Connect with us

Infosecurity

Attackers voted themselves millions: How a malicious governance proposal drained $20M from BONK DAO

Published

on

malicious governance proposal

A crypto heist with a ballot box twist

It wasn’t a code exploit. There was no breached smart contract. Instead, attackers simply voted themselves a fortune. BonkDAO, the decentralized organization behind the dog-themed BONK cryptocurrency on Solana, announced Monday that a malicious governance proposal drained $20 million worth of tokens from the project.

The heist is a sharp reminder that in decentralized finance, the voting booth can be just as dangerous as a buggy line of code. DAOs — short for decentralized autonomous organizations — let token holders vote on project decisions. That openness, meant to be democratic, can be weaponized.

How the vote went rogue

According to BonkDAO’s social media post, the attackers amassed a large enough stake in BONK to push through a proposal that funneled coins into their own wallets. Think of it as a hostile takeover, but executed through a ballot box instead of a boardroom.

Crypto news outlets reported that the attackers first accumulated about $4 million worth of BONK ahead of the vote. BonkDAO did not confirm that figure but acknowledged the preparatory buying. The organization said it has identified the exchange wallets used to purchase tokens before the proposal was submitted.

“During the investigation, BonkDAO identified the exchange wallets used to purchase BONK ahead of the proposal,” the group stated. It added that it has notified law enforcement and is working with partners to recover the stolen funds.

Upbit freezes deposits, BONK price dips

South Korea’s largest crypto exchange, Upbit, responded quickly. It temporarily suspended deposits and withdrawals of BONK, a move that effectively locked the token out of one of Asia’s key trading venues. As of Monday afternoon Eastern time, BONK’s price was down roughly 7%, with its total market capitalization sitting at about $400 million.

The drop, while significant, could have been worse. Analysts noted that BonkDAO itself held roughly 15% of the total BONK supply, which may have limited panic selling. Still, the incident has shaken confidence in the project’s governance model.

Why this is different from a smart-contract hack

Most high-profile crypto thefts — like the $54 million drained from Uranium Finance — exploit flaws in the automated code that governs transactions. A malicious governance proposal is different. It corrupts the voting process itself, tricking or overpowering the community into approving a harmful decision.

This isn’t a new tactic. In 2022, an attacker siphoned roughly $180 million from the Beanstalk platform using a similar governance exploit. That case remains one of the largest DAO-related thefts on record. U.S. authorities have since stepped up investigations into smart-contract crimes, but governance attacks present a unique challenge: they often rely on legitimate protocol mechanics, making them harder to prosecute.

Recovery is possible, but rare

Sometimes stolen crypto finds its way back. In December, the Federal Trade Commission ordered the platform Nomad to distribute $37.5 million in recovered assets after a 2022 incident. But those cases are the exception. Most stolen funds vanish into the labyrinth of crypto mixers and anonymous wallets.

BonkDAO says it is working with “relevant parties” to track the money and identify the attackers. Whether that leads to recovery — or arrests — remains to be seen.

What this means for DAOs and memecoin investors

The BONK exploit underscores a fundamental tension in decentralized governance. Giving token holders voting power is the whole point of a DAO. But when a single entity or coordinated group accumulates enough tokens, democracy becomes a weapon. For smaller projects, the risk is even higher.

DAO security best practices are still evolving. Some platforms now require time locks on proposals, giving communities a chance to veto suspicious votes. Others use multi-signature wallets to override rogue decisions. None of these measures are foolproof.

For investors, the lesson is blunt: a memecoin’s charm doesn’t protect its treasury. BONK’s dog-themed branding and Solana pedigree made it a fan favorite, but the mechanics underneath are what matter when millions are at stake.

The bigger picture: governance as attack surface

The BONK heist is part of a growing pattern. As more DeFi projects adopt DAO structures, attackers are shifting their focus from smart-contract bugs to governance loopholes. The Beanstalk case showed what’s possible with $180 million. BONK shows it can happen at smaller scales too.

