Most crypto thefts break something. A smart contract bug gets exploited. A private key gets stolen. A fake website tricks users into signing away their funds. There’s always a lock that gets picked.
The attack on BONK DAO involved no broken locks at all.
On July 6, an attacker drained roughly $20 million in BONK tokens from the memecoin project’s treasury. They did it not by hacking any code, but by spending about $4.4 million buying BONK tokens, using those tokens to win a governance vote, and then having the DAO’s own system automatically transfer the treasury to their wallet. Every single step was a valid, legitimate transaction. The voting worked exactly as designed.
BONK is a Solana-based memecoin, and BONK DAO is the decentralized autonomous organization that governs it. In a DAO, token holders vote on proposals rather than a company making decisions. Anyone holding enough tokens can propose a change, and if the vote passes, it executes automatically on-chain. That design, meant to be democratic and trustless, became the exact weapon used to rob it. BONK’s price fell around 8-10% in the aftermath.
The incident has reignited one of crypto’s most uncomfortable debates: when someone follows all the rules to drain a treasury, is that theft, or just a brutal demonstration that the rules were broken to begin with?
How the Attack Unfolded
The mechanics were patient, cheap, and almost entirely visible on-chain the whole time.
The sequence began on June 30, when an anonymous wallet submitted a proposal to transfer the treasury’s holdings to a wallet it controlled. The proposal, titled “BIP #76 – Sowellian BonkDAO,” was written less like a governance motion and more like a taunt, promising to “rebuild from the ashes, monetize holdings, stop the bleeding,” with a note that “all YES voters are eligible to receive tokens.” Buried underneath sat the only line that mattered: an instruction to transfer 4.43 trillion BONK to the attacker’s wallet.
To pass, the proposal needed “yes” votes equal to 1% of BONK’s supply, the quorum required for it to take effect. Over July 4 and 5, a separate wallet quietly acquired exactly that much, spending about $4.4 million buying BONK on exchanges including Bybit and Binance, and reportedly borrowing more through DeFi lending platforms. Because the buying was spread out and routed through exchanges, it looked like ordinary memecoin accumulation. No alarms triggered.
Then the fatal weakness revealed itself: almost nobody else voted. When the vote closed on July 6, wallets linked to the attacker controlled roughly 99.9% of all votes cast. Only seven addresses voted at all. The proposal cleared quorum by the narrowest margin, 882.38 billion BONK in favor against an 879.95 billion threshold, almost exactly the stake the attacker had spent days assembling. The 99.9% “yes” result was effectively a single voter agreeing with itself.
The proposal passed. About $20 million in BONK immediately drained from the treasury. Nine hours later, roughly $188,000 was sent to an exchange, likely to cash out, while the remaining $19 million moved to a multisig wallet.
Theft or Fair Play?
The attack revived an old and genuinely thorny argument in crypto.
Because every step was a valid transaction executed through BONK DAO’s own governance system, some on-chain observers argued the attacker didn’t break in at all. They simply exploited a weak governance design. SlowMist co-founder Yu Xian pointed out it wasn’t a hack in the traditional sense, since the attacker just spent $4 million to accumulate enough BONK to influence a vote that had been live for six days, and no one made any effort to challenge it. In the harsh logic of “code is law,” the attacker played the game as written and won.
BONK DAO and the analytics firms firmly treat it as an attack. The DAO notified law enforcement, identified the exchange wallets used to buy tokens before the vote, and began working with exchanges, bridges, and the Solana Foundation to trace the funds. Ripple’s David Schwartz labeled the act corporate fraud. South Korean exchange Upbit suspended BONK deposits and withdrawals as a precaution.
The disagreement matters less than the lesson underneath it. A treasury that can be drained by whoever assembles a temporary voting majority is only as secure as the cost of buying that majority. Here, that cost was $4 million to claim a $20 million prize. When the math is that favorable, someone will always take the trade.
Why Governance Attacks Are Getting Common
This wasn’t the first attack of its kind, and it won’t be the last. The reason is simple economics.
