Focused guide

DAO Governance Takeover Scams via Cryptocurrency

Attackers accumulate governance tokens or exploit flash-loan voting power to pass malicious proposals that drain a DAO's treasury or modify protocol parameters in their favor.

Part of: DAO Governance Takeover Scams

Last reviewed: 8 June 2026

Decentralized Autonomous Organizations use on-chain governance tokens to give community members voting power over protocol decisions. This democratic design has a structural vulnerability: any entity that accumulates sufficient voting power, whether through legitimate purchase or flash-loan-enabled borrowing, can pass proposals that benefit themselves at the expense of the broader community.

Governance attacks may be purely financial - draining a treasury in a single transaction - or more subtle, such as modifying fee parameters or introducing malicious contracts. The irreversible nature of blockchain execution means a successful governance attack can wipe out years of protocol value in minutes.

How this scam works on cryptocurrency

A governance attacker may spend weeks accumulating tokens at market price, disguising their accumulation to avoid alerting the community. When they hold near-majority voting power, they submit a governance proposal that appears routine but contains a hidden treasury-drain or parameter modification. Taking advantage of low community participation in voting, the proposal passes.

Alternatively, a flash-loan governance attack borrows governance tokens within a single transaction, casts decisive votes on an active proposal, and repays the loan - all before the block is finalized. Some protocols have guarded against this by requiring tokens to be held for a minimum period before voting rights activate, but not all do.

Common red flags

A single wallet or coordinated group accumulates a large governance token position rapidly
A governance proposal contains contract-level calls that are not explained in accessible language
Proposal discussion period is unusually short or the vote is scheduled during a period of low community engagement
Treasury allocation in a proposal goes to newly created or unverified wallet addresses
Protocol has no time-lock between vote passage and proposal execution
Token voting power is not based on time-weighted balances, leaving flash-loan attacks possible
Community forum threads questioning the proposal are dismissed or downvoted aggressively

How to protect yourself

Actively participate in governance votes for protocols you have deposited funds into
Delegate your voting power to trusted community representatives if you cannot vote directly
Advocate for time-locks between proposal passage and execution in any protocol you participate in
Support governance frameworks that require minimum holding periods before voting rights activate
Monitor governance forums and on-chain proposal activity for unusual activity
Reduce exposure to protocols with concentrated governance token distribution and no anti-capture mechanisms

How to report it

Alert the DAO community immediately through official governance forums if you detect a suspicious proposal
Report to the SEC at sec.gov/tcr if the governance token may constitute a security
File a report with the IC3 at ic3.gov if funds are lost to a governance attack
Engage DeFi security research communities to document and publicize the attack vector

Frequently asked questions

Can a DAO recover from a governance takeover?

Some DAOs have emergency pause mechanisms or community-controlled multisig wallets that can halt malicious execution. Recovery depends heavily on the protocol's specific design and how quickly the community responds.

What is a governance time-lock?

A time-lock introduces a mandatory delay between when a governance vote passes and when it can be executed. This gives community members time to detect and respond to malicious proposals before they take effect.

Are all DAO governance attacks flash-loan attacks?

No. Many governance attacks involve slower accumulation of real voting power over time. Flash-loan attacks are possible where protocols do not require holding tokens for a minimum period before voting.

How this scam works on cryptocurrency

Common red flags

A single wallet or coordinated group accumulates a large governance token position rapidly

A governance proposal contains contract-level calls that are not explained in accessible language

Proposal discussion period is unusually short or the vote is scheduled during a period of low community engagement

Treasury allocation in a proposal goes to newly created or unverified wallet addresses

Protocol has no time-lock between vote passage and proposal execution

Token voting power is not based on time-weighted balances, leaving flash-loan attacks possible

Community forum threads questioning the proposal are dismissed or downvoted aggressively

How to protect yourself

Actively participate in governance votes for protocols you have deposited funds into

Delegate your voting power to trusted community representatives if you cannot vote directly

Advocate for time-locks between proposal passage and execution in any protocol you participate in

Support governance frameworks that require minimum holding periods before voting rights activate

Monitor governance forums and on-chain proposal activity for unusual activity

Reduce exposure to protocols with concentrated governance token distribution and no anti-capture mechanisms

How to report it

Alert the DAO community immediately through official governance forums if you detect a suspicious proposal

Report to the SEC at sec.gov/tcr if the governance token may constitute a security

File a report with the IC3 at ic3.gov if funds are lost to a governance attack

Engage DeFi security research communities to document and publicize the attack vector

Frequently asked questions

Can a DAO recover from a governance takeover?

What is a governance time-lock?

Are all DAO governance attacks flash-loan attacks?