Regulators are watching. U.S. authorities have pursued a range of crypto theft cases, from exchange hacks to DeFi exploits. But governance attacks in DeFi occupy a gray area: the code executed exactly as designed. The crime was in the intent, not the software.

For now, BONK holders are left waiting — for law enforcement, for exchange decisions, and for a DAO that must rebuild trust in its own ballot box.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Infosecurity

Hackers Actively Exploit Maximum Severity Adobe ColdFusion Flaw Hours After Patch Release

Published

on

Adobe ColdFusion flaw

Critical ColdFusion Bug Under Active Attack

Adobe is urging every organization running Adobe ColdFusion to apply the latest patches immediately. A maximum severity vulnerability — rated a perfect 10 on the CVSS scale — is already being exploited in the wild.

The company released fixes for 11 CVEs on June 30 as part of bulletin APSB26-68. Six of those vulnerabilities received the highest possible severity score. Security researchers flagged that one of them, CVE-2026-48282, was targeted within hours of the bulletin going public.

It’s a path traversal weakness in the popular web application development platform. If exploited, it can lead to arbitrary code execution — giving attackers full control over the affected server.

According to data from the ShadowServer Foundation, there are 775 exposed ColdFusion instances online. That’s a relatively small attack surface, but each one represents a potential entry point into a corporate network.

What Makes This Adobe ColdFusion Flaw So Dangerous

Maximum severity bugs are rare. A CVSS score of 10 means the vulnerability is trivial to exploit and requires no user interaction. An attacker doesn’t need to trick an admin into clicking a link or opening a file. They can simply send a crafted request to the server and compromise it.

CVE-2026-48282 fits that description perfectly. It’s a path traversal flaw — a type of bug that lets an attacker read or write files outside the intended directory. In ColdFusion’s case, that can escalate to full remote code execution.

At the time of writing, CVE-2026-48282 and the other vulnerabilities listed in APSB26-68 were not yet in CISA’s Known Exploited Vulnerabilities catalog. That will almost certainly change in the coming days.

Adobe Changes Its Patching Cadence

Adobe is also changing how often it ships security updates. Starting this year, the company moved from a monthly to a twice-monthly publication schedule for security advisories.

Chief security officer Aanchal Gupta explained the reasoning: “Twice-monthly bulletins will enable us to keep pace with the era of frontier AI. More vulnerabilities found means more fixes to deploy and a once-a-month publication window is no longer fast enough to stay ahead of our adversaries.”

Gupta added that the new cadence is a direct result of investing in improved vulnerability discovery. “AI accelerates discovery, but resilience still rests on the fundamentals: visibility, layered controls, continuous monitoring, and the discipline to ship fixes quickly once they are found.”

It’s a clear acknowledgment that attackers are moving faster than ever. The exploitation of this Adobe ColdFusion flaw within hours of the patch proves that point.

ColdFusion Remains a Prime Target

Adobe said it is not aware of any other exploits in the wild for CVE-2026-48282 or the other flaws published in APSB26-68. But the company’s own history suggests caution is warranted.

In 2023, threat actors targeted ColdFusion in a wave of attacks — using them for crypto-mining, DDoS operations, and other malicious activity. The platform is a popular target because it often sits on internal networks and runs with high privileges.

For defenders, the message is simple: patch now. A vulnerability with a CVSS score of 10 that’s already being exploited is not something to leave for the next maintenance window.

What Administrators Should Do Right Now

If you run any version of ColdFusion, here are the immediate steps:

  • Review Adobe’s APSB26-68 security bulletin and identify your affected version.
  • Apply the latest patch immediately — do not wait for a scheduled maintenance window.
  • Check your logs for signs of exploitation, particularly unusual file access or unexpected process execution.
  • Ensure your ColdFusion instance is not directly exposed to the internet unless absolutely necessary.
  • Monitor CISA’s Known Exploited Vulnerabilities catalog for updates related to CVE-2026-48282.

The window between disclosure and exploitation is shrinking. This Adobe ColdFusion flaw is the latest reminder that patching speed matters more than ever.