Governance attacks are becoming more common precisely because they require no elite technical skill, only capital and a poorly defended voting system. Finding a smart contract vulnerability requires deep expertise and luck. Buying tokens requires only money. Token-weighted voting gives the most power to whoever holds the most tokens, and accumulating enough tokens to swing a low-turnout vote is often far cheaper than finding a code exploit.
The historical record backs this up. In 2022, an attacker drained about $180 million from the Beanstalk protocol using a similar flash-loan-powered governance takeover. The playbook is almost always identical: accumulate tokens, pass a malicious proposal, drain the treasury. Memecoin DAOs are especially exposed because many hold large treasuries (BONK DAO controlled roughly 15-16% of the total BONK supply) behind governance systems with low voter participation.
Low turnout is the silent enabler. When only a tiny fraction of token holders bother to vote, the number of tokens needed to dominate a decision drops dramatically. A vibrant, engaged voting community is a defense. An apathetic one is an open door.
What Actually Stops These Attacks
The good news is that defenses exist. The uncomfortable part is that BONK DAO had few of them in place, and many DAOs are in the same position.
The most important safeguard is a timelock, a mandatory delay between when a proposal passes and when it executes. Had BONK DAO enforced a multi-day delay on treasury transfers, the community would have had time to see the malicious proposal succeed and respond, whether by rallying counter-votes or freezing the treasury through emergency measures. Instant execution gave no such window.
Other defenses include higher quorum requirements that make buying a majority far more expensive, emergency multisig controls that require multiple trusted signers to approve large treasury movements, and conviction voting, which weights votes by how long tokens have been committed rather than just how many are held. Each raises the cost or difficulty of a governance takeover.
The reason these protections aren’t universal is that they involve trade-offs. Timelocks slow down legitimate governance. Multisig controls reintroduce a degree of centralization that pure DAO advocates dislike. Higher quorums can make it hard to pass anything when turnout is low. Every safeguard chips away at the frictionless, fully decentralized ideal that DAOs were built to embody.
The BONK attack is a stark reminder that the ideal has a price. In a system where money votes, whoever can rent enough votes can rewrite the rules. Until DAOs make that equation unprofitable, through delays, higher thresholds, and emergency controls, the spend-$4-million-to-steal-$20-million trade will keep tempting attackers. For BONK holders and the broader DAO ecosystem, the recovery of the stolen funds remains uncertain, but the lesson is already clear: decentralized governance is only as strong as the safeguards protecting the treasury behind it.
FAQ
What is a governance attack?
A governance attack is when someone uses a DAO’s legitimate voting system to pass a malicious proposal, rather than exploiting any code vulnerability. In token-weighted voting, whoever holds the most tokens controls decisions. An attacker accumulates enough tokens to dominate a vote, submits a proposal that benefits them (like transferring the treasury to their wallet), and lets the DAO’s own smart contracts execute it automatically once it passes. No hacking is involved; the system works exactly as designed.
How did the BONK DAO attack work?
Starting June 30, an attacker submitted a proposal to transfer BONK DAO’s treasury to their wallet. Over July 4-5, a separate wallet spent about $4.4 million buying just over 1% of BONK’s supply to meet the voting quorum. Because turnout was extremely low (only seven addresses voted), the attacker’s stake represented roughly 99.9% of votes cast. The proposal passed on July 6, automatically draining about $20 million in BONK to the attacker’s wallets. BONK DAO has notified law enforcement and is working with exchanges and the Solana Foundation to trace the funds.
How can DAOs prevent governance attacks?
The main defenses are timelocks (mandatory delays between a proposal passing and executing, giving the community time to react), higher quorum requirements that make buying a majority more expensive, emergency multisig controls requiring multiple trusted signers for large treasury moves, and conviction voting that weights votes by how long tokens have been held. BONK DAO lacked most of these safeguards, allowing the attacker to drain funds instantly. The trade-off is that these protections reduce the frictionless decentralization DAOs are designed for.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making any investment decisions.


















