TLDR
- A malicious actor invested $4.4 million in BONK tokens to achieve voting power for a fraudulent governance proposal
- The malicious proposal executed an automatic transfer of $20 million from BONK DAO’s treasury directly to the attacker’s address
- Just 7 wallets cast affirmative votes while more than 18,000 community members remained inactive
- BONK token value declined 7% within 24 hours after the exploit
- BonkDAO has reached out to authorities and is collaborating with cryptocurrency exchanges and the Solana Foundation
On July 6, a sophisticated attacker successfully drained $20 million from BONK DAO’s treasury by weaponizing the project’s decentralized governance mechanism. The elaborate operation kicked off on June 30 when an unidentified wallet introduced a proposal designed to redirect treasury assets to an address under the attacker’s control.
For approval, the proposal required affirmative votes representing 1% of BONK’s complete token supply. Throughout July 4 and 5, the perpetrator strategically acquired precisely that quantity, investing approximately $4.4 million through cryptocurrency exchanges Bybit and Binance, while securing additional tokens via decentralized finance lending protocols.
The governance proposal, labeled “BIP #76 – Sowellian BonkDAO,” achieved passage with merely seven wallet addresses supporting it. Over 18,000 community members failed to participate. Voter participation reached only 2.9%, with the proposal barely surpassing the minimum quorum requirement.
In essence, a single participant engineered approval from itself. The proposal’s description outlined plans to “rebuild from the ashes, monetize holdings, stop the bleeding.” Concealed within the text was a singular directive to transfer 4.43 trillion BONK tokens to the attacker’s designated wallet.
Following successful passage, the transfer proceeded autonomously. Approximately $20 million worth of BONK departed the treasury and entered the attacker’s wallet without requiring manual authorization.
What Happened to the Funds
Nine hours following the treasury drain, approximately $188,000 was dispatched to a cryptocurrency exchange, presumably for liquidation purposes. The remaining $19 million was relocated to a multisignature wallet requiring multiple authorizations before subsequent transfers, as reported by Chainalysis.
Roughly one hour after the drainage, the perpetrator began liquidating the BONK tokens they had purchased to finance the operation. They sold approximately $5.3 million worth. The pilfered treasury tokens were maintained separately.
BONK DAO has subsequently acknowledged the exploit. The organization stated it pinpointed exchange wallets utilized for token acquisition preceding the vote. It is currently coordinating with exchanges, blockchain bridges, and the Solana Foundation to address the situation.
Authorities have been alerted. The project confirmed it is pursuing efforts to “recover funds and identify those responsible.”
Broader Context
BONK debuted in December 2022 on Solana and ranks among multiple dog-themed memecoins including Dogecoin and Shiba Inu. The exploit occurs while the combined market capitalization of leading memecoins stands at approximately $25.3 billion, representing a decline exceeding 54% during the past year.
The incident has ignited discussion regarding whether the perpetrator exploited systemic vulnerabilities or executed outright theft. Each action constituted a legitimate transaction. BONK DAO and blockchain analytics companies are classifying it as an attack.
The fundamental lesson is straightforward: any treasury vulnerable to movement through temporary voting majorities maintains security only equivalent to the expense of acquiring that majority. In this case, the attacker invested $4.4 million to extract $20 million.





