BonkDAO Loses $20M in BONK After Malicious Governance Proposal Attack

BonkDAO Loses $20M in BONK After Malicious Governance Proposal Attack

The decentralized autonomous organization (DAO) behind the Solana-based meme coin BONK has confirmed that approximately $20 million worth of BONK tokens was drained from its treasury after an attacker successfully executed what it described as a “malicious governance proposal.”

Unlike many recent crypto exploits involving smart contract vulnerabilities, the incident exploited BonkDAO’s governance system, allowing an attacker to gain enough voting power to pass a proposal that transferred treasury funds to a wallet under their control. BonkDAO has since notified law enforcement and is coordinating with cryptocurrency exchanges, the Solana Foundation, and blockchain security partners in an effort to freeze and recover the stolen assets. 

How the Governance Attack Worked

According to BonkDAO’s official statement, the attacker first accumulated a significant amount of BONK tokens—estimated at roughly $4 million worth—through multiple exchanges.

With sufficient token-weighted voting power, the attacker introduced and approved a malicious governance proposal that authorized the transfer of approximately $20 million in BONK from the DAO’s treasury. Reports indicate the proposal also temporarily renamed the organization during the attack, highlighting how governance mechanisms themselves can become attack vectors when adequate safeguards are absent. 

No Smart Contract Exploit Involved

BonkDAO emphasized that the incident was not the result of a smart contract vulnerability.

Instead, the exploit targeted the DAO’s governance framework, where voting rights are determined by token ownership. By acquiring enough voting power, the attacker was able to satisfy governance requirements without compromising the protocol’s underlying code.

The attack underscores growing concerns across the decentralized finance (DeFi) industry about governance security, particularly for DAOs that rely solely on token-weighted voting without additional protections such as multi-signature approvals or execution delays. 

Stolen Funds Already Moving Across Exchanges

BonkDAO said its investigation identified exchange wallets used to acquire BONK before the proposal was submitted.

Following the treasury drain, portions of the stolen tokens were reportedly transferred toward centralized exchanges, prompting several platforms to begin monitoring or restricting BONK-related activity. South Korea-based crypto exchange Upbit temporarily suspended BONK deposits and withdrawals as a precaution while investigators tracked the movement of funds. 

BonkDAO Working With Authorities

The DAO said it has contacted law enforcement agencies and continues working alongside:

  • The Solana Foundation
  • Centralized cryptocurrency exchanges
  • Blockchain bridges
  • Security researchers

The objective is to identify the attacker, trace the movement of the stolen assets, and maximize the chances of recovering the funds before they are fully laundered through multiple blockchain networks. 

BONK Price Falls After Attack

News of the governance exploit quickly impacted market sentiment.

BONK fell by roughly 7%–10% following disclosure of the incident as investors reacted to concerns about treasury security and potential selling pressure from the stolen tokens entering the market.

While price volatility is common following major security incidents, analysts note that the attack targeted the DAO’s treasury rather than the BONK token’s underlying blockchain infrastructure on Solana. 

Governance Security Under Fresh Scrutiny

The incident has reignited debate around the security of decentralized governance systems.

Unlike traditional organizations that rely on boards or executives to approve treasury transactions, DAOs often allow token holders to vote directly on proposals. Although this model promotes decentralization, it can become vulnerable if a malicious actor acquires enough governance tokens to influence outcomes.

Security experts say DAOs can reduce these risks by implementing safeguards such as:

  • Multi-signature treasury approvals
  • Timelock delays before proposal execution
  • Higher voting thresholds for treasury transfers
  • Independent security reviews for governance proposals
  • Emergency pause mechanisms for suspicious transactions

The BonkDAO incident is likely to become another high-profile case study in DAO governance security. 

What Comes Next?

BonkDAO has pledged to continue investigating the attack while pursuing recovery efforts with industry partners and authorities.

The exploit serves as a reminder that decentralized governance systems require robust security controls in addition to secure smart contracts. As DAOs increasingly manage multi-million-dollar treasuries, governance design is becoming just as important as protocol security in protecting community assets.

For the broader crypto industry, the BonkDAO incident highlights the evolving nature of blockchain threats, where governance manipulation—not software bugs—can result in significant financial losses.

Also Check: Ripple Receives EU CASP License in Luxembourg, Becomes Fully MiCA-Compliant Across EEA

author avatar
Sks Web Developer & Content Writer
Suraj Kumar Sah is a tech enthusiast, web developer, and content creator with 5 years of experience in the field of technology and digital solutions. Holding a B.E. in Computer Science and Engineering (CSE), he specializes in building functional and visually appealing websites that transform ideas into reality. With a strong passion for innovation, he focuses on creating engaging and user-friendly web experiences. His work reflects a keen attention to detail, clean coding practices, and a commitment to continuous learning. He continues to refine his expertise through hands-on projects, delivering original, high-quality, and impactful digital solutions.
Scroll to Top