TLDR
- A $4 million voting push reportedly allowed one attacker to drain BonkDAO’s $20 million treasury.
- Only seven wallets reportedly voted, and attacker-linked addresses held nearly all recorded governance voting power.
- BonkDAO said it contacted law enforcement and worked with exchanges to trace the transferred tokens.
- The case placed renewed attention on DAO voting rules, treasury controls, and time-lock protection systems.
- BONK reportedly fell after the treasury drain, as traders monitored recovery efforts and exchange activity.
BonkDAO, the governance organization of the Solana-based BONK memecoin ecosystem, reported that about $20 million in BONK tokens had been removed from its treasury through a malicious governance proposal. The incident involved a vote that authorized the withdrawal of treasury assets rather than a conventional code exploit. The project said the matter had been referred to law enforcement while tracing and recovery efforts continued.
According to Wu Blockchain and BonkDAO statements, the address linked to the action had accumulated a BONK position through an exchange account before the proposal reached voting. The attacker reportedly spent around $4 million acquiring tokens, which gave the address enough voting weight to control the decision. Security researcher Cos said the proposal was created six days before voting opened, while participation remained limited.
Only seven addresses reportedly participated in the vote, and addresses linked to the attacker accounted for 99.878 percent of total voting power. That voting concentration allowed the proposal to pass and authorize the movement of assets from the shared treasury. BonkDAO said it was working with exchanges, cross-chain bridges, and the Solana Foundation to follow fund movements and limit further transfers.
Governance Rules Become Central Focus
The reported BonkDAO governance attack has drawn attention to how token-based voting systems can expose treasury funds when voter participation is low. In such systems, a participant with enough tokens may be able to shape outcomes even without breaching the protocol’s technical security. The case shows how control of governance power can become a route to treasury access when guardrails are limited.
BonkDAO’s account indicates that the issue centered on proposal approval rather than a direct hack of the token contract. A proposal created within normal governance channels can still produce unauthorized or harmful results when safeguards are weak. Common protections include time-locks, quorum requirements, delegated oversight, staged withdrawals, and review periods before treasury transactions are executed.
The episode also shows the risk of relying only on token ownership as the measure of authority within a DAO. Projects that manage large treasuries often use additional rules to reduce the chance that one wallet, or a group of related wallets, can approve transfers alone. These controls are designed to give communities more time to review proposals and respond before assets leave shared accounts.
Market Reaction Follows BONK Treasury Drain
The price of BONK reportedly declined after reports of the treasury drain circulated, with market accounts citing a decline of roughly 7 percent to 11 percent during the early reaction. Some reports also said exchange activity was reviewed as investigators followed the movement of funds. The full recovery amount, responsible parties, and final transaction path had not been established in the information provided.
BONK is a large dog-themed memecoin launched in December 2022, when developers distributed a large share of supply through an airdrop. The token trades within a wider memecoin market alongside Dogecoin, Shiba Inu, and Pepe, all of which can see rapid price changes after security or governance events. Cited data showed broader memecoin valuations weakened before a July recovery.
For traders, the BonkDAO case places attention on governance design as a separate area of risk from smart contract audits. Treasury size, voting distribution, proposal review time, and withdrawal limits may be relevant checks when assessing DAO-managed projects. The event remains under review, while BonkDAO and its partners continue efforts to trace funds and identify those responsible.





