DAO Governance Attacks: What 2020-2025 Incidents Teach Founders

A Practical Guide for Executives Designing or Investing in DAOs

So, you’re gearing up to explore the world of DAOs (Decentralized Autonomous Organizations)--pretty thrilling, right? But before you dive in, let’s chat about some key lessons from the last few years (2020-2025). We’re going to look at what went wrong in some real-life situations, how attackers managed to steal funds, and what steps you can take to set up solid engineering and process controls to keep your organization safe.

What Went Wrong in Real Incidents

In the past few years, a number of DAOs have hit some bumps in the road, resulting in pretty big losses. Here’s a quick recap of a few of those incidents:

The Hack of DAO 1 (2020): A flaw in the smart contracts let some unauthorized withdrawals slip through, causing millions in losses.
The Scandal of DAO 2 (2021): Bad governance choices created opportunities for bad actors to take advantage of the system.
Token Failures in DAO 3 (2023): A botched token distribution resulted in a huge price drop, leaving investors in the lurch.

These incidents really show how important it is to prioritize security when you're putting together your DAO.

How Attackers Moved Money

Getting a grip on how attackers operate is crucial for stopping future incidents in their tracks. Let’s dive into their tactics:

Exploiting Smart Contract Flaws: Hackers really enjoyed finding vulnerabilities in the code, which let them siphon off funds.
Phishing Schemes: Others took advantage of human mistakes with phishing scams, fooling users into handing over their private keys.
Governance Manipulation: By gaining control over a majority of the voting power, some individuals were able to push through damaging proposals.

Mastering these strategies is key to strengthening your defenses.

Concrete Engineering and Process Controls

To keep your DAO safe and sound, think about using these reliable strategies:

Regular Audits: Get into the routine of having outside experts audit your smart contracts and systems. It's a smart move!
Bug Bounty Programs: Invite ethical hackers to poke around for vulnerabilities by offering them some sweet rewards for their findings.
Multi-Signature Wallets: Go for wallets that need multiple approvals before any withdrawals. It’s a great way to beef up your security!
Clear Governance Protocols: Set up straightforward and strong governance processes that keep shady characters from messing things up.
User Education: Make sure your team and investors are clued in on the risks and best practices to keep their assets safe and sound.

By implementing these measures, you're actively protecting your DAO and its community.

Conclusion

Diving into the DAO world can be an exciting adventure, but it's important to learn from any missteps you might encounter. By grasping what went wrong in the past, understanding how attackers think, and implementing the right safeguards, you can avoid common pitfalls and build a strong organization. Best of luck as you embark on your DAO journey!

Why this matters to decision‑makers

If there's a chance your product or treasury could be managed through token voting or a DAO, then governance is crucial for ensuring production security. It’s not just something nice to have for the community. The most expensive blunders we’ve witnessed lately weren’t related to reentrancy or bridge issues; they stemmed from the abuse of governance powers, which resulted in some seriously negative consequences.

But here's the good news: thanks to modern Governor frameworks, time-locks, optimistic execution, and some great voter-engagement tactics, you can really minimize these risks--and do it fast! For more details, take a look at (docs.openzeppelin.com).

Attack patterns we keep seeing (and why they work)

Flash-loan vote capture: This sneaky tactic involves borrowing voting power just long enough to get an on-chain proposal passed that pays the attacker, and then it's time to pay it back. It usually works when the voting power is measured right at that moment or when an emergency commit can skirt around the usual delays. (certik.com)
Malicious “lookalike” proposals: Picture this: someone clones a previously approved proposal but sneaks in a hidden function (think self-destruct or logic swap) that either grants votes or drains the treasury once it’s executed. Voters often trust the proposal’s description, but the underlying code tells a different story. (theblock.co)
Low-engagement drains: In those lazy DAOs where not much is happening, just one holder can meet quorum with their own tokens, slipping in a harmful payload among a bunch of harmless proposals. (blockworks.co)
Exchange/custody vote capture: Here, custodians temporarily use customer deposits to sway governance in delegated PoS systems, which can lead to some pretty heated forks. (coindesk.com)
“Governance as negotiation”: After an exploit goes down, attackers often push for on-chain votes that basically clean their slate or pay them off. With low turnout and some user pressure, communities can end up backing controversial “settlements.” (theblock.co)
Whale accumulation attacks: A small group can scoop up and delegate enough tokens to slip through a self-serving treasury proposal during weekends or holidays when turnout is usually pretty low. (theblock.co)

What the biggest cases taught us (2020-2025)

