BONK DAO Suffers $20 Million Treasury Drain After Governance Vote Exploit



What to Know

  • BONK DAO was drained of about $20 million in BONK tokens through an onchain governance proposal.
  • The attacker spent roughly $4.4 million to buy just over 1 percent of BONK’s supply, enough to meet the quorum threshold.
  • The proposal passed with 99.9 percent “yes” votes after only seven wallets voted, while more than 18,000 members did not participate.
  • The vote cleared quorum with 882.38 billion BONK in favor against a 879.95 billion BONK threshold.
  • The proposal instructed a transfer of 4.43 trillion BONK to a wallet controlled by the attacker.
  • About $20 million in BONK moved automatically from the treasury on July 6, after the attacker cast the decisive vote.
  • Roughly $188,000 was later sent to an exchange, while the remaining $19 million went to a multisig wallet.
  • The attacker also began selling the BONK accumulated for the vote, offloading about $5.3 million worth.
  • BONK prices are down 7 percent in the past 24 hours in the aftermath of the attack.

BONK DAO Drained Through Its Own Voting System

BONK DAO has confirmed a malicious governance proposal that drained an estimated $20 million from its treasury, marking one of the clearest recent examples of how token-based voting can be turned against a decentralized organization. The attacker did not need to break a smart contract in the traditional sense or compromise a private key. Instead, the attacker used the governance process itself, buying enough BONK to pass a proposal that automatically transferred treasury assets to a wallet under their control.

The episode centers on BONK, a Solana-based memecoin, and BONK DAO, the decentralized autonomous organization responsible for its governance. In this structure, token holders vote on proposals rather than relying on a centralized company to make decisions. When a proposal meets the required voting conditions, the outcome can execute onchain. That feature is often framed as a strength of decentralized governance because it reduces reliance on intermediaries. In this case, it became the mechanism that enabled the treasury drain.

The attack highlights a vulnerability that has long concerned governance designers: if voting power can be bought on open markets and quorum is low enough, a determined actor may temporarily assemble sufficient influence to pass a proposal. Once the vote executes automatically, the damage can occur without the attacker needing to bypass conventional security controls. The result is a governance failure that looks different from a code exploit but can be just as costly.

How the Proposal Was Pushed Through

The sequence began on June 30, when an anonymous wallet submitted a proposal to transfer the treasury’s holdings to a wallet it controlled. The proposal was titled “BIP #76 – Sowellian BonkDAO” and contained language that some market observers viewed as unusually provocative for a governance motion. It promised to “rebuild from the ashes, monetize holdings, stop the bleeding,” and included a line stating that “all YES voters are eligible to receive tokens.”

Under the governance rules at issue, the proposal needed “yes” votes equal to 1 percent of BONK’s supply to meet quorum, which is the minimum level of participation required for a vote to take effect. Over July 4 and July 5, a separate wallet acquired exactly the stake needed, spending about $4.4 million to buy BONK on Bybit and Binance. By one account, the actor also borrowed more through DeFi lending platforms to support the effort.

Once the attacker had assembled the necessary voting power, the outcome became largely dependent on turnout. The vote ultimately passed with just seven wallets participating, while more than 18,000 members did not vote. Turnout reached 2.9 percent, and the proposal cleared the required threshold by the narrowest of margins: 882.38 billion BONK voted in favor against a 879.95 billion BONK requirement. With 99.9 percent of votes marked “yes,” the result effectively reflected a single decisive voter approving a proposal that benefited the same actor.

The Treasury Transfer and Follow-On Movements

By July 6, the voter held just enough BONK to push the proposal over the threshold. After the entire stake was cast in favor, the proposal passed and the onchain instructions executed. About $20 million in BONK automatically moved out of the treasury into the attacker’s wallet. The key instruction embedded in the proposal was a transfer of 4.43 trillion BONK to that wallet.

The flow of funds after the treasury movement added further urgency to the situation. Nine hours later, roughly $188,000 was sent to an exchange, a move that market participants often interpret as preparation for a potential cash-out. The remaining $19 million went to a multisig wallet, a structure that requires multiple approvals before funds can be moved. That decision may complicate immediate recovery efforts, but it also gives investigators and counterparties a clearer set of onchain paths to monitor.

Just over an hour after the treasury drain, the attacker began selling the BONK accumulated to gain voting power. About $5.3 million worth was offloaded. That sequence is especially important because it shows a distinction between the voting stake and the treasury tokens. The attacker assembled a temporary governance position, used it to authorize a much larger transfer, and then started unwinding the stake that had enabled the vote. In governance-risk terms, the attack demonstrates how influence can be rented or bought for a limited window if the expected payoff is larger than the cost of acquiring voting power.

Governance Design Under Pressure

The BONK DAO incident has reopened debate over whether such conduct is best understood as theft, a governance exploit, or the aggressive use of flawed rules. Every major step in the sequence occurred through valid onchain transactions: buying tokens, voting, executing the proposal and transferring funds. Some onchain observers argue that this distinction matters because the attacker did not bypass the rules but operated inside them. BONK DAO and analytics firms have treated the episode as an attack, and the involvement of law enforcement underscores the seriousness of the response.