Continue Reading

Infosecurity

UK Government Launches Cyber Resilience Pledge, Claims 60+ Businesses On Board

Published

on

Cyber Resilience Pledge

A New Push for Corporate Cyber Security

More than 60 businesses — including Microsoft UK, ITV, Nationwide, and Marks & Spencer — have signed onto a fresh UK government initiative called the Cyber Resilience Pledge. The voluntary scheme, first floated at the CYBERUK conference in Glasgow back in April alongside a £90m ($120m) funding boost, is designed to harden the country’s corporate defenses against digital attacks.

Other notable signatories include Cloudflare, Deloitte LLP, Accenture UK, and Vodafone Group, according to a government statement. The pledge targets medium and large organizations, but its effects could trickle down to smaller firms through supply chain requirements.

What Signatories Must Actually Do

The pledge isn’t legally binding, but it asks companies to make three concrete commitments:

  • Board-level accountability: Firms must adopt the Cyber Governance Code of Practice and ensure all board members complete the NCSC’s Cyber Governance Training.
  • Early threat detection: Organizations need to register for the NCSC’s free Early Warning alert service, which notifies them of potential cyber threats targeting their networks.
  • Supply chain security: Companies must take a “risk-based approach” to requiring Cyber Essentials certification across their suppliers.

That last point is where the real leverage lies. If major corporations force their vendors to get certified, the government hopes to lift baseline security across hundreds of thousands of smaller businesses — far beyond the roughly 35,000 currently signed up to Cyber Essentials out of over five million UK companies.

Will it work? That remains an open question. But the NCSC has sweetened the deal for smaller firms: businesses with turnover under £20m ($27m) that hold Cyber Essentials certification qualify for free cyber-liability insurance, including professional incident response support.

A Multi-Pronged Government Strategy

The Cyber Resilience Pledge is just one piece of a broader push. A forthcoming Cyber Security and Resilience Bill will impose new requirements on critical national infrastructure (CNI) providers. Meanwhile, a separate Cyber Action Plan aims to tighten resilience and accountability across central government departments.

The Cyber Governance Code of Practice — another voluntary framework — is designed to help board members treat cyber risk with the same rigor they apply to financial or legal risks. The government has also launched a Cyber Charter with its 39 strategic suppliers, inviting them to sign the pledge. So far, 20 have done so.

Industry Reactions

Microsoft UK CEO Darren Hardman framed the pledge as essential in an era of AI-driven threats. “As AI reshapes both the threats we face and our response to them, stronger board-level accountability and supply chain security are how the UK stays ahead,” he said. “Microsoft has been a cybersecurity partner to the UK government for more than 20 years, and we’re proud to sign the Cyber Resilience Pledge, using AI to help defend the UK’s critical national infrastructure, public services and businesses against cyber-attacks.”

Technology secretary Liz Kendall struck a similar note, arguing that cyber resilience has evolved from an IT concern into a core business imperative. “The steps in this pledge are practical, achievable and proven to make a difference,” she added. “Today’s signatories are leading the way, and I encourage organizations across the UK to follow their example.”

What’s Next for UK Cyber Policy

The government is betting that a mix of voluntary pledges, legislative mandates, and supply-chain pressure will nudge British businesses toward better security hygiene. The Cyber Resilience Pledge itself is light on enforcement — it relies on reputation and peer pressure. But the upcoming Cyber Security and Resilience Bill will carry real teeth for CNI operators, and the Cyber Essentials certification scheme continues to gain traction as a baseline standard.

Whether 60 signatories becomes 600 — or 6,000 — will depend on how seriously boardrooms take the message. For now, the pledge is a signal: the UK government wants cybersecurity treated as a leadership issue, not just an IT problem.

Continue Reading

Infosecurity

Canada’s spy agency confirms it hacked a ransomware gang, drug dealers, and extremists in 2025

Published

on

CSE hacked criminal groups

Three separate active cyber operations in 2025

Canada’s Communications Security Establishment (CSE) has confirmed that its operatives carried out state-authorized hacks against three different criminal targets last year. The operations — detailed in a newly released report — struck a ransomware-as-a-service gang, drug dealers involved in fentanyl trafficking, and a violent extremist group recruiting in Western countries.

