Token Of Power Pool Drained For $1.58M In Tornado Cash-Linked Transaction

Token of Power ($TOP) became the latest DeFi security incident on Tuesday after a suspicious transaction drained about $1.58 million from the TOP/WETH Balancer V1 pool.

The PeckShield alert linked the transaction to an address funded through Tornado Cash. After the pool was drained, the stolen assets were also deposited into Tornado Cash, complicating public tracing of the funds.

The incident appears to have targeted the liquidity pool rather than normal user wallets. The available alert did not identify a confirmed root cause, so the exploit path should remain framed as monitor-flagged until a project statement, transaction breakdown or postmortem confirms how the pool was drained.

Token of Power is listed on Ethereum as an ERC-20 token tied to The Mask of Power, a DAO formed around collective ownership of a MetaMask NFT and liquidity generated through its own token structure. The TOP token contract shows a maximum total supply above 10 billion tokens and limited holder distribution.

Why The Balancer V1 Pool Detail Matters

The affected market was identified as a TOP/WETH pool on Balancer V1. Balancer’s older V1 system allowed liquidity pools with custom token weights and automated rebalancing, a design that made it useful for flexible liquidity creation but also left individual pools dependent on their own token behavior, configuration and liquidity depth.

The incident does not automatically mean Balancer’s wider protocol was compromised. In DeFi, a pool-level attack can involve token mechanics, pool settings, pricing assumptions, liquidity concentration, contract permissions, oracle behavior or transaction sequencing. Without a confirmed technical analysis, the cleaner framing is that the TOP/WETH Balancer V1 pool was drained through a malicious transaction flagged by security monitors.

That distinction is important because older liquidity pools often remain live long after a token’s peak activity fades. Thin liquidity, outdated configurations and limited active monitoring can make smaller pools attractive targets, especially when attackers can route proceeds through privacy tools shortly after the transaction.

Tornado Cash Routing Complicates Recovery

Tornado Cash involvement adds another layer to the incident. The attacker address was reportedly funded through the mixer, and the drained assets were later sent back into Tornado Cash. That pattern is common in laundering attempts because it breaks the direct link between the funding wallet, exploit transaction and final withdrawal address.

The routing does not identify who carried out the attack, but it reduces the chance of simple recovery unless investigators can link deposits, timing, withdrawal patterns, exchange movements or off-chain infrastructure. It also places the incident inside a wider pattern of DeFi thefts where attackers move quickly from exploit execution to obfuscation.

Crypto security teams have faced the same pressure across larger incidents. DPRK-linked theft concerns have kept wallet, exchange and DeFi monitoring at the center of enforcement discussions, while North Korea-linked crypto hack losses have shown how quickly stolen funds can become a sanctions and laundering issue. Separate wallet-theft campaigns, including fake crypto job interview malware, have also widened the industry’s threat model beyond smart contracts alone.