1) Steem 2020: exchange‑powered governance takeover -> community fork

Back in March 2020, some major exchanges decided to boost their customer STEEM holdings and voted to swap out Steem’s witnesses for an account backed by Justin Sun. The community didn’t sit around; they quickly forked off to create Hive just a few weeks later. This whole scenario really shows how exchange custody can mess with governance and lead to social recovery through forks. So, founders, take note--it's definitely something to consider when you’re thinking about the risks associated with custodied supply in your voting model. (cointelegraph.com)

2) Build Finance (Feb 2022): hostile DAO takeover by quorum and mint

An attacker managed to gather enough votes to seize control of the governance contract, minting over 1.1 million BUILD tokens. They then swooped in on the treasury and LP positions, effectively taking down the project--all without exploiting any bugs in the protocol. They simply played the governance system to their advantage. As a result, liquidity pools got drained, and the token's value crashed to nearly nothing. This whole mess really underscores why we need things like proposal thresholds, graduated quorums, and safeguarded mint authorities. (cryptoslate.com)

3) Beanstalk (Apr 2022): $182M via flash‑loan majority + emergency commit

The exploiter was able to borrow about $1 billion, seize a hefty amount of governance power, and, in just about 24 hours, rushed through BIP-18 using an emergency commit pathway. This quick maneuver drained the protocol and funneled funds through Tornado Cash. Even though the vote was technically "valid," the setup didn't have any safeguards against flash loans, and the emergency path bypassed the usual waiting periods.

To tackle these problems, we should roll out vote snapshots from earlier blocks, get rid of those emergency shortcuts, and add time-locks that come with veto and cancel powers. (coindesk.com)

4) Mirror (Dec 2021): spammed governance polls to drain community funds (thwarted)

Attackers hit Mirror Protocol’s on-chain governance with a wave of fake “security” polls aimed at misdirecting tens of millions in MIR to their own wallets. Thankfully, the community stayed alert and raised the alarm, thwarting their plan. This incident highlights how proposal spam and a confusing user experience can pose a real threat to the treasury. (cointelegraph.com)

5) Synthetify (Oct 2023, Solana): 10 nearly identical proposals, one drains the treasury

While the DAO was just chilling, an attacker managed to whip up ten proposals that were nearly carbon copies of each other. Nine of those were totally harmless, but the tenth one funneled about $230k straight to the attacker. By the time folks figured it out, the funds had already been shifted around, with some going through Tornado Cash. Anatoly Yakovenko from Solana put it pretty clearly: “Any DAO with pure token voting is just waiting to be attacked.” He’s advocating for the idea of paid veto councils that could actually keep an eye on proposals. It's pretty obvious that we need better oversight and some human failsafes to keep things in check. (blockworks.co)

6) Tornado Cash (May 2023): “identical” proposal with a twist hijacks governance

A clever proposal mimicked an earlier upgrade but cleverly slipped in a hidden feature. Once it got the thumbs up, the attacker magically generated about 1.2 million fake votes, took over the operation entirely, and made off with governance assets. A few days later, everything seemed to return to normal, but this incident highlights what we now refer to as “proposal logic swap” attacks. Before anything gets executed, it's super important to ask for complete bytecode diffs and independent simulation reports. (coindesk.com)

7) Indexed Finance DAO (Nov 2023): a $90K drain attempt defeated by attention

An attacker tried to get a self-paying proposal approved in a neglected DAO, but thanks to some sharp public eyes and quick reactions, it was stopped in its tracks. The key lesson here? Even those “dead” DAOs with some leftover cash can draw in some not-so-great attention. If you’re thinking about putting governance on pause, it’s smart to set up some wind-down protections and spending caps. (blockworks.co)

8) Mango Markets (Oct 2022-2025): exploit -> DAO “settlement” -> courtroom

After a wild market manipulation exploit that cost over $100 million, the culprit threw out a “deal” to the governance system: they would return some funds if they could hang onto about $47 million and avoid any legal fallout. To everyone’s surprise, Mango token holders gave it a thumbs up. But then the DAO tried to backtrack and kill the deal in court. Fast forward to 2025, and the legal battles are still dragging on, shining a light on how the “code-is-law” mantra can really clash with the actual legal world. This whole situation just proves that quick-fix crisis votes can’t really replace solid control measures. (theblock.co)

9) Compound (July 2024): weekend whale vote, proposal later withdrawn under pressure

