BonkDAO Loses $20M in Malicious Governance Proposal Attack
BonkDAO developers reported a $20M theft triggered by a malicious governance proposal and have alerted law enforcement.
BonkDAO, the organization behind a prominent memecoin project, disclosed that attackers drained approximately $20 million from its treasury through what developers described as a "malicious governance proposal," according to a report from Cointelegraph. The theft represents one of the more notable governance-based exploits to hit a decentralized crypto project in recent memory, raising fresh concerns about the security of on-chain voting mechanisms.
Governance attacks of this nature typically involve bad actors submitting or manipulating a proposal within a decentralized autonomous organization's voting system to redirect funds or alter smart contract permissions in their favor. When approved — whether through deception, voter apathy, or outright manipulation — the proposal executes automatically on-chain, leaving victims with little immediate recourse.
Read more VanEck Semiconductor ETF Surges 64% in 2025 Without Apple →
BonkDAO's development team confirmed they had notified law enforcement following the incident and stated they are actively working to recover the stolen funds while simultaneously attempting to identify the individuals or groups responsible. The dual-track approach — legal and investigative — reflects a growing trend among crypto projects that seek both on-chain forensic recovery and traditional legal remedies after major thefts.
The incident underscores a persistent vulnerability in decentralized governance structures: the same permissionless, trustless design that gives DAOs their appeal can also be weaponized by sophisticated attackers who exploit low voter participation or weak proposal review processes. Security analysts have long warned that governance layers can be softer targets than the underlying smart contracts themselves.
No timeline for fund recovery or further details about suspects has been publicly released by the team. Continue reading at Cointelegraph.