An attacker used a governance misconfiguration in Token of Power’s Aragon DAO to mint 10 billion TOP tokens, then converted a slice of that supply into 944.2 WETH.
Security firm Blockaid identified the incident as a governance-takeover attack. The token minting came from the DAO, not from a hacked wallet with stolen private keys. That distinction matters because it points to a process failure, not a cryptographic one.
What the attacker did
According to The Defiant, the exploit hit Token of Power’s Aragon DAO on Tuesday. The attacker minted 10 billion TOP tokens after taking control via a governance misconfiguration.
After the mint, the attacker swapped a fraction of the newly created TOP tokens for 944.2 WETH. TheDefiant reports that amount as roughly $1.58 million, based on WETH’s value at the time of the swap.
The key mechanic here is power over minting. If governance can be steered to approve a mint, the system effectively becomes a factory for assets. In that situation, price and liquidity may follow the attacker’s actions, but the real damage begins with the governance path that enabled the mint.
Why Blockaid calls it governance takeover
The Defiant says Blockaid described the incident as a governance-takeover attack, distinct from other common hack categories. “Governance takeover” usually implies the attacker gained enough control to pass malicious proposals or trigger privileged actions through the DAO’s own execution layer.
That makes this less like a classic breach and more like a failure in who gets to authorize what. In practice, it shifts what defenders need to check after the fact. Wallet-draining incident response will not fix a voting pipeline that can be captured.
Balancer pool drain angle
The Defiant headline centers on a “drains $1.58M from Balancer pool” framing. The swap described in the source text was for 944.2 WETH. A Balancer pool is a common venue for token swaps, so the reported WETH acquisition is consistent with the attacker routing proceeds through that liquidity source.
For readers, the implication is straightforward. Even when the core issue is governance, attackers still cash out quickly using liquidity venues. The attacker does not need to hold the entire position in the newly minted token. They can convert to ETH exposure immediately and then disappear into post-attack cleanup.
What to watch next
The immediate operational questions after incidents like this usually revolve around whether the DAO can reverse what it enabled, or whether users can only seek mitigation outside the protocol.
The Defiant’s report is clear on the mint and the swap amounts and ties them to a governance misconfiguration in an Aragon DAO. What it does not provide in the excerpt is any timeline for remediation, any governance vote to ratify or undo the mint, or any explicit freeze mechanism.
That gap is worth attention. When the exploit route is governance, the “fix” often needs to be governance itself. Expect teams to scrutinize the DAO’s configuration, authority controls, and proposal execution rules. If they can patch those, they can stop the next mint. If they can’t, they may only be able to soften the damage.
One fact that should stick
If governance controls minting, then governance is infrastructure. Blockaid’s “governance-takeover” framing in The Defiant highlights the point.
Attackers exploited a misconfiguration, minted 10 billion TOP tokens, then converted part of that supply into 944.2 WETH worth about $1.58 million. The size of the mint is the headline. The ease of turning it into liquid value is the part that typically repeats until governance is hardened.
| Item | Reported detail | Source |
|---|---|---|
| Attack type | Governance-takeover attack, via Aragon DAO governance misconfiguration | The Defiant, Blockaid |
| Token minted | 10 billion TOP tokens | The Defiant |
| Tokens swapped for | 944.2 WETH | The Defiant |
| Value of WETH | Roughly $1.58 million | The Defiant |
| Venue | Balancer pool implied by the report framing | The Defiant |