DeFi project Swerve Finance is under governance attack, with the involved exploiter looking to steal over $1.3 million in various stablecoins.

But what’s a governance attack?

This type of attack involves a hacker taking control of adequate voting power to pass proposals with the aim of stealing funds from a certain protocol. As for Swerve Finance’s case, blockchain observers report that the attack has been going on for almost a week.

How the Exploiter Launched the Attack

The governance attack started when an address created two proposals to transfer ownership of the remaining funds on Swerve Finance to the exploiter’s contract. However, the transfer was unsuccessful because the 347,500 Swerve governance tokens used to launch the attack were not enough to approve the proposal.

That being said, the address is reported to have requested help from another address. This second wallet immediately started voting on the exploiter’s proposal with about 103,900 Swerve governance tokens. But still, the voting power of the two addresses couldn’t pass the malicious proposal.

Swerve Finance Exploiter Revealed

Igor Igamberdiev, head of Research at Wintermute, wrote a long Twitter thread providing details of the exploiter’s on-chain activities, including transactions originating from coin mixer Tornado Cash. According to Igamberdiev’s analysis, the wallet addresses that attempted to approve the proposal on Swerve Finance belong to one individual.

Moreover, the researcher stated that the deposit and withdrawal history of the individual and that of the two addresses seem to be connected.

Igamberdiev urged the exploiter to stop the attack while advising community projects like Swerve Finance to transfer ownership of funds to a null address to prevent future attacks.