A governance exploit has price the BonkDAO treasury an estimated $20 million, after an attacker spent roughly $4.4 million buying sufficient BONK tokens to push via a malicious proposal that robotically transferred the funds to a pockets below their management.
The incident, which unfolded over the course of per week and culminated early Monday, has reignited debate over whether or not onchain governance — lengthy pitched as a clear, community-driven various to centralized management — is basically weak to anybody prepared to pay for a brief majority.
How the Assault Unfolded
The scheme started on June 30, when an nameless pockets submitted a proposal titled “BIP #76 – Sowellian BonkDAO” to the challenge’s onchain governance platform. On its floor, the proposal learn like a reform pitch, promising to “rebuild from the ashes, monetize holdings, cease the bleeding,” and set up new governance members. Buried inside it, nevertheless, was a single operative instruction: switch roughly 4.426 trillion BONK tokens — all the contents of the treasury — to a pockets ending in “JHvQ.”
To go, the proposal wanted “sure” votes equal to at the least 1% of BONK’s complete provide, the quorum threshold set by the DAO’s guidelines. Over July 4 and 5, a separate pockets methodically acquired precisely that quantity, spending about $4.4 million shopping for BONK on the exchanges Bybit and Binance, with some experiences indicating extra tokens had been borrowed via DeFi lending platforms, in line with onchain analytics agency Lookonchain.
When the vote closed, solely seven wallets had participated — in opposition to greater than 18,000 complete DAO members — a turnout of simply 2.9%. The proposal cleared quorum by a razor-thin margin: 882.38 billion BONK in favor in opposition to an 879.95 billion threshold, nearly precisely matching the stake the attacker had spent days assembling. Successfully, the “99.9% sure” outcome represented a single actor voting in settlement with itself.

How the Assault Unfolded
The Drain and the Aftermath
As soon as the proposal handed, the switch executed robotically, transferring roughly $20 million price of BONK out of the treasury and into the attacker’s pockets. In keeping with blockchain intelligence agency Chainalysis, about $188,000 was despatched to a centralized change inside hours, doubtless an try to start cashing out, whereas the remaining roughly $19 million was moved to a multisignature pockets requiring a number of approvals to entry.
Simply over an hour after the drain, the attacker started promoting off the BONK tokens initially bought to control the vote, offloading about $5.3 million price — whereas retaining the stolen treasury holdings.
BonkDAO confirmed the assault publicly, describing it as a malicious governance proposal and stating it had recognized the change wallets used to build up voting energy forward of the proposal. “In the course of the investigation, BonkDAO recognized the change wallets used to buy BONK forward of the proposal,” the challenge posted on X, including that regulation enforcement had been notified and that it continues working with exchanges, bridges, and the Solana Basis to hint and doubtlessly recuperate funds.

BonkDAO confirmed the assault publicly
In response, South Korean change Upbit and U.S.-based Kraken each suspended deposits and withdrawals of BONK, with Upbit citing “person safety measures following the circumstances of a safety incident.”
Market Impression
BONK, as soon as a top-100 token by market capitalization, fell roughly 7% within the 24 hours following disclosure of the assault, buying and selling round $0.0000043 — a degree roughly 93% under its all-time excessive of $0.000058. Some reporting locations the decline nearer to 10%, reflecting variations within the actual measurement window because the story developed all through the day.

BONK Value Efficiency on 07/7/2026 (Supply: CoinMarketCap)
A Legit Assault
What units the BonkDAO incident aside from typical DeFi exploits is that no code was damaged and no personal keys had been stolen. Each motion — the token purchases, the proposal submission, the vote, and the payout — was a sound, rule-following transaction on Solana. That has fueled a well-known argument inside crypto circles over whether or not the episode constitutes theft or just a ruthless however technically permitted use of a DAO’s personal governance mechanics.
BonkDAO and blockchain analytics corporations have characterised the episode as an assault, a framing strengthened by the involvement of regulation enforcement. Critics throughout the neighborhood have additionally pointed to a broader governance failure: the proposal sat seen on BonkDAO’s platform for almost six days with minimal scrutiny earlier than the vote concluded and the switch executed as programmed.
The underlying lesson, analysts observe, is structural. Any treasury ruled by a system the place voting energy can merely be bought is simply as safe as the price of assembling a controlling stake — and on this case, that price was a fraction of the treasury’s worth. With $4.4 million in capital, the attacker walked away having netted roughly $20 million, minus no matter portion is finally recovered or frozen by exchanges and investigators.
BonkDAO has not but detailed a proper remediation plan for stopping related governance seize sooner or later, although its coordination with the Solana Basis and a number of exchanges suggests restoration efforts stay energetic as of this writing.