“Proposal 289” was centered around moving around ~499k COMP, which is worth about $24-25M, from the treasury into an outside vault. It barely passed, thanks to a small group that managed to rally enough votes. Security experts quickly labeled it a governance attack, prompting the proposer to call it off and look for a different staking design. In the wake of this, the DAO decided to upgrade its governance contracts to the latest OpenZeppelin Governor, which comes packed with some upgraded safety features. It’s a great reminder to set those guardrails in place before your treasury starts looking too enticing. (theblock.co)

The root causes (recurring design and process gaps)

Voting power measured "now": This method allows for flash-loan voting, which is pretty cool! It pulls from historical checkpoints (ERC-20 Votes), so basically, your voting power reflects data from a previous block or time. You can check out more details here.
Emergency execution paths: When dealing with things like “emergencyCommit” or other similar workarounds, it’s super important to have strong control over who has authority, or even better, to set up a multi-party guardianship. And let’s not overlook the need for a higher quorum to keep everything safe. (certik.com)
No timelock or weak queueing: When actions can take place immediately after a vote, there’s hardly any time to carefully review those payloads. It’s a smart move to attach execution to a Timelock controller. (docs.openzeppelin.com)
Unbounded treasuries with single-chamber token voting: This setup might open the door for some weekend raids. One way to tackle this issue? Consider rolling out bicameral checks or emergency vetoes with well-defined scopes and expiration dates. (blockworks.co)
Lack of Proposal Clarity: When there’s no mandatory code diff, no simulation report, and the descriptions are pretty vague, it makes it way too simple for “lookalike” payloads to slip through unnoticed. (theblock.co)
Chronic voter apathy: Low quorums and easily obtainable tokens create the perfect storm for capture risk. We really need to focus on crafting incentives and setting thresholds that discourage any kind of attacks. Check out more on this over at theblock.co.

What to implement now: engineering controls that work

These controls really shine in today’s governance frameworks, so we always make it a point to include them by default when creating new DAOs.

Set up snapshot-based voting power and anti-flash-loan features

Use OpenZeppelin Governor alongside ERC-20 Votes checkpoints. This combo lets you measure voting power based on a snapshot from a previous block. Plus, adding a votingDelay helps lock in the snapshot before the actual voting starts. For more info, take a look here: (docs.openzeppelin.com)

2) Mandate Timelocks on All Successful Proposals

Instead of letting the Governor execute proposals directly, let's bring in a Timelock controller. This will introduce a bit of breathing room for reviewing or contesting proposals, making sure there's a minimum delay. Plus, it’s super important to keep those emergency powers in check by using multisig. For more info, dive into the details here: (docs.openzeppelin.com)

Stop last-minute quorum sniping

Enable GovernorPreventLateQuorum. With this setting activated, if a quorum is reached just before the deadline, it’ll automatically give everyone a little more time to vote. This way, the community gets a fair shot to weigh in. Check out the details here: (docs.openzeppelin.com)

4) Graduated Quorums and Proposal Thresholds

Let’s aim for a higher quorum and a super-majority when it comes to treasury transfers, minting tokens, or making tweaks to parameters. Additionally, we should establish a solid proposal threshold to ensure that only dedicated holders are able to submit proposals. Check out the details here: (docs.openzeppelin.com)

5) Bicameral or Delegated Checks

Mix token voting with a council or guardian that has the power to cancel actions, but only if certain conditions are met--like when there are payload mismatches, if there's a missing diff/sim, or for out-of-scope spending. This setup is a great way to ward off “lookalike” scams and weekend drains without relying on centralized control. For more info, you can take a look here.

6) Hard-limit treasury blast radius

Let’s keep the “core protocol” governance separate from how we handle treasury spending. We should set up a Safe with daily or weekly spending caps, and don’t forget to implement a multi-transaction approval process (a two-phase setup tends to work great). Also, having hot, warm, and cold treasuries is a smart move. If you’re involved with Snapshot-based DAOs, you might want to check out UMA’s oSnap for managing off-chain votes, which includes on-chain challenge periods and bonds. (docs.uma.xyz)

7) Push for payload transparency and simulation

Create a “proposal packet” that has an easy-to-understand spec, the bytecode changes compared to earlier proposals, and outputs from third-party simulations like Tenderly or anything similar. If the posted calldata hash doesn't match the reviewed payload, stop the execution. (theblock.co)

8) Go for ve-style or non-transferable voting for those sensitive controls

veToken models, such as veCRV, utilize time-locked and non-transferable voting power. This method significantly reduces the risk of borrowing and flash attacks. If you’re working with any votes that can move funds around, it's a good idea to consider lockups. For more info, take a look here.

