Token of Power suffered an exploit on Tuesday that drained more than $1.5 million from its liquidity pool. On-chain firms Blockaid, PeckShield, and Cyvers flagged the incident in posts on X.
- Token of Power lost 944.2 WETH, worth about $1.58 million, from its TOP/WETH Balancer V1 pool.
- Blockaid described the incident as a governance-takeover attack, while Cyvers traced the drain to the Balancer pool.
- PeckShield data showed the attacker later moved stolen funds into the Tornado Cash crypto mixer.
The attack targeted the TOP/WETH Balancer V1 Pool and drained 944.2 WETH.
TOP token exploit hits Balancer pool
Token of Power, also known as TOP, is an Ethereum-based ERC-20 token. The project operates under a DAO called The Mask of Power. The project built TOP around collective ownership of a specific MetaMask NFT. Its token also supported liquidity for the project’s market activity.
Cyvers said the attacker drained funds from the TOP/WETH Balancer V1 Pool. The pool held TOP tokens and Wrapped Ethereum under a 50-50 structure. Wrapped Ethereum, or WETH, represents ETH in a token format used across DeFi.
The Balancer V1 pool functioned as an automated trading vault for both assets. Blockaid described the incident as a “governance-takeover attack” in its X post. PeckShield and Cyvers also published alerts as the transaction activity became visible on-chain.
On-chain firms report 944.2 WETH loss
On-chain intelligence firms said the attacker added a large number of TOP tokens into the pool. The attacker then swapped those tokens against the pool’s real WETH reserves. The exploit drained 944.2 WETH, worth about $1.58 million at the time.
After the drain, the pool held heavily diluted TOP tokens. The incident left liquidity providers exposed to tokens with little market value. Further project details on recovery, compensation, or next steps remain unavailable.
PeckShield data showed the attacker later moved stolen funds into Tornado Cash. Tornado Cash is a crypto mixer that can make tracing funds more difficult. The movement to Tornado Cash followed the initial drain from the Balancer pool. Security firms have not yet published a complete technical report on the incident.
Exploit follows separate Humanity Protocol breach
The Token of Power incident came one day after another reported DeFi security breach. As it was reported by crypto.news, Humanity Protocol lost $36 million in user funds through an employee’s laptop breach. The two incidents affected different projects and used different reported attack paths.
However, both cases drew attention from blockchain security firms this week. The Humanity Protocol breach involved a digital identity project built on blockchain infrastructure. In contrast, the Token of Power exploit centered on a liquidity pool.
The TOP project has not yet released a full incident review in the provided details. More information about the attacker’s route and possible project response remains pending. Blockaid, PeckShield, and Cyvers continue to serve as the main cited sources for the incident. Their alerts identified the affected pool, the estimated loss, and the fund movement.
