Token of Power suffered an exploit on Tuesday that drained more than $1.5 million from its liquidity pool. On-chain companies Blockaid, PeckShield, and Cyvers reported the incident in posts on X.
- Token of Power lost 944.2 WETH, worth around $1.58 million, from its TOP/WETH Balancer V1 pool.
- Blockaid describes the incident as a seize control attack, while Cyvers traces the attrition process to a Balancer rally.
- PeckShield data showed that the attacker later transferred the stolen funds to cryptocurrency mixer Tornado Cash.
The attack targeted the TOP/WETH Balancer V1 pool and drained 944.2 WETH.
The token exploit hits the Balancer pool
The symbol of power, also known as TOP, is ERC-20 token based on Ethereum. The project operates under a DAO called The Mask of Power. The project built TOP around the collective ownership of a specific MetaMask NFT. Its token also supports liquidity for the project’s market activity.
Cyvers said the attacker drained funds from the TOP/WETH Balancer V1 Pool. The pool held TOP and Ethereum tokens wrapped under a 50-50 structure. Wrapped Ethereum, or WETH, represents ETH in a token format used across DeFi.
The Balancer V1 pool acts as an automated trading vault for both assets. Blockaid described the incident as a “government capture attack.” Share X. PeckShield and Cyvers also posted alerts when transaction activity became visible on-chain.
On-chain companies reported a WETH loss of 944.2
On-chain intelligence firms said the attacker added a large number of TOP tokens to the pool. The attacker then exchanged those tokens for the pool’s real WETH reserves. This vulnerability drained 944.2 WETH, worth about $1.58 million at the time.
After draining, the pool had heavily diluted TOP codes. This incident left liquidity providers exposed to tokens with little market value. Additional project details about recovery, compensation, or next steps are still not available.
PeckShield data showed that the attacker later transferred the stolen funds to Tornado Cash. Tornado Cash is a cryptocurrency mixer that can make tracking funds more difficult. The move to Tornado Cash followed initial attrition from the Balancer pool. Security companies have not yet published a complete technical report on the incident.
The exploit comes after a separate breach of humanity protocol
The Token of Power incident came a day after another DeFi security breach was reported. As stated by crypto.news, Humanity Protocol Lost $36 million in user funds by hacking an employee’s laptop. The two incidents affected different projects and used different reported attack paths.
However, both cases caught the attention of blockchain security companies this week. The Humanity Protocol breach involved a digital identity project built on blockchain infrastructure. In contrast, the Power Token exploit is focused on the liquidity pool.
The TOP Project has not yet released a full review of the incident in the details provided. More information about the attacker’s path and potential response to the project is still pending. Blockaid, PickShield, and Cyvers continue to serve as the main cited sources for the incident. Their alerts identified the affected pool, estimated losses, and movement of funds.
