Yam Finance启示:治理攻击是否会推动去中心化治理进一步发展?
TechFlow Selected TechFlow Selected
Yam Finance启示:治理攻击是否会推动去中心化治理进一步发展?
Due to the widespread adoption of decentralized governance in DeFi protocols, governance attacks have become one of the primary methods for hackers to profit on-chain.
Navigating Web3 tides with focused insightsWritten by: Morty, TechFlow
Yesterday, Yam Finance successfully prevented a governance attack targeting its reserve treasury. In this attempted attack, the attacker covertly submitted a malicious governance proposal via insider trading. The proposal included an unverified contract designed to ultimately transfer Yam’s protocol funds to the attacker’s wallet. If successful, Yam Finance would have lost $3.1 million.
The method used by the attacker is a common one—governance attacks. Due to the widespread use of decentralized governance in DeFi protocols, such attacks have become one of the primary ways hackers profit on-chain.
Blockchain's philosophy is "Code is Law," which leads to strong reliance on on-chain governance. The most straightforward approach is to assign governance weight based on token holdings—the more tokens held, the greater the voting power. Token holders can then participate in proposing and voting on governance matters, which may vary in complexity and directly impact the protocol’s operation and development once approved.
At first glance, this model aligns with token holders' interests: the more tokens one holds, the less incentive they have to propose or vote for actions that harm their own investment. However, for DeFi protocols with high value locked, as long as the cost of attack is lower than the potential profit, attackers will be incentivized to try. During the LUNA/UST collapse, Terra halted block production to prevent potential low-cost governance attacks amid massive LUNA minting.
Beyond failed attempts like Yam Finance’s case, there have been numerous successful governance attacks. For example, on February 15 this year, Build Finance suffered a governance attack where the attacker profited by inflating the token supply. After the attack succeeded, the attacker gained full control over the governance contract, minting keys, and the treasury. Following the incident, the Build Finance token lost all value, effectively dropping to zero.
Besides acquiring large amounts of tokens, hackers also increase the likelihood of proposal passage by flooding the system with proposals at a specific time or disguising malicious proposals as legitimate governance initiatives.
Last Christmas, Mirror, a synthetic assets protocol on the Terra blockchain, faced a severe test. The attacker meticulously prepared to maximize the chance of passing their proposal, aiming to steal MIR tokens worth $38 million, through four key tactics:
-
The attacker amassed hundreds of thousands of dollars worth of MIR tokens;
-
The attack was timed during Christmas, when most token holders were focused on holiday activities rather than monitoring on-chain activity;
-
The proposal was disguised as a "deep collaboration with Solana";
-
Multiple proposals were submitted simultaneously to create confusion and slip the malicious one through.
Regarding this, MakerDAO founder Rune Christensen stated, "Currently, DAOs face a fundamental 'game theory problem'—issues like governance attacks. Simply put, if someone gains control of the majority of voting shares, such as in DeFi, they could directly steal all assets within the protocol."
This is one concern; another widespread issue is investor skepticism about the intrinsic value of governance tokens. For most DeFi protocols, using token quantity as a simple proxy for governance power is a shortcut, and many protocols show little innovation in governance, mostly forking prior models. That said, there are innovators—Curve introduced the veToken governance model, AC built upon it with veNFT, and Layer2 Optimism is implementing governance layering through its native OP token.
The greatest concern is that as we enter a bear market cycle, declining token values reduce the cost of attacks, potentially leading to a sharp rise in governance attacks. Amid rising risks, developers and project teams will likely be pushed to rethink governance mechanisms, explore the full potential of tokens in governance, and introduce more innovative token-based governance models.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
