BonkDAO Loses $20M in Funds to Malicious Governance Attack
BonkDAO developers report a $20 million theft triggered by a fraudulent governance proposal, prompting a law enforcement referral.
A decentralized autonomous organization tied to the memecoin project BonkDAO has disclosed the theft of approximately $20 million in funds, attributing the loss to what it described as a 'malicious governance proposal.' The incident highlights one of the most persistent and underappreciated vulnerabilities in the DAO model: governance mechanisms themselves can become attack vectors when bad actors exploit voting or proposal systems to redirect treasury funds.
The project's developers confirmed they have notified law enforcement and said they are actively working to recover the stolen assets and identify the individuals responsible. While the team offered few additional technical details publicly, the framing of the attack as a governance exploit suggests the perpetrators may have used legitimate on-chain proposal infrastructure — rather than a conventional smart contract hack — to authorize an unauthorized fund transfer.
Read more Tech Stocks Rally Late Monday in Broad Sector Advance →
This type of exploit is particularly difficult to defend against because it operates within the rules of the protocol rather than breaking them. Governance attacks can involve acquiring sufficient voting power, submitting a deceptive proposal, or exploiting low voter participation to push through transfers that drain a treasury. For meme-driven projects like BonkDAO, which often have diffuse or disengaged token holder bases, the risk of such manipulation is structurally elevated.
The incident adds to a growing ledger of losses tied to DeFi governance failures and raises pointed questions about whether current DAO frameworks provide adequate safeguards for community-held assets. As regulators and law enforcement agencies increase scrutiny of the crypto sector, cases like this one — where on-chain activity intersects with alleged criminal conduct — are likely to test the boundaries of how digital asset theft is investigated and prosecuted.
Continue reading at Cointelegraph.