focus from potential cuts to the possibility of future hikes. New Fed Chair Wash is unlikely to raise rates at this meeting, but any hawkish shift in communication, the dot plot, or the policy statement could lead markets to price in tighter policy, pushing up short-term Treasury yields and strengthening the dollar. High-valuation growth stocks, AI-related assets, and small-cap stocks reliant on cheap funding are most vulnerable to rising rates. In Japan, a 25 basis point hike is almost fully priced in (98.3% probability), which would bring the policy rate to 1%, its highest since 1995. The concern is not the hike itself, but its potential to unwind the massive "carry trade," where investors borrowed low-yielding yen to invest globally. Historically, Japan's rate hikes have coincided with global market stress (2000, 2007, 2024). While this well-telegraphed hike may be digested smoothly, two key factors increase uncertainty: 1) Governor Ueda's absence due to illness, putting communication in the hands of less-familiar deputies, and 2) the Fed meeting occurring just days later, creating potential for a compounded market reaction if both central banks sound hawkish. Asset implications: * **Bonds:** US short-term yields sensitive to Fed signals. Japan's rate hike could pressure its massive US Treasury holdings. * **Currencies:** Dollar likely supported by Fed; Yen's reaction hinges on BoJ's forward guidance. * **Equities:** US growth stocks, small-caps most at risk. Japanese stocks face pressure from a stronger yen. * **Crypto:** Assets like Bitcoin face headwinds from higher rates and tighter liquidity; high-beta altcoins are even more vulnerable. The convergence of these two central bank meetings amplifies market volatility risks, with potential spillovers across asset classes globally.

marsbit7m ago

As the US and Japan Hike Interest Rates, Which Asset Class is Most at Risk?

marsbit7m ago

Data Decrypts the BTC Cycle: Three Major Bottom Signals Illuminate Simultaneously, Q4 Could Be a Crucial Turning Point Window?

"Decoding the Bitcoin Cycle: Three Bottom Signals Flash Simultaneously, Is Q4 the Key Turning Point?" The article analyzes Bitcoin's current market position, comparing it to historical cycles. BTC has corrected over 52% from its October 2025 peak of $126,198 to around $59,100 in June 2026. While significant, this drawdown is milder than the 77-86% declines seen in past bear markets. The analysis is framed within Bitcoin's four-year halving cycle. Past cycles show a pattern: prices peak 12-18 months post-halving, bottom 12-14 months after the peak, with lows typically occurring roughly 17 months before the next halving. Following the April 2024 halving and the October 2025 peak, this pattern suggests a potential bottoming window around Q4 2026, ahead of the expected 2028 halving. Three key on-chain metrics are signaling undervaluation: The MVRV Z-Score has dropped near 0.27, approaching historic bottom zones. The market price is only about 9% above the network's average realized price of ~$53,600, a rare low premium. Bitcoin's price recently touched its 200-week moving average (~$62,200), a level that aligned with bottoms in 2015, 2018, and 2020. While US spot Bitcoin ETFs saw record outflows in May/June 2026, indicating retail panic, whale addresses (holding 100+ BTC) reached a yearly high. Entities like MicroStrategy resumed buying, and long-term holders control a near-record 78% of the supply, suggesting accumulation. A major macro overhang was partially removed with a US-Iran ceasefire agreement in mid-June 2026, which eased oil prices and triggered a sharp BTC rally. However, persistent inflation means high-interest rates remain a constraint. The conclusion notes that genuine investment opportunities often arise when confidence is lowest, amidst narratives that "this time is different." While not guaranteeing an immediate bottom, the confluence of cycle timing, undervaluation signals, and shifting macro risks suggests late 2026 may be a critical period for reassessing risk/reward and patient accumulation for long-term believers.

marsbit7m ago

Data Decrypts the BTC Cycle: Three Major Bottom Signals Illuminate Simultaneously, Q4 Could Be a Crucial Turning Point Window?

marsbit7m ago

NVIDIA's $20 Billion Bond Issuance Adds Fuel to the Story of Bitcoin Miners Transitioning to AI

