An attacker exploited Token of Power's Aragon DAO governance setup to mint 10 billion TOP tokens and drain roughly $1.58 million from a Balancer pool. Blockaid identified the incident as a governance-takeover attack rather than a smart-contract coding flaw. The Aragon Voting app had no timelock, allowing proposal creation, voting, and execution in one transaction.