Cyberraiding in Blockchain

26 Jan 2024

Governance attacks in web3 and blockchain: risks and security strategies

The topic of blockchain security is an integral part of our blog and entire website. As we continue to delve deeper into decentralized technologies, we see a new frontline in cybersecurity stands out in the form of governance attacks, highlighting the need to protect against them. 

In this article, we look at the risks associated with governance attacks and offer actionable solutions to prevent this type of attack.

What are governance attacks?

hacker silhouette

Governance attacks are a form of cyber threat that targets the underlying governance mechanisms of decentralized systems such as blockchain. To understand the nature of these attacks, let’s understand governance and how it can be manipulated.

Governance in the context of cryptocurrency and blockchain projects is a governance system that allows participants in a network to make collective decisions regarding changes to protocols, parameters, and other key aspects. This process is typically carried out by network participants using tokens, by voting for change proposals.

A governance attack aims to change the decisions made in the voting process in order to win control or benefit through manipulation. Such a method can include a variety of tactics, such as:

  • Manipulation of voting. An attacker can use funds to purchase additional tokens and increase their influence on voting, even if it is against the interests of the community.
  • Forced protocol changes. An attacker may seek to force changes to the protocol for their own benefit or to disrupt the functionality of the network.
  • Influencing decision making. Governance attacks can also involve a variety of manipulations and influences aimed at decision making. This includes influencing community opinion through media campaigns or influential participants.

Real-life examples of governance attacks

An example of a governance attack is the incident with Beanstalk, a decentralized finance (DeFi) project. The hack was carried out using a flash loan. A hacker borrowed $1 billion dollars, gaining control of 67% of the project’s shares, which allowed him to transfer the funds to his wallet. He then repaid the loan and fled. The whole process took only 13 seconds. The hacker managed to steal 182 million dollars.

Another prominent example is the recent KyberSwap incident. This multi-chain DEX aggregator was hacked in late November 2023. This resulted in a loss of about $47 million across several networks including Arbitrum, Optimism, Ethereum, Polygon and Binance Smart Chain, and a 90% drop in the total value of blockchain funds. During the incident, the hacker attacked KyberSwap’s Elastic pool, and expressed his demands – the transfer of all the company’s assets and full control of the project. Continuing his set of demands, the hacker stated that the executives should leave the company and would be offered a fair payout and assistance in finding a new job. In addition, the hacker expressed his intention to double the salaries of all current employees of the organization. This incident is characterized as a governance attacks because the attacker targeted not only systems and data, but also management structures in an effort to change the ownership and control structure of the KyberSwap project.

These and other incidents underscore the need for strict security protocols in DeFi platforms, especially in the management and implementation of smart contracts.

Risks and consequences

damaged coin

Governance attacks pose serious threats to decentralized projects, with a number of negative consequences. 

First, even small such attacks can lead to a loss of trust on the part of participants, as voting and decision-making processes become susceptible to manipulation. When project governance becomes subject to external influences, there is a risk of losing transparency and fairness in the eyes of participants.

Second, governance attacks can lead to direct financial losses. Unwanted changes in the protocol initiated by the attack can reduce the value of the project’s tokens, negatively impacting the financial stability and capitalization of the project. This could lead to serious financial losses for investors and participants.

Third, a threat to the stability of the protocol. Disruption of the decision-making and management of the system can cause chaos in its functioning. This, in turn, can slow project development, create inconsistency within the community, and even undermine the basic principles of decentralization and self-governance that are fundamental to many blockchain projects. 

Understanding the risks and following precautions becomes critical to ensure the sustainability and robustness of decentralized governance systems.

In the following sections of the article, we will examine typical signs of governance attacks, methods of prevention, and practical advice to ensure security in the context of voting and protocol management.

Typical signs of a governance attack


Governance attacks, like any type of cyber threat, have certain signs that can help identify and prevent such events. 

Familiarizing yourself with the following typical signs can serve as an effective tool in the early detection of governance attacks:

1. Abrupt changes in token ownership

Sign – sudden increase in token ownership of some specific address.

Explanation – attackers may increase their influence by acquiring more tokens to manipulate voting.

2. Mass Changes in Voting

Sign – sudden mass changes in votes in specific elections.

Explanation – attackers may attempt to manipulate the outcome of votes by encouraging a large number of tokens to support their proposals.

3. Increased activity of addresses

Sign – a sharp increase in the activity of certain addresses in the voting system.

Explanation – attackers may actively use several addresses to increase their influence.

4. Specific proposals with very high ratings

Sign – proposals that have received unusually high support.

Explanation – attackers may propose changes favorable to them and manipulate the voting system to pass them successfully.

5. Unusual network activity

Sign – protocol activities that consist of a noticeable change or unusual transactions and interactions.

Explanation – attackers may perform additional transactions and interactions to mask their actions.

6. Anomalies in code updates

Sign – sudden changes in protocol code or sentences that are out of the norm.

Explanation – attackers may propose changes to improve their position through manipulation.

Preventing governance attacks and practical security guidelines


As part of system security and preventing governance attacks, we recommend that you adhere to the following measures, provided you have carefully and intelligently designed your project’s tokenomics if it is foreseen in your project. 

One of the primary measures to mitigate the risk of governance attacks is the use of multi-signature voting mechanisms. Such mechanisms are an effective way to mitigate the risk of governance attacks. Implementing this method makes it more difficult for potential attackers who seek to manipulate voting with a large number of tokens.

The next effective method of preventing governance attacks is to set limits on the number of tokens used for a single vote or proposal. This measure prevents individual participants from massively affecting the system.

Regular analysis of voting and token ownership, using machine learning algorithms, is an important element of security. With this approach, it is possible to detect anomalies and suspicious changes in voting and address activity, contributing to the early detection of threats.

The next important security measure is providing regular educational events and informational materials. Educating community members increases their awareness and ability to identify potential threats.

Improving the proposal process by providing more detailed and understandable submissions promotes transparency and ease of evaluation by all participants. This reduces the likelihood of technically complex proposals masquerading as routine updates.

Introducing waiting periods before proposals are accepted and adding more thorough reviews help create a barrier to quick and ill-considered changes. This gives participants ample time to thoroughly discuss and think about proposed changes.

Equally important, the development of alert systems to promptly detect unusual events and the maintenance of detailed voting logs are key elements of security. These tools ensure prompt response to potential threats and provide information for post-event analysis.

A final recommendation is regular security audits of code and management processes. This measure plays an important role in preventing potential exploits and provides an additional layer of system protection.

Implementing the above recommendations together can significantly improve the security level of protocols and projects based on decentralized technologies.

Follow the latest news and updates on our blog and subscribe to our social networks to stay up-to-date and ready for new challenges.

If you have any questions about Web3 and blockchain security, please contact us for a free consultation.

Other posts

Cybersecurity program with your own hands
Anonymous cryptocurrencies and crypto mixers: ethics and legality