TL;DR
- TRM Labs says the Token of Power has been mined for approximately $1.58 million at WETH.
- The attacker used a governance setup with no time lock to propose, vote, and execute in a single block.
- Tornado Cash was used for funding and routing, but Tornado Cash itself was not hacked.
TRM Details Governance Takeover
Blockchain intelligence firm TRM Labs has detailed a governance exploit against the Token of Power protocol that drained nearly $1.58 million in WETH.
According to TRM’s analysis, the attacker exploited a weakness in the protocol’s Aragon DAO setup: the lack of a time lock. This allowed the attacker to propose, vote on, and execute a malicious governance action in a single block.
The attacker reportedly funded the operation with 662 ETH withdrawn from Tornado Cash, bought enough TOP tokens to gain majority voting power, minted 10 billion new TOP, and exchanged those tokens for WETH through the Balancer pool before routing the funds back through Tornado Cash.
Why Timelocks Matter
This vulnerability is a clear example of how governance design can become a direct security risk. Token voting can appear decentralized on paper, but if a malicious actor can quickly buy voting power and implement changes without delay, the governance system can become an attack surface.
Time locks are intended to give users, developers, and security teams time to respond before a proposal becomes actionable. Without this delay, hostile voting could become an exhaustion before anyone can stop it.
Why is this important?
For DeFi users, the story is a reminder that smart contract risks are not limited to software bugs. Governance standards, treasury controls, and voting thresholds can be equally important.
It also highlights how mixers and liquidity pools can be used around the exploit without it being the exploited protocol itself.
What to watch next
The next thing to watch is whether the stolen funds move again and whether the protocol, Aragon or the affected liquidity providers publish more details of the remediation.
The article should not mention that Tornado Cash itself was hacked.
Market context
For Bitcoinist, the story lies in a broader shift in cryptocurrencies where infrastructure, security, governance and token utilities have become as important as short-term price action. Traders still care about momentum, but they also need to understand the regulations, risks, and product changes behind the headlines.
A useful angle is not to overstate the development, but to explain why it is in the daily market conversation. Increasingly strong cryptocurrency stories come from protocol updates, official notices, security reports, court records, and on-chain data rather than recycled comments alone.
The editorial takeaway should remain consistent: The source confirms that an important development has occurred in the cryptocurrency space, but the implications depend on adoption, follow-up disclosure, or further on-chain evidence. This balance keeps the piece useful without relying on hype or unsupported claims.
From an editorial standpoint, this makes the story worth covering as part of today’s broader cryptocurrency operating environment rather than as a standalone hype cycle. The strongest version of the article should stay close to the verified source, explain the practical risk or opportunity, and leave room for follow-up once official data, files, or project data is available.
This report is based on information from TRM Labs On-Chain Security Report.
Editing process Bitcoinist focuses on providing well-researched, accurate, and unbiased content. We adhere to strict sourcing standards, and every page is carefully reviewed by our team of senior technology experts and experienced editors. This process ensures the integrity, relevance, and value of our content to our readers.