9) Monitoring and alerting as top-notch features

Get some bots on your team to watch out for things like spammy proposals that seem identical, execution calls that happen at strange times, or governance decisions that blow past budget limits. Having public dashboards means voters can spring into action fast--think hours, not days. The Synthetify and Indexed incidents really highlight how keeping an eye on things can help stop theft. (blockworks.co)

10) Custody-Aware Governance

Watch out for how much your exchange and custody concentrations are weighing in; it could be worth considering leaving out custodied balances from certain votes or maybe even pushing for longer holding periods to qualify for voting rights. Just take a look at the Steem/Hive split--it’s a classic example of a tough lesson learned the hard way. (coindesk.com)

Optimistic execution with a challenge window: So, UMA’s oSnap v2 really simplifies the whole Snapshot to on-chain execution process. But here’s the cool part - anyone can challenge proposals they think are dodgy by putting up a bond. If someone contests a proposal, it just gets nixed. This system works beautifully when everyone plays nice, but you’ve got a safety net for when things go sideways. Want to dive deeper? Check it out here.
“Seatbelts” for governance: This is really about creating a pre-commit system that lays out clear kill-switch criteria, such as when there are payload mismatches, overspending issues, or if simulations are lacking. Being transparent is crucial, and with OpenZeppelin’s new Governor extensions--like ProposalGuardian, PreventLateQuorum, and SuperQuorum--you can achieve just that. Check out the full scoop here.
Proactive framework upgrades: Compound has a clear game plan for 2025, aiming to switch to the modern OpenZeppelin Governor. They’ve decided to hit the brakes on proposals during this transition, which honestly seems like a wise move--it's always better to upgrade before the treasury becomes a target for any coordinated governance takeovers. If you’re curious about their strategy, you can check it out here.
Human-in-the-loop attention: Yakovenko’s concept really resonates with EVM DAOs too. What if we brought in a small committee to monitor proposals and give out “go/no-go” reports during voting? It seems like a minor investment for some solid protection. Check out the full story here.

A 12‑point “ship checklist” for founders and enterprise sponsors

Before you put a dollar under DAO control:

Understand the DAO framework
Make sure you’ve got a solid grasp of what a DAO is and how it operates. It’s not just about throwing money in; you’ve got to know how the governance works, the decision-making processes, and your potential rights as a member.
Do your homework on the projects
Dive into the projects that the DAO is involved with. Check out their whitepapers, roadmaps, and community discussions. Make sure they align with your values and investment goals.
Check out the community
Join the conversations. Engage with the community on platforms like Discord or Telegram. A vibrant, active community is often a good sign that the DAO’s projects are in good hands.
Review the financials
Take a closer look at the DAO’s financial health. Understand how funds are managed and where they’re allocated. Transparency is key! If you can’t find clear info, that’s a red flag.
Assess the risks
Like any investment, there are risks involved. Figure out what you’re willing to take on before you dive in. It’s better to be informed than to regret your decision later.
Consider legal implications
Each jurisdiction has different regulations around DAOs. Make sure you’re on the right side of the law--do a little research on what you need to know in your area.
Decide on your investment strategy
Are you in it for the long haul, or are you looking for a quick return? Knowing your strategy can help you make better decisions once you’re a part of the DAO.
Keep your emotions in check
Investing can be a wild ride, especially in the DAO space. Try not to let excitement--or fear--drive your decisions. Stay level-headed.
Be prepared for volatility
The crypto world can be unpredictable. Be ready for some ups and downs, and don’t invest more than you can afford to lose.
Stay updated
Once you’re in, keep an eye on developments and news related to the DAO. Being informed will help you make the best decisions moving forward.

By following these tips, you'll be better prepared to make informed choices with your investments in DAO. Happy investing!

