Key Points
- A malicious actor invested $4.4 million in BONK tokens to gain voting control over a governance proposal
- The fraudulent proposal executed an automatic $20 million transfer from BONK DAO’s treasury to the attacker’s address
- Just 7 wallet addresses cast affirmative votes while more than 18,000 community members remained inactive
- BONK’s token value declined 7% within 24 hours after the exploit was discovered
- The DAO has alerted law enforcement agencies and is collaborating with crypto exchanges and the Solana Foundation
On July 6, a sophisticated exploit resulted in the drainage of $20 million from BONK DAO’s treasury through manipulation of its governance protocol. The operation commenced June 30 when an unidentified wallet address introduced a proposal designed to redirect treasury assets to an address under their control.
For approval, the proposal required affirmative votes representing 1% of BONK’s circulating supply. Between July 4 and 5, the perpetrator accumulated precisely that quantity, investing approximately $4.4 million through cryptocurrency exchanges Bybit and Binance, while securing additional tokens via decentralized finance lending protocols.
Identified as “BIP #76 – Sowellian BonkDAO,” the proposal gained approval with merely seven wallet addresses supporting it. Over 18,000 community members failed to participate. With turnout at just 2.9%, the proposal barely surpassed the minimum quorum requirement.
Essentially, the attacker orchestrated a self-approved transaction. The proposal’s description claimed intentions to “rebuild from the ashes, monetize holdings, stop the bleeding.” Concealed within the documentation was a directive transferring 4.43 trillion BONK tokens to the perpetrator’s wallet address.
Following approval, the transfer processed automatically. Approximately $20 million in BONK departed the treasury and entered the attacker’s wallet without requiring human oversight or additional verification.
Tracking the Stolen Assets
Nine hours following the treasury drainage, approximately $188,000 was transferred to an exchange platform, presumably for liquidation purposes. The remaining $19 million was relocated to a multisignature wallet requiring multiple authorization signatures before additional movements can occur, as reported by Chainalysis.
Within an hour after draining the treasury, the perpetrator began liquidating the BONK tokens originally purchased to fund the governance attack. They converted roughly $5.3 million worth to other assets. The misappropriated treasury tokens remained segregated.
BONK DAO has publicly acknowledged the security breach. The organization stated it successfully identified exchange wallet addresses utilized for token acquisition preceding the vote. Currently, they’re coordinating with cryptocurrency exchanges, blockchain bridges, and the Solana Foundation to address the situation.
Law enforcement authorities have been formally notified. The project announced ongoing efforts to “recover funds and identify those responsible.”
Industry Implications
BONK debuted in December 2022 on the Solana blockchain and represents one of multiple canine-themed memecoins alongside Dogecoin and Shiba Inu. This exploit occurred while the aggregate market capitalization of leading memecoins stands near $25.3 billion, representing a decline exceeding 54% across the previous 12 months.
The incident has generated substantial discussion regarding whether the perpetrator exploited systemic vulnerabilities or committed outright theft. Each transaction followed valid protocol procedures. BONK DAO and blockchain analytics companies characterize the incident as a deliberate attack.
The fundamental lesson is straightforward: any treasury vulnerable to transfer by temporary voting majorities possesses security directly proportional to the acquisition cost of that majority. In this instance, the attacker invested $4.4 million to extract $20 million.


