Helius co-founder flags governance attack, urges protocols to tighten quorum settings immediately
Mert Mumtaz's public alert specifically called out Circle personnel, suggesting the threat may touch stablecoin-related governance infrastructure on Solana.
Mert Mumtaz, co-founder and CEO of Solana infrastructure provider Helius, posted an urgent alert on X on July 6 warning of a governance attack targeting crypto protocols. His message was blunt: tighten your quorum parameters and turn on your notifications. Now.
The post specifically called on Circle personnel to stay vigilant and coordinate with Helius, a detail that immediately raised eyebrows given Circle’s role as the issuer of USDC, one of the largest stablecoins in crypto.
What we know so far
Mumtaz did not name the specific protocol, token, or on-chain transaction involved in the attack. What he did provide was a clear directive for teams to immediately review their governance configurations and ensure notification systems are active so that unusual proposals don’t slip through undetected.
The direct mention of Circle is notable. USDC operates across multiple chains and interacts with numerous DeFi protocols that use decentralized governance models. If the attack vector involves a protocol that handles or integrates USDC, the downstream implications could be substantial.
No major crypto news outlets had independently verified or reported extensively on the specific attack as of the time of Mumtaz’s post.
Why governance attacks keep happening
Governance attacks are not new. The core vulnerability is structural: most DAOs struggle with voter apathy. When only a small fraction of token holders regularly participate in governance votes, the quorum threshold, the minimum number of votes needed to make a proposal valid, becomes the critical variable.
Attackers know this. Common strategies include accumulating governance tokens quietly over time, borrowing them through flash loans for a single vote, or simply timing proposals to coincide with low engagement periods like weekends or holidays. July 6 fell on a Sunday, which is not exactly peak governance participation time.
Mumtaz’s emphasis on notifications is equally important. Many governance systems allow proposals to go live with relatively short voting windows. If token holders aren’t actively monitoring, a malicious proposal can reach quorum and execute before anyone realizes what happened.
Helius, which Mumtaz co-founded alongside Liam Vovk and Nicolas Pennie in 2022, provides RPC nodes, APIs, and data indexing tools for the Solana ecosystem.