Key Points
- BONK DAO experienced a $20 million treasury drain following approval of a malicious governance proposal through legitimate voting mechanisms.
- An attacker purchased approximately $4.4 million worth of BONK tokens to accumulate sufficient voting power for proposal passage.
- Seven wallets participated in the vote despite over 18,000 eligible DAO members having voting rights.
- After reaching the voting threshold, the governance system executed an automatic transfer of approximately $20 million in BONK tokens to the attacker’s address.
- BONK DAO acknowledged the exploit and initiated collaboration with cryptocurrency exchanges, bridge protocols, and the Solana Foundation for recovery efforts.
BONK DAO’s treasury suffered a significant $20 million loss following a governance exploit where an attacker accumulated voting power to approve a malicious proposal. The perpetrator invested approximately $4.4 million to acquire the necessary governance tokens. This incident reveals critical vulnerabilities in token-weighted governance frameworks used by decentralized organizations.
Governance Exploit Methodology: Token Accumulation and Proposal Execution
The exploit began on June 30 when an unidentified wallet address submitted a proposal requesting treasury funds. This proposal sought 4.43 trillion BONK tokens to be transferred to an address under the proposer’s control. The voting mechanism required approval representing 1% of the total token supply.
Between July 4 and July 5, a separate wallet systematically acquired sufficient BONK tokens to meet the voting threshold. Transaction records indicate the wallet spent roughly $4.4 million through purchases on Binance and Bybit exchanges. According to Lookonchain analysis, the attacker secured additional capital through borrowing on decentralized finance lending protocols.
The proposal, designated as “BIP #76 – Sowellian BonkDAO,” achieved the necessary quorum for passage. Voter participation remained extremely low, with seven addresses casting votes while more than 18,000 members held eligibility. The final tally showed 882.38 billion votes in favor, marginally surpassing the 879.95 billion vote requirement.
Automated Treasury Transfer Following Vote Completion
Upon accumulating the required tokens, the attacker deployed the entire balance to support the proposal. The DAO’s governance infrastructure automatically processed the treasury transfer once voting concluded successfully. Within hours, approximately $20 million in BONK tokens arrived in the attacker’s designated wallet address.
Blockchain analytics firm Chainalysis tracked subsequent movements showing the attacker transferred roughly $188,000 to a centralized exchange platform. The bulk of the extracted funds moved into a multisignature wallet structure requiring multiple authorizations. Following the operation’s completion, the attacker liquidated approximately $5.3 million of the previously acquired BONK tokens.
The proposal text contained language about “rebuilding from the ashes” and “stopping the bleeding.” Additional language promised that “all YES voters are eligible to receive tokens.” Despite this rhetoric, the proposal’s primary function authorized the substantial treasury transfer to the attacker’s controlled address.
DAO Response and Broader Governance Security Implications
BONK DAO publicly acknowledged the incident and characterized the proposal as a malicious exploitation. The organization stated it identified exchange accounts involved in the token accumulation phase prior to the governance vote. Ongoing coordination continues with centralized exchanges, cross-chain bridge services, and the Solana Foundation.
This incident sparked renewed discussion regarding governance architectures that rely exclusively on token-based voting power. Some commentators noted the attacker operated within established protocol parameters. Nevertheless, BONK DAO, Chainalysis, and various blockchain analysts categorized the event as a deliberate attack.
The exploit demonstrates significant risks associated with temporary voting control over substantial treasury reserves. BONK token price declined approximately 7% in the 24-hour period following the incident. The event underscores the critical importance of governance security measures proportional to treasury values across decentralized autonomous organizations.





