Hypernative's early detection of a malicious upgrade proposal targeting a dormant decentralized token folio (DTF) enabled a timely response by ABC Labs and its community
In the early hours of Feb. 4, an attacker submitted a governance proposal targeting High Yield USD (hyUSD) token on the Reserve platform. The DTF has been dormant for over a year, and the Slack alert notifying the team of proposed changes immediately raised an alarm.
The proposal called for upgrading two of hyUSD's core contracts to an unverified contract. No forum discussion had preceded it. The attacker's bet was simple: a deprecated asset attracts minimal attention, governance participation stays low, and a malicious proposal can pass quietly before anyone organizes a response. Had it succeeded, they would have drained about $80,000 in TVL plus all of the RSR governance tokens staked on hyUSD.
ABC Labs, the core development team behind the Reserve Protocol, immediately investigated the proposer address and the target contract on Etherscan and quickly confirmed what the alert already suggested. The team notified the broader community through its Telegram group, knowing that public visibility was the fastest path to a coordinated response. RSR holders mobilized, staking enough against the proposal to outweigh the attacker's voting power. Within 24 hours, the attacker had unstaked. The attack was foiled.
The reputational risk of losing even $100 in user funds is massive. Users expect a secure, reliable product. We don't take the security of our code or our systems lightly, and we cannot cut corners in protecting any user funds.
Patrick McKelvy, Director of Engineering @ Reserve
ABC Labs initially built its own governance monitoring bot, scraping proposal events and piping them into Slack. It did the minimum: surface that a proposal existed, but not what the proposal actually did. ABC Labs also had to operate and maintain the system, including an observability stack to ensure it was always functioning.
It was a very narrow implementation and, over time, we concluded that this setup was too operationally fragile to serve as a durable control layer.
Patrick McKelvy, Director of Engineering @ Reserve
Hypernative provided a path to formalize governance monitoring without turning it into an internal software maintenance burden. Today, Reserve monitors all DTF DAOs across the full proposal lifecycle, with introspection into what proposals do and severity-based alerting that differentiates routine governance from potentially catastrophic actions.
The workflow is designed to minimize time-to-human-review:
ABC Labs also uses governance process discipline as a risk signal. Major proposals are expected to be socialized as RFCs in the forums before they ever go onchain. Because the team stays current on forum activity, proposals that arrive without warning are treated as higher risk by default, especially if they involve role changes, contract upgrades, or other privileged actions.
Reserve’s ecosystem is built on decentralized control, and that control layer is expanding. Each DTF has its own governance surface, which multiplies the number of places a malicious proposal can appear. Following the hyUSD incident, ABC Labs began adding louder alerts for additional critical governance actions that were not previously monitored as closely.
ABC Labs’ view is that the problem will only get harder as the ecosystem scales. As the number of DAOs grows from dozens to hundreds or thousands, it will not be feasible for humans to maintain continuous attention on every governance surface. Automation and AI-assisted monitoring become necessary to preserve decentralized control without leaving gaps that attackers can exploit.
We see Hypernative as a continued vanguard of onchain financial systems. As we scale, having a platform that keeps watch across the entire portfolio, not just the assets people are paying attention to, is what makes growth sustainable.
Patrick McKelvy, Director of Engineering @ Reserve
This incident will be one of the topics in an upcoming webinar with leaders from Reown, Wave Digital, and Reserve, exploring what institutional stablecoin operations actually require across four domains, including:
🔹Protocol Integrity: Continuous oversight of contracts, mint/burn logic, oracles, and peg stability.
🔹Transaction Controls: Eliminating blind signing and last-mile wallet risk.
🔹Governance Safeguards: Securing multisig workflows and admin privileges.
🔹Ecosystem Monitoring: Managing bridge, liquidity, sanctions, and cross-chain exposure.
The 2026 Stablecoin Security Playbook: Extending the Three Lines of Defense to Onchain Finance
📅 March 5 | 4pm UTC / 10am EST
Register here: https://luma.com/r68ptp9e
Reserve is a decentralized protocol building a suite of onchain asset products and governance-controlled DTFs. Its governance process is designed to be transparent and community-driven, with major proposals typically discussed in forums before being brought onchain. ABC Labs is the core team building the Reserve protocols.
Hypernative is a real-time monitoring, risk detection and automated response solution that identifies threats with high accuracy and gives customers precious minutes to respond before exploits can do damage. The platform tracks both onchain and offchain data sources and uses battle-tested, sophisticated machine learning models, heuristics, simulations, and graph-based detections to identify over 300 risk types, from smart contract hacks and bridge security incidents to frontend compromises, market manipulations and private key theft.
Reach out for a demo of Hypernative’s solutions, tune into Hypernative’s blog and our social channels to keep up with the latest on cybersecurity in Web3.
Secure everything you build, run and own in Web3 with Hypernative.
Website | X (Twitter) | LinkedIn
