Security Breach of Token of Power (TOP)
On Tuesday, the Token of Power (TOP) project faced a significant security breach that resulted in the theft of over $1.5 million from its liquidity pool. Various blockchain intelligence companies, including Blockaid, PeckShield, and Cyvers, highlighted the incident on social media, revealing that it specifically targeted the TOP/WETH Balancer V1 Pool, which suffered a loss of approximately 944.2 Wrapped Ethereum (WETH).
About Token of Power
Token of Power, an Ethereum-based ERC-20 token, operates under a decentralized autonomous organization (DAO) called The Mask of Power, which is designed to facilitate collective ownership tied to specific NFTs on MetaMask. Its token structure also plays a crucial role in providing liquidity for market activities related to this innovative project.
The Attack
The attack, characterized by Blockaid as a “governance-takeover attack,” involved the attacker first introducing a large quantity of TOP tokens into the pool and then swapping those for the real WETH reserves held in the Balancer system. This clever manipulation led to the drain of 944.2 WETH, valued at roughly $1.58 million based on market rates at that time. Following the exploit, the liquidity pool was left with heavily diluted TOP tokens, significantly diminishing their market value and exposing liquidity providers to considerable risk.
Aftermath and Investigation
After the theft occurred, the stolen funds were funneled into Tornado Cash, a well-known cryptocurrency mixer, complicating efforts to trace the illicit activity. As of now, the Token of Power team has not released detailed plans regarding recovery or compensation efforts, nor have they disclosed further steps moving forward.
This incident follows closely on the heels of another security breach within the decentralized finance (DeFi) sector, where Humanity Protocol reportedly lost $36 million due to a security lapse involving an employee’s laptop. While the two events affected different projects and employed distinct methods of attack, they have garnered significant scrutiny from the blockchain security community this week.
As of now, the circumstances surrounding the Token of Power exploit remain unclear, with further investigation needed to unveil the attacker’s methods and potential recourses for the affected stakeholders. Key players like Blockaid, PeckShield, and Cyvers are continuing their investigations and will provide updates as more information becomes available.
