On June 9, 2026, the long-silent Balancer V1 sounded the alarm again: the TOP/WETH liquidity pool deployed on it suffered a malicious attack, with assets in the pool rapidly drained through a series of carefully designed transactions. Several security alerts and media pointed to the same loss figure—approximately 1.58 million dollars. The on-chain security monitoring system quickly captured this set of abnormal operations and issued a warning, but what was truly unsettling was not the "incident" itself, but the familiar figure reappearing: the attacker used anonymous funds sourced from Tornado Cash to gain entry, and after completely emptying the liquidity pool, sent the stolen assets back to Tornado Cash mixing, leaving a clear yet hard to penetrate trail of funds on the blockchain. Looking back from the end of this path, this was not merely an isolated attack event, but like a mirror reflecting the overlooked old version liquidity pools in the DeFi ecosystem, the security systems relying on post hoc alerts, and the vulnerable protocol structures in the face of anonymous funds, clearly and distinctly.
The TOP Pool Drained: 1.58 Million Dollars Lost
On June 9, when anonymous funds from Tornado Cash quietly flowed into the attacker's self-controlled address, the countdown for the ambush on TOP had already begun. Later that same day, this address began to frequently interact with the TOP/WETH pool on Balancer V1, through a series of meticulously designed malicious transactions that continuously altered the asset structure within the pool, appearing on the outside as consecutive on-chain swaps, but in reality, purposefully draining liquidity. By the time the monitoring platform captured the anomaly, the redeemable TOP and WETH in this early legacy V1 pool had nearly been drained. Several Chinese media outlets, quoting security agency statistics, stated that the final amount of assets transferred was about 1.58 million dollars, a process clearly defined as a malicious attack of "liquidity pool draining," rather than price fluctuations or isolated user errors.
For the direct participants, this is not just a string of cold numbers. First and foremost are the LPs who have been making markets in this pool for a long time; they originally hoped to earn fees in the old pool, but now find their positions converted into part of the balance in the attacker's address on-chain. Daily trading around TOP was also affected: an important source of liquidity became invalid in a short time, making some token holders sensitive to the question of "how safe is the capital really?" After the incident, no project party has provided a clear statement regarding compensation arrangements or technical details, making it difficult for the impacted LPs to determine whether they are facing temporary uncertainty or an irreversible permanent loss. Until the results are officially reviewed, this 1.58 million dollar gap will continue to hang over the TOP community, testing participants' patience and confidence.
Tornado Cash Frequently Becomes a Trigger
Tracing back the on-chain trajectory of this approximately 1.58 million dollar loss reveals a familiar figure: according to security monitoring information, the address related to this attack received a batch of anonymously injected funds from Tornado Cash prior to initiating operations as a "warm-up"; on the same day, after the TOP/WETH pool on Balancer V1 was gradually drained, the stolen assets were again funnelled in batches to Tornado Cash mixing, with the source and direction of funds wrapped up by the same tool. For security teams and affected LPs trying to restore the truth, this indicates two fogs: on one hand, it is difficult to quickly identify potential attackers through funding sources beforehand; on the other hand, post-event accountability is constantly diluted by the deliberately fragmented transaction paths.
This is not an isolated case. Tornado Cash has long been used by hackers and attackers as a mixing tool, appearing repeatedly in multiple past DeFi attacks and hacking incidents, which has led to ongoing regulatory and compliance controversies: supporters emphasize that any public blockchain needs a "black box" to protect the privacy of ordinary users, while opponents point out that this "black box" is being abused as a natural shelter for attacks and money laundering. The attack on the TOP liquidity pool raises a sharp question within the industry—once funds are labeled as "from Tornado Cash," should protocols, risk control systems, and even community opinions view it as inherently suspicious, or should they seek a more refined yet complex discernment mechanism that respects privacy while preventing malice?
Old Pools That Cannot Be Moved and Balancer V1
Returning to this incident, it was not a liquidity pool on some latest version that was drained, but the TOP/WETH pool on Balancer V1. As an early version of the protocol, Balancer V1 has been frequently named in public information for encountering attacks or being pointed out for risks, yet many projects and LPs still leave funds on it long-term. These "legacy pools" act like forgotten infrastructure during stable markets, only to expose the natural gaps in parameter design, contract assumptions, and protection mechanisms when encountering malicious transactions.
