Attack on Moonwell Protocol Raises Concerns Over Governance Token Vulnerabilities

A recent incident involving the Moonwell protocol has highlighted concerns about the use of low-value tokens in governance schemes. The protocol, which provides liquidity for the Moonbeam and Moonriver ecosystems, was targeted by an attacker who purchased 40 million MFAM tokens to submit a malicious proposal.

The proposal, titled 'MIP-R39: Protocol Recovery - Admin Migration', aims to grant the attacker full control over key components of the lending protocol, including its seven markets and core smart contract. If successful, the attack could result in the draining of over $1 million in user funds.

Blockful, a blockchain intelligence firm, has warned that the attacker may have additional unidentified wallets holding MFAM tokens that could be used to vote for the proposal in the final block. To mitigate this risk, Blockful recommends that Moonwell's multisig signers use the 'Break Glass Guardian' defensive measure to move admin powers away from the attackers.