A governance attack happens when a bad actor accumulates enough voting power in a decentralized protocol to push through a proposal that benefits themselves, usually at the expense of everyone else. Most DeFi protocols give their users the ability to vote on decisions like fee changes, treasury spending, or upgrades to the code. That voting power is typically tied to how many governance tokens a person holds. When someone buys or borrows a massive amount of those tokens specifically to win a vote, that is a governance attack.
The mechanics are straightforward, and that is part of what makes it dangerous. Imagine a homeowners’ association where every vote is decided by how many shares of the building you own. Now imagine a stranger quietly buying up the majority of those shares overnight, walking into the next meeting, and voting to transfer the building’s entire maintenance fund into their own bank account, all within the rules of the system. No lock was picked. No alarm went off. The attack succeeded because the rules themselves were exploited. Governance attacks work the same way: the attacker does not break the protocol, they use it exactly as designed.
The most cited real-world example is the Beanstalk hack in April 2022. An attacker took out a flash loan, a type of uncollateralized loan that must be borrowed and repaid within a single transaction, to temporarily acquire a majority of Beanstalk’s governance tokens. They used that voting power to pass a malicious proposal that drained approximately $182 million from the protocol’s treasury. The loan was repaid in the same transaction. The entire attack, from setup to execution, took place in seconds.
Protocols have developed several defenses against governance attacks. Time locks are one of the most common, they introduce a mandatory delay between when a proposal passes and when it takes effect, giving the community time to spot something suspicious and respond. Other protocols require a minimum voting period, set a quorum threshold so that a small group cannot decide outcomes for everyone, or distribute governance tokens broadly enough that no single entity can realistically amass a majority.
Your completely free resource hub designed to boost your knowledge of cryptocurrencies
Governance attacks expose a fundamental tension in decentralized systems: the same openness that makes them trustless and permissionless also makes them vulnerable to anyone with enough capital and the will to exploit the rules. If you hold governance tokens in any protocol, it is worth paying attention to active proposals, not just as a right, but as a responsibility. One unchecked vote can unwind what took a community years to build.