The CSE is Canada’s equivalent of the U.S. National Security Agency. Its 2025 report, published last week, describes these actions as “active cyber operations” aimed at foreign groups that posed a direct threat to Canadian security. The agency does not name the specific groups, but the details paint a picture of a spy agency increasingly willing to go on the offensive.

Disrupting violent extremists’ recruitment machine

One of the operations targeted a foreign extremist group that was spreading violent ideology and actively trying to recruit members in Canada and other Western nations. The CSE says it exploited data pulled from internet-connected devices to weaken the group’s operations.

“We successfully undermined the group’s credibility and limited their ability to radicalize and recruit new members,” the report states. The operation did not simply monitor the extremists — it actively interfered with their propaganda and outreach channels.

Taking on the fentanyl supply chain

A second hack went after overseas cybercriminals who were helping sell precursor chemicals used to make fentanyl. The synthetic opioid has killed tens of thousands of people annually in North America, and Canadian authorities have made disrupting its supply chain a top priority.

The CSE says its operation “disrupted and diminished” the traffickers. The report does not specify whether the hack destroyed data, took down servers, or something else, but the language suggests a significant blow to the network’s ability to operate.

Fentanyl-related deaths remain a crisis across the continent. In 2024 alone, more than 70,000 people died from synthetic opioid overdoses in the U.S. and Canada combined, according to public health data.

Ransomware gang’s infrastructure wiped out

The third and most technically detailed operation targeted a ransomware-as-a-service gang. The CSE used signals intelligence to map the group’s internal structure, then moved to disable its infrastructure.

“The operation rendered the group’s infrastructure inoperable and deleted a large amount of stolen data that was being advertised for sale on the dark web,” the report explains. That means the agency not only stopped ongoing extortion but also erased the evidence the gang planned to use against victims.

Ransomware-as-a-service operations have become a dominant model in cybercrime. Affiliates rent access to malware and infrastructure from core developers, then split the ransom payments. By taking out the central platform, the CSE likely disrupted dozens of ongoing extortion campaigns at once.

Ten more ransomware groups hit with “technical disruptions”

The report also reveals that the CSE carried out “authorized technical disruptions” against 10 major ransomware gangs last year. These actions were designed to “make parts of their infrastructure unusable” without necessarily destroying the entire operation. The agency does not name any of the targeted groups, but the scale of the effort signals a sustained campaign against the ransomware ecosystem.

This is not the first time Canada has publicly acknowledged offensive cyber operations. In 2023, the CSE revealed it had disrupted the LockBit ransomware group in coordination with international partners. But the 2025 report goes further in describing the range of targets and the methods used.

What this means for cybercrime and national security

The CSE’s willingness to hack criminal groups — not just foreign state adversaries — marks a notable shift. For years, Western intelligence agencies focused on espionage and counterterrorism, with cybercrime handled largely by law enforcement. Now, spy agencies are taking direct action against criminal networks that operate from overseas sanctuaries.

Legal experts point out that the CSE operates under a strict legal framework. The agency must obtain authorization from the Minister of National Defence and is subject to oversight by the Intelligence Commissioner and the National Security and Intelligence Review Agency. Each of the three operations described in the report was separately approved.

Still, the trend raises questions. If Canada’s spy agency can hack ransomware gangs and drug traffickers, what stops it from targeting other groups? The report emphasizes that all operations were conducted against foreign entities and were designed to protect Canadian interests. But as the line between cybercrime and state threats blurs, the CSE is likely to keep expanding its offensive toolkit.

For ransomware victims and law enforcement agencies tracking the fentanyl trade, the news is mostly positive. The CSE’s actions show that governments are willing to go beyond passive defense and actively dismantle the infrastructure that enables these crimes. Whether that approach can scale to match the sheer volume of ransomware and drug trafficking operations remains an open question.

One thing is clear: Canada’s spy agency is no longer just watching. It’s hacking back.

Continue Reading

Trending