BonkDAO disclosed that it fell victim to a 'malicious governance proposal,' a targeted attack where holders of a significant amount of BONK tokens leveraged their voting power to redirect coins to their own wallets.

The incident resulted in the theft of approximately $20 million worth of BONK, according to the project's social media post. The attack exploited the decentralized governance mechanism, allowing bad actors to approve a proposal that transferred funds.

Technical details point to a governance exploit: attackers accumulated enough voting power to push through a proposal that credited their wallets. The specific vulnerability lies in the token-based voting system, where influence scales with holdings, rather than a code bug.

Mitigation efforts are underway, but BonkDAO has not yet announced a patch or recovery plan. Affected users are advised to monitor official channels for updates. No immediate fix for the governance loophole has been confirmed.

The attack spotlights the persistent risks in decentralized finance (DeFi) governance models. While BonkDAO works to assess the damage, the incident underscores the need for more robust voting safeguards in token-based projects.