DeFi Project Token of Power Liquidity Pool Hacked, Loss of $1.58 Million
The Token of Power (TOP) liquidity pool was attacked, with a malicious transaction executed by an address funded through Tornado Cash, transferring funds from the Balancer V1 TOP/WETH pool.
The attacker exploited a governance vulnerability to mint a large number of new TOP tokens and exchanged them for assets. The stolen funds were subsequently transferred back to Tornado Cash for mixing, resulting in a loss of approximately $1.58 million.
In market mechanics, the hacker quickly cashed out using privacy mixing tools and governance configuration flaws, with funds flowing from the TOP/WETH pool to the attacker's wallet and concealing their traces. The beneficiaries were skilled hackers executing precise governance attacks, while the victims were low liquidity DeFi project LPs and the trust in the protocol's security.
Source: Public Information
ABAB AI Insight
Token of Power previously placed nearly all of its circulating supply in a single Balancer V1 pool as a low-supply token. This attack continues the common vulnerability pattern in DeFi governance and liquidity pools, where the attacker first injected a small amount of WETH through Tornado Cash to gain sufficient voting power, then exploited an Aragon DAO configuration flaw to mint a massive amount of new tokens.
In terms of capital pathways, the hacker utilized mixing services and flash loans/governance manipulation resources to convert a low-cost entry into a real gain of $1.58 million. This incident exposes the weaknesses of small projects in auditing and timelock mechanisms, prompting security funds and insurance protocols to increase coverage for similar pools.
Similar to past large hacking incidents like Ronin Bridge and Harmony Horizon that involved money laundering through mixing, Token of Power is currently in a control phase transitioning DeFi governance security from lax deployment to strict auditing, highlighting the high-risk exposure of low market cap projects.
Essentially, this represents a shift in technical alternatives and regulatory changes: the Tornado Cash + governance minting combination directly replaces traditional theft pathways, achieving rapid capital extraction through privacy tools and smart contract vulnerabilities, accelerating the concentration of DeFi funds from weak security protocols to highly audited platforms and reshaping the trust structure of liquidity pools and DAO governance.
ABAB News · Cognitive Law
The more concentrated the liquidity, the more deadly the governance vulnerabilities become.
The stronger the privacy tools, the more concealed the hacker's exit paths.
In the absence of audits, small projects become amplifiers of large risks.