Skip to content
-
Subscribe to our newsletter & never miss our best posts. Subscribe Now!
Coin Gazette Coin Gazette Coin Gazette

Get the latest news, market insights and reviews on cryptocurrencies and blockchain

Coin Gazette Coin Gazette Coin Gazette

Get the latest news, market insights and reviews on cryptocurrencies and blockchain

  • Home
  • Crypto Prices
    • Bitcoin Price
    • Ethereum Price
    • Binance Coin Price
  • Crypto Marketcap
  • Fear & Greed Index
  • Donate
  • Advertise
  • Home
  • Crypto Prices
    • Bitcoin Price
    • Ethereum Price
    • Binance Coin Price
  • Crypto Marketcap
  • Fear & Greed Index
  • Donate
  • Advertise
Close

Search

Coin Gazette Coin Gazette Coin Gazette

Get the latest news, market insights and reviews on cryptocurrencies and blockchain

Coin Gazette Coin Gazette Coin Gazette

Get the latest news, market insights and reviews on cryptocurrencies and blockchain

  • Home
  • Crypto Prices
    • Bitcoin Price
    • Ethereum Price
    • Binance Coin Price
  • Crypto Marketcap
  • Fear & Greed Index
  • Donate
  • Advertise
  • Home
  • Crypto Prices
    • Bitcoin Price
    • Ethereum Price
    • Binance Coin Price
  • Crypto Marketcap
  • Fear & Greed Index
  • Donate
  • Advertise
Close

Search

Home/Uncategorized/BONK DAO Lost $20 Million Without a Hack — Here’s How a Governance Attack Drained the Treasury
Uncategorized

BONK DAO Lost $20 Million Without a Hack — Here’s How a Governance Attack Drained the Treasury

By Coin Gazette Editorial
July 7, 2026 4 Min Read
Comments Off on BONK DAO Lost $20 Million Without a Hack — Here’s How a Governance Attack Drained the Treasury

There was no code exploit. No compromised private key. No phishing link. And yet BonkDAO says attackers stole about $20 million in BONK through a malicious governance proposal targeting its Solana treasury. 

The attacker didn’t break the rules — they bought them.

What happened to BONK DAO?

$BONK is a Solana-based memecoin, and BONK DAO is the community body that governs it. Token holders vote on proposals, and if a vote passes, it executes automatically on-chain. That design is exactly what got weaponized.

The sequence began on June 30, when an anonymous wallet submitted a proposal to transfer the treasury’s holdings to a wallet it controlled. That proposal was titled “BIP #76 – Sowellian BonkDAO,” and it read more like a pitch than a heist: it sought to “implement Sowellian governance, install new members and council, rebuild from the ashes, monetize holdings, and stop the bleeding,” and dangled a reward promising all “yes” voters would be eligible to receive BONK tokens. 

Buried underneath the marketing language sat the only line that mattered — an instruction to transfer roughly 4.4 trillion BONK straight to the attacker’s wallet.

How did the attacker pass a fake proposal?

This is the part that should keep every DAO up at night. The proposal needed “yes” votes equal to 1% of BONK’s supply to hit quorum. So the attacker simply went and bought it. Over July 4 and 5, a separate wallet acquired exactly that much, spending about $4.4 million to buy BONK on the exchanges Bybit and Binance. 

By the time voting closed, the numbers were almost surgically precise. The proposal passed with just seven wallets voting, against more than 18,000 members who did not — a turnout of 2.9%. It cleared quorum by the narrowest margin, 882.38 billion BONK in favor against an 879.95 billion threshold, almost exactly the stake the attacker had spent days assembling.

The result? The 99.9% “yes” result was effectively a single voter agreeing with itself. The DAO then did what it was built to do — it executed the transfer automatically, and about $20 million in BONK moved out of the treasury into the attacker’s wallet. 

Bonk DAO Attack: Where did the money go?

The stolen tokens didn’t stick around. More than 4.4 trillion BONK — valued at approximately $19.3 million at the time of transfer — moved out of the treasury to an address ending in “JHvQ,” identified via Solscan as having been funded through a Bybit account. By 3:30 p.m. ET the same day, the tokens had been moved again, this time to a different Solana address ending in “eh42.”

The promised voter rewards never materialized. The tokens were never distributed — instead they were shuffled to a second address hours later, a pattern consistent with an attacker trying to obscure the trail rather than honor any community commitment. Security firm PeckShield later flagged that roughly $148,000 worth of stolen BONK has already moved to OKX.

Was Bonk DAO Hacked?

Technically, no — and that’s the uncomfortable part. The attacker didn’t exploit a bug in any smart contract. The root issue was governance design, not code. Every single step was a valid, authorized on-chain transaction.

With no timelock, quorum minimum, or multisig check in place to catch an anomalous proposal before it executed, a well-funded attacker was able to turn a $4 million token purchase into control over a $20 million treasury. A timelock would have forced a delay between approval and execution, giving the community a window to spot the drain. A multisig override could have frozen it in an emergency. BONK DAO had neither.

This has reopened an old debate. Because every step was a valid transaction, some on-chain observers argued the attacker simply exploited a weak governance design rather than breaking in. The lesson stands either way: a treasury that can be drained by whoever assembles a temporary voting majority is only as secure as the cost of buying that majority — and here, that cost was a fraction of the prize.

What is BONK DAO doing about it?

BonkDAO has notified law enforcement and is working with the Solana Foundation, centralized exchanges, and network bridges to recover funds. It said it had identified the exchange wallets used to buy tokens ahead of the vote — and the involvement of law enforcement makes clear the DAO is treating this as an attack, not a clever loophole.

Recovery, though, is an uphill battle. Governance attacks are notoriously hard to reverse precisely because they run through the protocol’s own legitimate machinery.

How did BONK’s price react?

The market response was surprisingly contained given the scale. BONK prices are down about 7% in the past 24 hours in the aftermath of the attack. Exchanges moved fast — South Korean exchange Upbit and American exchange Kraken both paused deposits and withdrawals of the BONK token, with Upbit citing “user protection measures following the circumstances of a security incident.”

Author

Coin Gazette Editorial

Follow Me
Other Articles
Payward Europe EMI License Highlights Kraken’s Regulated Fiat-Rail Expansion
Previous

Payward Europe EMI License Highlights Kraken’s Regulated Fiat-Rail Expansion

Next

Morning Minute: Strategy Turns Net Seller

On Social

FacebookTwitter/XInstagramTelegram
✉️

Stay in the Loop

Get the latest updates delivered straight to your inbox.

Recent Posts

  • Q1 2026 Data Shows Open Source Collaboration Hits New Highs
  • SpaceX Nasdaq-100 Entry Brings Bitcoin Exposure to Passive Index Investors
  • Tether invests in Mercado Bitcoin as blockchain finance expands in Latin America
  • ZEC Price Jumps 16% as Ironwood Security Verification Fuels Bullish Momentum
  • Ondo Finance says tokenized stocks can now be used as collateral for perp trading

About Us

Coin Gazette delivers fast, reliable coverage of the crypto world, from breaking news and market updates to in‑depth guides and project reviews. Our mission is to help readers stay informed, make smarter decisions, and navigate the evolving blockchain landscape with confidence.

Useful Links

  • About Us
  • Contact Us
  • Advertise
  • Give us a tip

Follow Us On

FacebookTwitter/XInstagramTelegram
Copyright 2026 — Coin Gazette. All rights reserved. Blogsy WordPress Theme