Global blockchain supervision and query platform

English
Download

BONK DAO Governance Attack Drains $20 Million From Treasury

BONK DAO Governance Attack Drains $20 Million From Treasury WikiBit 2026-07-08 11:02

$BONK DAO confirmed on July 6, 2026, that an attacker drained approximately $20 million worth of $BO

$BONK DAO confirmed on July 6, 2026, that an attacker drained approximately $20 million worth of $BONK tokens from its treasury by purchasing enough voting power to pass a malicious governance proposal, rather than exploiting a smart contract bug.

How the Attacker Passed the Proposal

On June 30, an anonymous wallet submitted a proposal titled “BIP #76 – Sowellian BonkDAO,” framed as a plan to overhaul governance, install new members and a council, and safeguard holdings. The proposal also promised $BONK rewards to anyone who voted yes. Buried beneath that language was the proposal‘s actual function, which is an instruction to transfer roughly 4.426 trillion $BONK, about 5% of the token’s 87.99 trillion total supply, directly to the attackers wallet.

To clear the DAOs 1% quorum requirement, a separate wallet spent between $4 million and $4.4 million buying $BONK on Binance and Bybit between July 4 and July 5, accumulating 882.38 billion tokens, exceeding the 879.95 billion vote threshold.

The proposal passed with just 7 wallets voting yes, against more than 18,000 members who did not vote, for a turnout of 2.9%. $BONK DAO had no timelock to delay execution after a vote passed, allowing unstaked liquid tokens to be used for voting.

Where the Money Went

Within 49 seconds of voting closing, 4.426 trillion tokens moved to the attackers wallet, an address ending in “JHvQ” via Solscan, funded by a Bybit account. By 3:30 p.m. ET the same day, the tokens had moved again to a second address ending in “eh42.” The promised voter rewards never materialized. Security firm PeckShield later flagged that roughly $148,000 of the stolen $BONK had already moved to OKX.

$BONKs price reaction plummeted around 10%-18% immediately following the news. South Korean exchange Upbit and US exchange Kraken both paused $BONK deposits and withdrawals, with Upbit citing “user protection measures following the circumstances of a security incident.”

What Does This Mean for $BONKs DAO Governance?

$BONK DAO has reported the incident to law enforcement and is working with the Solana Foundation, exchanges, and network bridges to track the stolen funds, though recovering proceeds from the governance attack has historically been difficult, since every step of the theft ran through the protocols own legitimate voting process. Our coverage of a similar $293 million exploit at Kelp DAO shows this is not an isolated pattern across DeFi governance structures.

What this means for you:If you hold governance tokens in any DAO, this incident is a reminder to check whether that protocol has a timelock, a staking requirement for voting, and a quorum threshold high enough to resist a well-funded buyer. $BONK DAO had none of the three.

Disclaimer:

The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.

  • Crypto token price conversion
  • Exchange rate conversion
  • Calculation for foreign exchange purchasing
/
PC(S)
Current Rate
Available

0.00