Looking at the industry as a whole, these types of legacy asset areas are nearly a commonality among all iterated DeFi protocols: new versions go live, routing defaults to the new version, but old pools remain uncleared due to user inertia, the complexity of migration operations, gas costs and time costs not being economical, and the protocol often lacks sufficiently strong migration incentives and forced offline mechanisms. More troubling is that the security strategies and risk control tools of old pools typically do not synchronize with new versions, with monitoring rules, alert thresholds, and emergency plans remaining at "historical states." In the eyes of attackers, these old pools with ample liquidity but loose governance are indeed the ideal targets with a high risk-reward ratio.
What DeFi Can Do Under Anonymous Attacks
From the project perspective, the security alert for the TOP/Balancer V1 liquidity pool only occurred after the funds were drained, according to AiCoin data and public warning records, this kind of "post-broadcast" can clearly not secure reaction time for LPs. For projects maintaining liquidity on early versions or legacy pools, the first step is to bring these pools into active monitoring instead of letting them "naturally age": continuously track the asset scale within the pool, and abnormal trading patterns, and once thresholds are triggered, suspend the frontend entrance or increase slippage, at least making it difficult for attacks to be completed without resistance. The second step is to design stronger migration incentives and timetables, offering additional rewards for LPs migrating out of old pools, reducing trading fees in new pools, and clearly writing in a roadmap for "gradually closing the old pool after a certain date," avoiding situations like this where legacy pools suffer long-term high loads and low governance. The third step is to introduce differentiated risk control for suspicious fund sources—such as setting higher monitoring sensitivity, limits, or delayed settlements for anonymous funds from similar Tornado Cash sources; although such practices are not yet a consensus in the industry, they have appeared in some protocol implementations, at least providing an idea that adds a layer of "buffer" between privacy and security.
For LPs and ordinary users, "still operating" can no longer be viewed as a safety endorsement. Before participating in any liquidity pool, the most basic step is to confirm the contract version and security record: is it an early structure similar to Balancer V1, or a new version that has undergone multiple audits and iterations? Does the project party have a clear maintenance plan, or is it like the TOP-related pools that have become passive remnants? Upon discovering that they have long been parked in a governance-thin, poorly communicated old pool, even if the returns seem acceptable, they should proactively assess the need to migrate instead of "letting it be." From a larger ecological perspective, relying solely on post-event alerts, on-chain tracing, and public pressure is insufficient to prevent the next similar attack amidst the reality that tools like Tornado Cash have frequently been used to attack aftermaths. The industry will sooner or later need to find a more finely granulated compromise between address privacy, fund traceability, and protocol self-protection ability; otherwise, when the next anonymous funds target some legacy pool, the entire system will likely repeat the passive defense and post-event inquiries of this instance.
Three Observations After the TOP Attack
From the on-chain path perspective, the draining of the TOP/WETH liquidity pool on Balancer V1 through an attack involving back-and-forth anonymous funds via Tornado Cash is destined to be written into a new case collection on "the relationship between privacy tools and DeFi security." Future discussions surrounding Tornado Cash will be hard to separate from this type of operational sample. At least three threads are worth keeping an eye on: first, the self-transformation of project parties and the protocol layer—at the time of writing, there has yet to be a widely cited official technical report or clear rectification plan; how TOP and Balancer deal with these legacy pools and whether to embed stronger risk control terms into governance structures will directly impact subsequent risk curves; second, the level of cleanup by the broader ecosystem on old version liquidity pools—old protocols of the V1 type and long-term unmanaged funds pools still exist on multiple public chains, this incident, coupled with several past DeFi attacks, once again pushes "protocol upgrades, pool migrations, and security governance" to the forefront; third, the regulatory direction on anonymous tools—policies and law enforcement actions surrounding Tornado Cash have continued to escalate over the past few years; how to define the boundary between "tool neutrality" and "aiding money laundering" will inevitably affect its position in the DeFi landscape. Before these variables become clear, it is foreseeable that using anonymous funds to attack legacy pools will not be concluded by a single theft of the TOP liquidity pool; unless various participants incorporate such structural risks into their daily decision-making framework, the next case protagonist will likely just change to a different token code and pool address.
Join our community to discuss and become stronger together!
AiCoin exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