Nvidia is reportedly joining the AI bond issuance wave, planning to raise at least $20 billion through a multi-tranche bond offering. This financing move underscores sustained high market demand for AI infrastructure and data centers. It also highlights a growing trend among Bitcoin miners, who are pivoting to repurpose their high-power facilities and existing energy agreements into high-performance computing and AI hosting sites. Companies like HIVE Digital, TeraWulf, Hut 8, and CleanSpark are shifting their business models from solely relying on Bitcoin mining revenue to becoming providers of data center computing power. The primary driver for this transition is the increasingly challenging economics of Bitcoin mining, especially following the April 2024 halving event. The combination of the halving, persistently high mining difficulty, and operational costs has severely squeezed profit margins, leading miners to sell BTC reserves and seek alternative revenue streams. Analysts note that major mining firms are expected to increasingly transform into AI infrastructure suppliers, capitalizing on the ongoing AI construction boom to secure new growth opportunities.

marsbit37m ago

NVIDIA's $20 Billion Bond Issuance Adds Fuel to the Story of Bitcoin Miners Transitioning to AI

marsbit37m ago

The Shutdown of Claude Mythos Revealed the True Cost of Renting AI to Me

The sudden shutdown of Claude Mythos this week starkly highlights a critical, often overlooked risk for founders: when your core capability relies entirely on someone else's platform, your fate is not in your own hands. The key question becomes: who truly owns the intelligence your product depends on? For years, the debate around open-source models focused on cost. Now, the evidence is clear: fine-tuned open-source models can achieve frontier-level quality for specific, mission-critical tasks at a fraction of the cost. However, the deeper issue is control. Relying on a third-party API is like renting; it works until the landlord changes the rules, raises the rent, or asks you to leave—as Mythos experienced. The lesson is not to stop using frontier models—they are incredible infrastructure. The goal is ownership. Ownership means starting with a powerful open-source model and shaping it around what makes your company unique: your data, workflows, domain expertise, and definition of "good." Over time, the model becomes less generic and more reflective of your business, creating durable value. The optimistic conclusion is that AI's future doesn't hinge on one superior model. There is no single frontier. The frontier includes proprietary models, models fine-tuned on company-specific knowledge, specialized models for narrow problems, and intelligent routers orchestrating model ensembles. The most interesting development is not models getting smarter, but intelligence becoming increasingly customizable. The winning companies will be those that transform intelligence into a unique, owned asset. Looking ahead, the vision is not one model dominating all, but many teams owning the part of the frontier that matters most to them.

marsbit55m ago

The Shutdown of Claude Mythos Revealed the True Cost of Renting AI to Me

marsbit55m ago

Tiger Research: U.S. Strategic Bitcoin Reserve - Should the Market Be Happy or Disappointed?

Tiger Research analyzes the evolution of U.S. legislative efforts regarding a strategic Bitcoin reserve, concluding the market impact is limited in the short term but potentially positive long-term. The core event was a March 2025 executive order by former President Trump, which designated confiscated Bitcoin as a strategic reserve and promised not to sell existing holdings (approx. 190k BTC). As it contained no mandate to purchase new Bitcoin, the market reacted negatively, with prices dropping 5.7%. Legislative history shows a significant retreat from initial ambitions. The 2024 "BITCOIN Act" proposed mandatory purchases of 1 million BTC over five years. Reintroduced in 2025, it stalled due to high fiscal costs, concerns over dollar hegemony, and opposition from the Treasury Secretary. The current frontrunner, the 2026 "American Retirement and Monetary Advancement (ARMA) Act," is a compromise. It lacks any purchase requirement, instead focusing on consolidating existing government-held Bitcoin and legally prohibiting its sale for at least 20 years. While ARMA has higher passage odds due to bipartisan support and no purchase mandate, its immediate market effect is neutral. It eliminates potential government selling pressure but creates no new demand. The long-term significance is that formally establishing Bitcoin as a national reserve asset in law could later reignite debates on mandatory purchases. Therefore, the path to a government buyer is longer than initially priced by the market, but the directional narrative remains intact.

marsbit58m ago

Tiger Research: U.S. Strategic Bitcoin Reserve - Should the Market Be Happy or Disappointed?

marsbit58m ago

Trading

Spot
Futures
活动图片

Hot Categoriesright-arrow

Hot Tagsright-arrow