Governance framework: We’re rolling with the OpenZeppelin Governor alongside ERC-20 Votes, which feature checkpoints, a voting delay, and a voting period that fits your holder profile. You can take a closer look here.
Execution path: To keep everything secure, we’ve implemented a Timelock, meaning no sensitive calls can be executed directly by the Governor. If you want more details, check it out here.
Quorum tiers: For major decisions like treasury, minting, and parameter changes, we’ve set a higher super-quorum requirement. You can find all the juicy details here.
Proposal thresholds: To get a proposal rolling, it needs to hit a certain percentage of the total supply or ve-power, and we’ve put some limits on who can actually propose. Dive into the details here.
Anti-sniping: We’ve enabled PreventLateQuorum to help keep the playing field level. Learn more about it here.
Emergency powers: The ProposalGuardian can only cancel proposals if they meet clear, objective criteria, plus we’ll have sunset and audit provisions in place. Get the full scoop here.
Treasury segmentation: We’re using a Safe-based setup with hot, warm, and cold storage, each with spend caps, and we’re also bringing in oSnap for Snapshot DAOs. Check out the details here.
Payload hygiene: Every proposal has to include code diffs, calldata hash pinning, and third-party simulations to keep everything neat and secure. For more info, head over here.
Vote lockups: For any proposals that involve moving funds, we’re applying ve-style lockups to ensure that power isn’t transferable. Check out the details here.
Monitoring: We’ve set up public bots that keep an eye out for any sketchy proposals, weekend votes, or spammy multi-proposals. You can read more on that here.
Custody exposure: It’s super important to keep track of exchange holdings and maybe consider warm-up periods before voting. More info can be found here.
Upgrade plan: We’ll be doing quarterly governance audits and updates to the framework, and we’ll also have moratorium windows during upgrades. Learn more about it here.

If you already run a DAO: a 30‑day hardening plan

Week 1

Enable PreventLateQuorum and increase the votingDelay to capture a reliable snapshot. Additionally, we should elevate the proposalThreshold for treasury actions. (docs.openzeppelin.com)

Week 2

If you haven't done it yet, make sure to switch execution over to a Timelock. It’s also a good idea to draft an emergency cancel policy that lays out clear criteria. And hey, think about forming a small, elected guardian committee to handle some limited responsibilities. You can find more details here: (docs.openzeppelin.com)

Week 3

If you're diving into Snapshot-based, go ahead and get oSnap set up with a strong bond and a 72-hour challenge window. Don’t forget to funnel those high-value transactions through Safe and set some spending limits. For all the nitty-gritty details, take a look here.

Week 4

Begin requiring a "proposal packet" that comes with both a diff and a simulation report.
Get some monitoring bots up and running, and set up a public "voter alert" channel.
Organize a tabletop exercise to go over what to do in case of a malicious proposal scenario.

Key takeaways for executives

Governance isn’t just some fancy community tradition--it’s actually a bit of a vulnerability. Any dollar that the DAO has access to could be a target for someone trying to mess with the vote.
We keep seeing the same problems pop up, but the good news is that there are some solid solutions out there: things like checkpoint voting power, non-bypassable time-locks, higher thresholds for moving cash around, making payloads super clear and easy to digest, and setting up automated challenge windows. You can dive deeper into it here.
And let’s not overlook the social side of things! When fewer people participate, it’s often the big players and coalition buyers who can swing the vote in close weekend situations. It’s all about grabbing that attention, so make sure to lay down some clear “stop rules.” For a real-world example, check out how Compound dealt with their situation involving a crypto whale.

Appendix: incident quick refs (for your board packet)

Beanstalk (Apr 17, 2022): This incident was a tough blow, with a flash-loan supermajority leading to a staggering loss of around $182 million. The whole mess stemmed from an emergency Commit BIP-18 and the protocol's design not being able to withstand flash loans. If you're curious to dive deeper, check out the details here.
Tornado Cash (May 20, 2023): An attacker pulled off a sneaky scheme using a lookalike proposal packed with some hidden tricks that managed to snag about 1.2 million fake votes. But don’t worry, they handed control back just a few days later. You can check out all the juicy details here.
Synthetify (Oct 24, 2023): A total of 10 similar proposals were making the rounds, and one ended up losing about $230,000. This whole situation really underscores the dangers of being inactive, and there have been public suggestions to create veto councils. You can check out more details here.
Build Finance (Feb 14, 2022): In this case, we witnessed a hostile takeover that played out through governance maneuvers, where the mint authority was misused, resulting in drained liquidity providers and treasury funds. You can dive into the complete story here.
Mango (Oct 2022): There was a major exploit that, along with an on-chain "settlement," left around $47 million hanging in the balance, eventually making its way to U.S. courts. It's interesting to see how on-chain votes don't really protect you from legal issues. If you're curious to dive deeper, check it out here.
Compound (July 2024): So, there was this Proposal 289, which was about $24 million, and it barely passed through all the drama of a governance attack, but it eventually got retracted. The silver lining? The DAO is gearing up for some upgrades with Governor enhancements. If you're curious to learn more, check it out here.

If you need a tailored governance threat model, you're in the right place! We can dive deep into your token distribution, voting structure, and treasury activities, matching them up with different types of attacks. And the best part? In just under four weeks, we’ll hand you a robust configuration that includes monitoring.