For decentralized organizations, the more important lesson may be practical rather than philosophical. A treasury governed by token-weighted voting can be exposed if the cost of buying a temporary majority is lower than the value controlled by that majority. In BONK DAO’s case, the attacker spent roughly $4.4 million to assemble enough voting power and triggered a movement of about $20 million from the treasury. That imbalance is precisely what governance architects try to avoid through safeguards such as higher quorum requirements, time delays, proposal review processes, emergency veto mechanisms or limits on what a single vote can transfer.

However, each safeguard carries trade-offs. Higher quorum can make governance more secure but may also make ordinary decision-making harder when communities are inactive. Time locks can give communities a chance to react, but they can slow legitimate treasury operations. Multisig oversight can add human accountability, but it may also reduce the purely autonomous character that some DAOs seek. The BONK case shows that fully automated treasury execution can be efficient, but efficiency without sufficient checks can create a single point of governance failure.

Market Reaction and Recovery Efforts

BONK DAO said it had identified exchange wallets used to buy tokens ahead of the vote and was working with exchanges, bridges and the Solana Foundation to manage the fallout. Those efforts may focus on tracing funds, monitoring wallets, and limiting the attacker’s ability to move assets through centralized venues or cross-chain infrastructure. In crypto investigations, coordination with exchanges can be critical because centralized platforms may have customer information and compliance tools that onchain observers do not.

The market response has been negative. BONK prices are down 7 percent in the past 24 hours following the attack. The decline reflects not only the direct treasury loss but also broader concerns about governance risk, potential selling pressure and confidence in DAO oversight. For memecoins, where market sentiment can shift rapidly, an incident involving a treasury drain can weigh heavily on liquidity and trust even when the underlying token continues to trade actively.

FXCOINZ market coverage views the BONK incident as a warning for any DAO that uses token voting to control meaningful assets. Governance systems are not just political processes; they are security systems. If a proposal can move treasury funds automatically, then quorum thresholds, voter participation, proposal visibility and execution safeguards become part of the project’s core defense architecture. The BONK attack shows that weak participation can be as dangerous as weak code.

Frequently Asked Questions (FAQs)

What happened to BONK DAO?

BONK DAO was drained of about $20 million in BONK tokens after an attacker used the project’s onchain governance system to pass a malicious proposal that transferred treasury assets to a wallet the attacker controlled.

How did the attacker gain enough voting power?

The attacker spent roughly $4.4 million to buy just over 1 percent of BONK’s supply, which was enough to meet the quorum threshold required for the proposal to take effect.

When did the governance proposal begin?

The proposal was submitted on June 30, and the attacker accumulated the necessary voting power over July 4 and July 5 before the treasury transfer occurred on July 6.

How many wallets voted on the proposal?

The proposal passed with only seven wallets voting, while more than 18,000 members did not participate. Turnout was 2.9 percent.

What was the quorum threshold for the vote?

The vote needed “yes” votes equal to 1 percent of BONK’s supply. It passed with 882.38 billion BONK in favor against a 879.95 billion BONK threshold.

How much BONK did the proposal transfer?

The proposal included an instruction to transfer 4.43 trillion BONK to the attacker’s wallet, resulting in about $20 million in treasury assets being moved.

Did the attacker sell any tokens?

Yes. Just over an hour after the drain, the attacker began selling the BONK accumulated for the vote and offloaded about $5.3 million worth.

What happened to the drained funds after the transfer?

Roughly $188,000 was sent to an exchange nine hours later, while the remaining $19 million went to a multisig wallet requiring multiple approvals to move funds.

How has BONK traded after the incident?

BONK prices are down 7 percent in the past 24 hours in the aftermath of the governance attack.

Photo by Afif Ramdhasuma on Pexels

Comments (0)

Loading...

Top Exchanges


  • 1
    Crypto Com LogoStart Trading

    Trading cryptocurrencies involves significant risk and users should carefully consider their investment objectives and risk tolerance.

  • 2
    Binance Logo 3Start Trading

    Cryptocurrency trading carries a high level of risk and users should carefully evaluate their financial situation and risk tolerance before participating.

  • 3
    Coinbase LoigoStart Trading

    Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong.

  • 4
    Kraken LogoStart Trading

    Trading cryptocurrencies involves high risk and users should thoroughly evaluate their financial circumstances and risk tolerance.

  • 5
    Gemini LogoStart Trading

    Cryptocurrency trading involves substantial risk and users should carefully assess their investment goals and risk tolerance before participating.

  • 6
    Bitstamp LogoStart Trading

    Trading cryptocurrencies carries inherent risks and users should carefully consider their investment objectives and risk tolerance.

  • 7
    KuCoin LogoStart Trading

    Cryptocurrency trading involves significant risk and users should evaluate their financial situation and risk tolerance before participating.

  • 8
    Uphold LogoStart Trading

    Trading cryptocurrencies carries inherent risks and users should carefully assess their investment objectives and risk tolerance before engaging.