Token Of Power Governance Exploit Drains $1.58 Million In WETH, TRM Says

TL;DR

• TRM Labs says Token of Power was exploited for roughly $1.58 million in WETH.
• The attacker used a governance setup with no timelock to propose, vote, and execute in one block.
• Tornado Cash was used for funding and routing, but Tornado Cash itself was not hacked.

TRM Details A Governance Takeover

Blockchain intelligence firm TRM Labs has detailed a governance takeover exploit against the Token of Power protocol that drained approximately $1.58 million in WETH.

According to TRM’s analysis, the attacker exploited a weakness in the protocol’s Aragon DAO setup: the absence of a timelock. That allowed the attacker to propose, vote on, and execute a malicious governance action in a single block.

The attacker reportedly funded the operation with 662 ETH withdrawn from Tornado Cash, purchased enough TOP tokens to gain majority voting power, minted 10 billion new TOP, and swapped those tokens for WETH through a Balancer pool before routing funds back through Tornado Cash.

Why Timelocks Matter

The exploit is a clear example of how governance design can become a direct security risk. Token voting can look decentralized on paper, but if a malicious actor can quickly buy voting power and execute changes without delay, the governance system can become an attack surface.

Timelocks are meant to give users, developers, and security teams time to react before a proposal becomes executable. Without that delay, a hostile vote can become a drain before anyone can stop it.

Why This Matters

For DeFi users, the story is a reminder that smart-contract risk is not limited to code bugs. Governance parameters, treasury controls, and voting thresholds can be just as important.

It also highlights how mixers and liquidity pools can be used around an exploit without being the exploited protocol themselves.

What To Watch Next

The next thing to watch is whether stolen funds move again and whether the protocol, Aragon, or affected liquidity providers publish further remediation details.

The article must not say Tornado Cash itself was hacked.

Market Context

For Bitcoinist, the story sits inside a wider shift in crypto where infrastructure, security, governance, and token utility are becoming just as important as short-term price action. Traders still care about momentum, but they also need to understand the systems, risks, and product changes behind the headlines.

The useful angle is not to overstate the development, but to explain why it belongs in the daily market conversation. Strong crypto stories increasingly come from protocol updates, official notices, security reports, court records, and on-chain data rather than recycled commentary alone.

The editorial takeaway should stay grounded: the source confirms a meaningful crypto development, but the implications depend on adoption, follow-up disclosures, or further on-chain evidence. That balance keeps the piece useful without leaning on hype or unsupported claims.

From an editorial standpoint, this makes the story worth covering as part of the day’s broader crypto operating environment rather than as a standalone hype cycle. The strongest version of the piece should stay close to the verified source, explain the practical risk or opportunity, and leave room for follow-up once more official data, filings, or project statements are available.

This report is based on information from TRM Labs’ on-chain security report.