What Is a Governance Attack?

The expansion of Web3 and blockchain technology gave birth to many innovative cryptocurrency projects. According to CoinMarketCap, there are currently more than 20,000 cryptocurrencies that make a market cap of over $1.1 Trillion.

But the increase in Web3 adoption invites various types of cybersecurity threats and attacks. One of the most recent ones is the Governance Attack which affects the cryptocurrency projects that make protocol decisions through governance proposals.

What is governance?

Managing and implementing changes to cryptocurrency blockchains via voting is called governance. Changes to a blockchain protocol are implemented through this type of governance. Each token holder can vote to accept or reject proposed modifications by developers through code updates.

If a governance proposal reaches beyond quorum, the proposed change will be implemented, but if rejected, the changes won’t be made in the protocol. The governance proposals could be raised for various reasons, such as upgrading the chain, making crucial decisions for the chain’s future, etc.

Governance resulted in a more decentralized manner of operating a protocol where some specific people do not make the decisions; instead, every token holder of that protocol has the right to participate in its governance. 

Risks associated with the governance

Although governance could sound beneficial to the future of decentralization, some flaws are associated with it, which, if exploited, could result in a big disaster for the cryptocurrency project. 

One of the most significant examples would be the Ethereum-Based Stablecoin Protocol Beanstalk, where an attacker recently stole $181 million by manipulating governance.

Some of the most commonly known governance risks are:

• Big bags, higher voting power: The holder having a massive chunk of tokens has more voting power than the one with fewer tokens. This means if a person has more than the number of tokens required to pass a proposal, they can make any decision for the protocol single-handedly.
• Less participation: There are chances that some of the governance proposals are too technical and that not every holder can understand them properly and make the right decision. For example, a chain upgrade proposal to upgrade the software version. These are hard to understand by an average person, making it difficult for them to make the right decision.
• Influenced decisions: This is the most common one, as so many factors could easily influence holders. This could be done through paid PR campaigns, influencer marketing, or even by bribing people to have a biased say on the proposal.
• Spamming: Any person could raise a governance proposal by depositing a certain amount of tokens of that chain. This could result in spam proposals. It mainly happens if the token price falls low that raising a proposal costs just a few dollars.

How do these risks result in governance attacks?

Suppose an attacker is able to manipulate any blockchain projects that use decentralized governance structures by gaining enough voting rights to reshape the rules or influence enough token holders to have biased votes on a proposal. In that case, it could be called a governance attack.

In recent times, governance attacks have become commonplace, and it’s through these kinds of attacks that hackers generally try to drain out the liquidity from the protocol. 

Some cryptocurrency projects that recently suffered governance attacks include Yam Finance, Beanstalk, and Build Finance DAO.

Preventions of governance attacks

Any blockchain protocol that makes decisions via governance proposals could prevent itself from becoming a victim of a governance attack by following some of these best practices:

• When the token price is low and anyone can afford the number of tokens required to raise a proposal, make sure to increase the deposit amount needed to submit a proposal to a significant value to protect against spam proposals.
• Educate your community about the importance of governance proposals and why they should participate. This plays a significant role and helps them stay unaffected by any improper influence.

Lastly, governance has given the power to the stakeholders to shape the protocol’s future. Still, at the same time, the risks associated with the governance proposals are rising rapidly. The protocols and the core team should ensure that the project undergoes security audits and take necessary steps to avoid any governance attack.

For more information on how you can secure your blockchain project, contact our Web3 security experts at halborn@protonmail.com.