Markets BONK's Treasury Drained by $20 Million After Malicious Governance Attack

An attacker acquired sufficient tokens of the memecoin to approve a governance proposal, transferring the group's treasury assets to their controlled wallet, and commenced selling.

By Shaurya Malwa Updated Jul 7, 2026, 5:47 a.m. Published Jul 7, 2026, 5:40 a.m. 3 min read

  • An assailant exploited BONK DAO’s on-chain governance framework to approve a proposal that drained approximately $20 million in BONK tokens from the project's treasury.
  • Investing around $4.4 million to acquire just over 1% of BONK’s total supply, the attacker achieved the necessary quorum, effectively becoming a pivotal voter in a low-participation ballot that resulted in 99.9% “yes” votes.
  • This incident highlights the vulnerabilities of token-based governance, where a temporary voting majority can be inexpensively purchased, reigniting discussions on whether such actions constitute theft or merely exploitative behavior under flawed rules.

On-chain governance was once celebrated as the future of community management. However, a multimillion-dollar attack on the memecoin BONK illustrates the risks of entrusting a treasury to a public vote that can be easily manipulated.

Late Monday, BONK DAO was deprived of $20 million, following a week-long operation in which a cunning attacker spent about $4.4 million acquiring the project's BONK tokens to enforce a vote. Each action taken—such as the purchases, the voting, and the subsequent payout—was a legitimate transaction that collectively amounted to a theft.

BONK, a memecoin based on Solana, is governed by BONK DAO, a decentralized autonomous organization that operates on a voting system where token holders make decisions on proposals rather than a central authority. Anyone holding a sufficient number of tokens can propose changes, and if a vote is successful, it automatically executes on-chain.

This governance structure was the very tool used in this attack.

The sequence of events began on June 30, when an anonymous wallet submitted a proposal to transfer the treasury's assets to a wallet it controlled, as reported by Chainalysis. To succeed, the proposal required yes votes equating to 1% of BONK's total supply, the quorum necessary for it to take effect.

On July 4 and 5, another wallet acquired the needed tokens, spending approximately $4.4 million on exchanges Bybit and Binance, and reportedly borrowing additional funds through decentralized finance lending platforms, as per Lookonchain.

The proposal, named "BIP #76 - Sowellian BonkDAO," was approved with only seven wallets participating in the vote, against more than 18,000 members who abstained, resulting in a turnout of just 2.9%.

It narrowly surpassed the quorum requirement with 882.38 billion BONK in favor, just above the 879.95 billion threshold, mirroring the stake the attacker had been accumulating over the preceding days.

The 99.9% affirmative result essentially represented a single voter voting for their own proposal. The proposal's narrative was more of a boast than a governance motion, claiming to "rebuild from the ashes, monetize holdings, stop the bleeding," and included a note that "all YES voters are eligible to receive tokens."

The most concerning instruction was the transfer of 4.43 trillion BONK to the attacker's wallet.

By July 6, the voter had gathered just enough tokens. They cast their entire stake in favor, the proposal passed, and about $20 million in BONK was automatically transferred from the treasury to the attacker's wallet.

Approximately nine hours later, around $188,000 was sent to an exchange, likely for cashing out, while the remaining $19 million was directed to a multisig wallet, which requires multiple approvals to move funds, according to Chainalysis.

Just over an hour after the treasury was drained, the attacker began liquidating the BONK acquired for the operation, selling approximately $5.3 million worth while retaining the treasury tokens but not the stake used to obtain them.

BONK DAO has acknowledged the attack, describing it as a malicious governance proposal that resulted in an estimated $20 million loss from its treasury. They stated that they have identified the exchange wallets used to purchase tokens prior to the vote and are collaborating with exchanges, bridges, and the Solana Foundation to address the aftermath.

This incident has reignited the debate over whether such actions are theft or a legitimate utilization of the system’s rules. Some on-chain observers argue that the attacker merely exploited a flawed governance design rather than conducting a breach. However, BONK DAO and various analytics firms classify it as an attack, which is reflected in the involvement of law enforcement.

Regardless, the incident serves as a critical lesson. A treasury vulnerable to being drained by anyone who can temporarily secure a voting majority is only as secure as the cost to acquire that majority, which in this case was significantly lower than the value at stake.

BONK prices have decreased by 7% in the past 24 hours, data indicates, following the attack.

Latest Crypto News
  1. 1XRP stalls near $1.14 as breakout attempt struggles for volume 1 hour ago
  2. 2Bitcoin drops after a run at $64,000, shrugging off Strategy's $213 million BTC sale 1 hour ago
  3. 3Bitcoin's U.S. reserve still a work-in-progress as federal agencies hash it out 8 hours ago
  4. 4Circle’s USDC is leaving Tether behind in the stablecoin volume race, new data from Visa shows 13 hours ago
  5. 5Strategy selling hundreds of millions worth of bitcoin raises question about its capital-allocation playbook 14 hours ago
  6. 6Ethereum developers embrace Vitalik Buterin's long-term vision but urge quicker execution 14 hours ago
  7. 7Securitize eyes acquisitions with $400 million war chest after going public, CEO says 15 hours ago
  8. 8Bitcoin miner TeraWulf soars on a $19 billion AI data-center lease with Anthropic 15 hours ago
  9. 9DeFi protocol Summer.fi halts Lazy Summer vaults after $6 million exploit 16 hours ago
  10. 10Cantor says Strategy's recovery hinges on restoring STRC to par 16 hours ago
Latest Research

Building the Zcash Machine: Tachyon and Quantum Readiness

Building the Zcash Machine: Tachyon and Quantum Readiness

Zcash’s Tachyon upgrade aims to enhance shielded payments, improve readiness for quantum threats, and test whether its funding, security, and governance structures can withstand scrutiny.

By CoinDesk Research Jun 30, 2026 Commissioned by GenZcash

Zcash’s Tachyon upgrade aims to enhance shielded payments, improve readiness for quantum threats, and test whether its funding, security, and governance structures can withstand scrutiny.

Why it matters:

Zcash’s Tachyon upgrade aims to enhance shielded payments, improve readiness for quantum threats, and test whether its funding, security, and governance structures can withstand scrutiny.

View Full ReportMore From Markets

XRP stalls near $1.14 as breakout attempt struggles for volume

Bitcoin drops after a run at $64,000, shrugging off Strategy's $213 million BTC sale

Strategy selling hundreds of millions worth of bitcoin raises question about its capital-allocation playbook