markets

BonkDAO Loses $20M in Funds to Malicious Governance Attack

BonkDAO developers report a $20 million theft triggered by a fraudulent governance proposal, prompting a law enforcement referral.

A decentralized autonomous organization tied to the memecoin project BonkDAO has disclosed the theft of approximately $20 million in funds, attributing the loss to what it described as a 'malicious governance proposal.' The incident highlights one of the most persistent and underappreciated vulnerabilities in the DAO model: governance mechanisms themselves can become attack vectors when bad actors exploit voting or proposal systems to redirect treasury funds.

The project's developers confirmed they have notified law enforcement and said they are actively working to recover the stolen assets and identify the individuals responsible. While the team offered few additional technical details publicly, the framing of the attack as a governance exploit suggests the perpetrators may have used legitimate on-chain proposal infrastructure — rather than a conventional smart contract hack — to authorize an unauthorized fund transfer.

Read more Tech Stocks Rally Late Monday in Broad Sector Advance →

This type of exploit is particularly difficult to defend against because it operates within the rules of the protocol rather than breaking them. Governance attacks can involve acquiring sufficient voting power, submitting a deceptive proposal, or exploiting low voter participation to push through transfers that drain a treasury. For meme-driven projects like BonkDAO, which often have diffuse or disengaged token holder bases, the risk of such manipulation is structurally elevated.

The incident adds to a growing ledger of losses tied to DeFi governance failures and raises pointed questions about whether current DAO frameworks provide adequate safeguards for community-held assets. As regulators and law enforcement agencies increase scrutiny of the crypto sector, cases like this one — where on-chain activity intersects with alleged criminal conduct — are likely to test the boundaries of how digital asset theft is investigated and prosecuted.

Continue reading at Cointelegraph.

Continue reading at Cointelegraph →

Frequently Asked Questions

Q.How was BonkDAO hacked?

BonkDAO developers attributed the $20 million theft to a 'malicious governance proposal,' suggesting attackers exploited the project's own on-chain governance system to authorize an unauthorized transfer of funds.

Q.What is BonkDAO doing to recover the stolen $20 million?

The developers said they have reported the incident to law enforcement and are actively working both to recover the stolen funds and to identify those responsible for the attack.

Q.Why are DAO governance proposals a security risk?

Governance proposals can be weaponized by bad actors who exploit voting mechanisms or low participation rates to push through transactions that drain a project's treasury, all while operating within the protocol's own rules.

More in markets →