Moonwell fights a hostile takeover governance vote

Moonwell battles a hostile takeover governance vote as the protocol is under active governance attack

ContentsLow-cost attack targets million-dollar assetsCommunity pushes back against malicious proposalDefense options and broader risksA small capital outlay was used to gain control of major contracts by an unknown actor. The move has led to panic moves by the community to safeguard user money.

Low-cost attack targets million-dollar assets

The attack had started on March 24 when the attacker used 40.17 million MFAM tokens to purchase a wallet and purchase 40.17 million MFAM tokens. It cost approximately 1,600 MOVR, which cost 1,808 during purchase. This was sufficient voting power to achieve a protocol quorum by the attacker.

The assailant then made Proposal #74 under the title MIP-R39. The offer aimed at giving up administrative control to an evil contract. This contract supposedly had logic that was meant to drain funds out of the protocol.

The attacker surpassed the 40 million MFAM quorum that they needed at the snapshot block. This made it possible for the proposal to qualify to vote regardless of its purpose. The attack could have paid back almost 597 times the original price.

The targeted assets are seven lending markets, and their total value is approximately $1.08 million. Security researchers observed that the proposal contained specific steps of direct execution to take funds away.

Community pushes back against malicious proposal

The community of Moonwell was fast in responding to the threat. According to the data on voting, more than 66.7% of the participants do not support the proposal. This is a great resistance, indicating that the attack might not succeed in the case of momentum.

The closeness of the vote will be on March 27 at 10.28 UTC. This gives little time to spare on votes and defence. The leaders in the community have advised voters not to be naive and not to follow vague suggestions.

Snapshot of the Moonwell vote. Source: Moonwell governance forum

The proposer has been asked by the governor to lead at Moonwell for this purpose. The request also contains a technical outline of the suggested changes. The attacker has not yet given any reply.

It has also been recommended that users wait until they get clear information before placing their votes. One of the issues that is of concern in this process is transparency.

Defense options and broader risks

Blockful’s security platform presented two primary approaches to combating the attack. The former one is to add more votes against the proposal before the deadline. Nonetheless, the voting power was capped at the snapshot, restricting the new token’s impact.

One of the key holders is said to have 48.8 million staked MFAM tokens. Only one of these positions can kill this proposal when exercised.

The second alternative is to switch on the Break Glass Guardian system. This mechanism involves the use of a multisig wallet to override governance decisions. It can regain authority over the authorized speech and prevent rogue execution.

Should the proposal be passed, the attacker would enact the execution on March 27. This would be followed by a 24-hour time lock which would permit possible withdrawal of funds on March 28.

This is an event that demonstrates the existence of the constant threat of decentralized governance. In the past, major losses have been experienced as a result of similar attacks. In April 2022, the Beanstalk protocol suffered a governance exploit of $181 million

In 2024, there was another case of a contentious treasury proposal at Compound Finance. The future of Moonwell is now subject to the early intervention of the community and security.