A remarkable attack attempt targeting decentralized governance systems in the cryptocurrency market has come to light.
An incident involving a DAO (decentralized autonomous organization) voting manipulation targeting the Moonwell (WELL) protocol, using a low-cost token, was detected, aiming to seize approximately $1 million in funds.
A discussion launched today on the Moonriver network, and still active, revealed that an attacker attempted to gain critical administrative control with only about $1,800 worth of transactions. The vote is expected to end on March 27th.
According to the report, the attacker purchased 40.17 million MFAM tokens for approximately 1,600 MOVR on the SolarBeam decentralized exchange. This transaction is equivalent to approximately $1,808 at current prices. The attacker then allegedly created a fraudulent governance proposal and managed to secure a sufficient majority vote in just 11 minutes.
The proposal, titled “MIP-R39: Protocol Recovery – Managerial Transfer,” is said to be a imitation of proposal #73, which is actually a legitimate proposal. If accepted, the management of the protocol’s seven different lending markets, including all critical control mechanisms such as the Comptroller and Oracle, would be transferred to the attacker’s contract. This would allow the attacker to drain all funds from the system.
According to current voting data, the proposal received 41.57 million “yes” votes, with no “no” votes. This surpasses the 40 million quorum (minimum participation) threshold. The protocol states that the potential amount of funds that could be released is approximately $1.08 million.
On the other hand, it is stated that the “cancel” mechanism in the current system is insufficient to stop this proposal, and the only effective defense methods are reversing the vote or activating the 2/3 multi-signature (multisig) structure called “Break Glass Guardian”. This mechanism has the power to bypass the timelock and neutralize the attack.
*This is not investment advice.
