A remarkable attack on decentralized governance systems in the cryptocurrency market has come to light. The incident involved a DAO (decentralized autonomous organization) voting manipulation targeting the Moonwell (WELL) protocol, using a low-cost token, with the aim of seizing approximately $1 million in funds. The vote is expected to end on March 27th.
According to the report, the attacker purchased 40.17 million MFAM tokens for approximately 1,600 MOVR on the SolarBeam decentralized exchange. This transaction is equivalent to approximately $1,808 at current prices.
The attacker then allegedly created a fraudulent governance proposal and managed to secure a sufficient majority vote in just 11 minutes. The proposal, titled “MIP-R39: Protocol Recovery – Managerial Transfer,” is said to be an imitation of proposal #73, which is actually a legitimate proposal. If accepted, the management of the protocol’s seven different lending markets, including all critical control mechanisms such as the Comptroller and Oracle, would be transferred to the attacker’s contract. This would allow the attacker to drain all funds from the system.
According to current voting data, the proposal received 41.57 million ‘yes’ votes, with no ‘no’ votes. This surpasses the 40 million quorum (minimum participation) threshold. The protocol states that the potential amount of funds that could be released is approximately $1.08 million. The only effective defense methods are reversing the vote or activating the 2/3 multisignature (multisig) structure called “Break Glass Guardian,” a mechanism able to bypass the timelock and neutralize the attack.
Leave a Reply