A recent incident in Arbitrum involving vote buying has brought the integrity of decentralized autonomous organization (DAO) governance into question.
Vote Buying and Its Consequences
On April 8, 2025, user hitmonlee.eth was able to spend 5 ETH (approximately $10,000) to acquire 19.3 million ARB votes, equating to $6.5 million in governance weight. This amount of votes surpasses that of experienced DAO delegates like Wintermute and L2Beat. These votes were used to support CupOJoseph's candidacy for a seat on Arbitrum’s Oversight and Transparency Committee.
Financial Incentives and Influence on DAO
According to Ignas from Pink Brains, the oversight role in DAO pays around $7,500 per month for 12 months. This suggests financial incentives for vote buying, indicating that such actions might be economically justified, not solely ideologically driven. The situation highlights the vulnerability of DAO governance models based on a one-token-one-vote principle.
Security Risks for DAO
The incident in Arbitrum is not isolated. In July 2024, Compound DAO narrowly passed a motion to grant $24 million (5% of the treasury) to an outside protocol controlled by a major COMP holder, characterized by members as a governance attack. Platforms like LobbyFi reduce the cost of governance attacks, allowing malicious actors to influence key DAO decisions at a fraction of what would be required otherwise.
This case underscores the need to rethink governance approaches in DAOs and highlights the risks faced by systems using token-based voting models.
