No Timelock, No Mercy: $1.58M WETH Drained In Token Of Power Governance Exploit

TL;DR

• TRM Labs says Token of Power was exploited for roughly $1.58 million in WETH.
• The attacker used a governance setup with no timelock to propose, vote, and execute in one block.
• Tornado Cash was used for funding and routing, but Tornado Cash itself was not hacked.

TRM Details A Governance Takeover

TRM Labs, a company specializing in blockchain analysis, has reported that the Token of Power protocol was hacked through a governance exploit, resulting in the theft of around $1.58 million worth of WETH.

TRM’s investigation revealed the attacker took advantage of a flaw in how the protocol’s Aragon DAO was configured – specifically, it didn’t have a timelock feature. This allowed them to quickly propose a harmful change, vote on it, and put it into effect all within the same block.

The attacker financed the operation by taking 662 ETH from Tornado Cash. They then bought enough TOP tokens to control voting decisions, created an additional 10 billion TOP tokens, and exchanged those for WETH using a Balancer pool. Finally, they sent the funds back through Tornado Cash.

Why Timelocks Matter

This situation perfectly illustrates how the way a system is governed can actually create security problems. While letting token holders vote might seem like a decentralized approach, it can be exploited if someone with bad intentions quickly gains enough voting power to make changes immediately. This turns the governance system itself into a potential target for attacks.

Timelocks create a waiting period after a proposal is voted on, giving everyone involved – users, developers, and security experts – time to review things and respond. This prevents malicious proposals from being instantly carried out before anyone has a chance to intervene and protect funds.

Why This Matters

This is a good reminder for people using DeFi that the risks aren’t just about errors in the code itself. How a project is governed – things like voting rules and how funds are managed – are equally important to consider.

This also shows how mixers and liquidity pools can be used in connection with a security breach without becoming the target themselves.

What To Watch Next

As an analyst, I’m now focused on tracking if the stolen funds are moved from their current location. I’m also watching for any announcements from Aragon, or the liquidity providers who were impacted, regarding how they plan to address and fix this situation.

The article must not say Tornado Cash itself was hacked.

Market Context

According to Bitcoinist, the crypto world is changing. While quick profits still matter, things like strong foundations, security, how projects are run, and what a token actually *does* are becoming equally important. Investors are paying attention to price movements as usual, but they’re also digging deeper to understand the technology, potential dangers, and new features driving those changes.

Instead of exaggerating recent changes, it’s more helpful to explain why they matter for everyday cryptocurrency discussions. Increasingly, the most important crypto news comes from things like updates to how blockchains work, official announcements, security findings, legal documents, and actual transaction data – not just repeated opinions.

When reporting on this crypto news, it’s important to remain realistic. While the source confirms a positive development, its actual impact will depend on how widely it’s used, any additional information released, and what we see happening on the blockchain. This approach keeps our reporting helpful and avoids exaggeration or speculation.

This story is newsworthy because it reflects what’s happening in the wider crypto world, not just a fleeting trend. The best approach is to stick to confirmed facts, clearly explain any potential risks or benefits, and allow for further reporting as more official information becomes available.

This report is based on information from TRM Labs’ on-chain security report.

Read More

• Crypto Exchange Bullish Shares Make a Splash: $102 Debut Beats IPO Price by a Mile!
• Bitcoin Spectacle: Strive buys 2,500 BTC as markets sigh
• Why Two Chinas Are Playing Games With Crypto Like It’s Monopoly 😱
• Crypto Drama: EDGE Token Plummets, ZachXBT Calls BS on Insider Shenanigans
• Bitcoin’s Gonna Crash? Maybe. Who Cares? Buy the Dip, You Coward!
• USD CNY PREDICTION
• USD RUB PREDICTION
• USD BRL PREDICTION
• EUR PHP PREDICTION
• CNY RUB PREDICTION

2026-06-14 17:12