Someone Bought $4M of $BONK, Voted Themselves $20M, and the Blockchain Said "Approved" 🗳️
An attacker drained an estimated $20 million worth of $BONK tokens from the BonkDAO treasury on Monday after passing a malicious governance proposal on Solana's Realms platform, the project confirmed in a statement on X. The proposal, titled BIP #76 "Sowellian BonkDAO," was submitted on June 30 and passed with 99.9% "yes" votes from just seven wallets against more than 18,000 non-voting members, a turnout of 2.9%. It cleared quorum by the narrowest margin, 882.38 billion $BONK in favor against an 879.95 billion threshold. On-chain analysis indicates the attacker acquired approximately 882.285 billion $BONK, spending about $4 million to $4.4 million to accumulate the stake via Bybit and Binance, and according to Lookonchain, also borrowed additional tokens through DeFi lending platforms. Once executed, the second instruction in the proposal transferred roughly 4.426 trillion $BONK, valued at $19.3 million at the time of the transaction and reported variously as $20 million to $21.2 million, from the treasury to a Solana address ending in "JHvQ," which Solscan identifies as funded via a Bybit account. The funds were later moved around 3:30 p.m. ET to a different address ending in "eh42," and portions have begun moving toward cryptocurrency exchanges.
In its official statement, BonkDAO said it had identified the exchange wallets used to purchase $BONK ahead of the proposal, notified law enforcement, and was coordinating with centralized exchanges, bridges, and the Solana Foundation to "recover funds and identify those responsible." South Korean exchange Upbit and U.S. exchange Upbit paused deposits and withdrawals of $BONK, with Upbit citing "user protection measures following the circumstances of a security incident," while Kraken also suspended $BONK services. $BONK fell between roughly 7% and 10% in the 24 hours following the news, trading near $0.0000043, about 93% below its all-time high of $0.000058, with one source noting a decline of approximately 6.59% on 955.47 billion in volume. Security researchers publicly criticized the DAO's configuration. Web3 security researcher Taylor Monahan argued that the incident underscored how useless the broader DAO model is and said there is no need to "incentivize democracy" through DAOs at the expense of security, while another analyst called the 1% community vote threshold "kinda silly" and said direct treasury transfers should have a lock period or require multiple approvals. The incident is expected to renew industry debate over DAO safeguards including timelocks, multisignature approvals, and treasury execution delays, as BonkDAO continues its investigation and recovery efforts.
Mentioned Coins
Share Article
Quick Info
Disclaimer: This content is for information and entertainment purposes only. It does not constitute financial, investment, legal, or tax advice. Always do your own research and consult with qualified professionals before making any financial decisions.
See our Terms of Service, Privacy Policy, and Editorial Policy.