BonkDAO suffered a governance attack that drained approximately $20 million worth of BONK tokens from its treasury after an attacker spent about $4 million to acquire voting power. The attack was disclosed on July 6 by BonkDAO, the decentralized governance organization associated with the Solana-based memecoin BONK. According to the project's official statement, the attacker manipulated the DAO's governance process using token-weighted voting to approve a proposal that redirected treasury assets, rather than exploiting a smart contract vulnerability. The incident highlights growing security challenges in decentralized autonomous organizations where governance mechanisms can become attack vectors when the cost of acquiring voting control is lower than the value of controlled assets.
Reports said the attacker accumulated enough BONK to influence the vote before executing the proposal through BonkDAO's governance system, which uses Solana's Realms governance infrastructure. Once approved, the proposal enabled the transfer of roughly $20 million worth of BONK from the community treasury. The incident did not stem from a vulnerability in the protocol's smart contracts. Instead, the attacker used token-weighted voting to approve a malicious proposal that redirected treasury assets. Blockchain investigators later tracked portions of the stolen funds moving toward cryptocurrency exchanges.
The reported economics were stark. An attacker who spent approximately $4 million to obtain sufficient voting influence was able to authorize the transfer of assets worth around five times that amount. Unlike conventional smart contract exploits, governance attacks do not necessarily require breaking protocol code. Instead, attackers exploit the rules governing proposal creation, voting thresholds and treasury execution.
South Korean exchange Upbit suspended BONK deposits and withdrawals after the incident while monitoring potential movements of the compromised assets. The movement of stolen tokens toward exchanges increased concerns about potential liquidation pressure if the assets are sold into the market.
The attack immediately weighed on market sentiment, with BONK falling more than 9% following disclosure of the treasury loss. For BonkDAO, the challenge extends beyond recovering the stolen funds. The incident directly affects confidence in the DAO's governance model and its ability to safeguard community-controlled assets.
The incident raises questions about DAO security practices. Timelocks, multisignature approvals, proposal review periods, emergency veto mechanisms and higher quorum requirements are commonly used to reduce governance risk. Where these protections are weak or absent, token-weighted governance can become vulnerable to hostile takeovers by well-capitalized participants.
What happened to BonkDAO's treasury on July 6?
BonkDAO disclosed a governance attack that drained approximately $20 million worth of BONK tokens from its treasury. An attacker spent about $4 million to acquire enough voting power to pass a malicious proposal that redirected treasury assets through the DAO's governance system.
How did the attacker drain BonkDAO's funds?
The attacker accumulated enough BONK tokens to influence voting, then executed a proposal through BonkDAO's governance system using Solana's Realms governance infrastructure. The approved proposal enabled the transfer of roughly $20 million worth of BONK from the community treasury without exploiting any smart contract vulnerability.
What action did Upbit take after the BonkDAO attack?
South Korean exchange Upbit suspended BONK deposits and withdrawals after the incident while monitoring potential movements of the compromised assets that blockchain investigators tracked moving toward cryptocurrency exchanges.
German Government Wallets Send Bitcoin to Kraken and Coinbase
Gate Daily (July 7): Trump hints that Bitcoin will be included in "Trump Account"; BonkDAO suffers malicious governance proposal attack
Summer Finance Pauses Vaults After $65.4M Flash Loan Attack Causes $6M Loss