• About Us
  • Advertise
AltcoinReporter
  • Home
  • News
    • Bitcoin
    • Ethereum
    • Blockchain
    • Altcoins
    • DeFi
    • NFT
  • Press Releases
  • Reviews
    • Exchanges
    • NFT Marketplaces
    • Wallets
  • Market Analysis
  • Contact Us
No Result
View All Result
  • Home
  • News
    • Bitcoin
    • Ethereum
    • Blockchain
    • Altcoins
    • DeFi
    • NFT
  • Press Releases
  • Reviews
    • Exchanges
    • NFT Marketplaces
    • Wallets
  • Market Analysis
  • Contact Us
No Result
View All Result
AltcoinReporter
No Result
View All Result
Home DeFi

A Hacker Just Spent $4 Million to Steal $20 Million From the BONK DAO

Salar Salek by Salar Salek
July 8, 2026
in DeFi
A Hacker Just Spent $4 Million to Steal $20 Million From the BONK DAO

Most crypto thefts break something. A smart contract bug gets exploited. A private key gets stolen. A fake website tricks users into signing away their funds. There’s always a lock that gets picked.

The attack on BONK DAO involved no broken locks at all.

Related articles

Hinkal Exploit Drains

Hinkal Exploit Drains About $820K in USDC as Funds Move Through Tornado Cash

July 3, 2026
Aavenomics 3.0

Aavenomics 3.0 Goes Live as Aave Automates AAVE Buybacks and Cuts DAO Spending

June 29, 2026

On July 6, an attacker drained roughly $20 million in BONK tokens from the memecoin project’s treasury. They did it not by hacking any code, but by spending about $4.4 million buying BONK tokens, using those tokens to win a governance vote, and then having the DAO’s own system automatically transfer the treasury to their wallet. Every single step was a valid, legitimate transaction. The voting worked exactly as designed.

BONK is a Solana-based memecoin, and BONK DAO is the decentralized autonomous organization that governs it. In a DAO, token holders vote on proposals rather than a company making decisions. Anyone holding enough tokens can propose a change, and if the vote passes, it executes automatically on-chain. That design, meant to be democratic and trustless, became the exact weapon used to rob it. BONK’s price fell around 8-10% in the aftermath.

The incident has reignited one of crypto’s most uncomfortable debates: when someone follows all the rules to drain a treasury, is that theft, or just a brutal demonstration that the rules were broken to begin with?

How the Attack Unfolded

The mechanics were patient, cheap, and almost entirely visible on-chain the whole time.

The sequence began on June 30, when an anonymous wallet submitted a proposal to transfer the treasury’s holdings to a wallet it controlled. The proposal, titled “BIP #76 – Sowellian BonkDAO,” was written less like a governance motion and more like a taunt, promising to “rebuild from the ashes, monetize holdings, stop the bleeding,” with a note that “all YES voters are eligible to receive tokens.” Buried underneath sat the only line that mattered: an instruction to transfer 4.43 trillion BONK to the attacker’s wallet.

To pass, the proposal needed “yes” votes equal to 1% of BONK’s supply, the quorum required for it to take effect. Over July 4 and 5, a separate wallet quietly acquired exactly that much, spending about $4.4 million buying BONK on exchanges including Bybit and Binance, and reportedly borrowing more through DeFi lending platforms. Because the buying was spread out and routed through exchanges, it looked like ordinary memecoin accumulation. No alarms triggered.

Then the fatal weakness revealed itself: almost nobody else voted. When the vote closed on July 6, wallets linked to the attacker controlled roughly 99.9% of all votes cast. Only seven addresses voted at all. The proposal cleared quorum by the narrowest margin, 882.38 billion BONK in favor against an 879.95 billion threshold, almost exactly the stake the attacker had spent days assembling. The 99.9% “yes” result was effectively a single voter agreeing with itself.

The proposal passed. About $20 million in BONK immediately drained from the treasury. Nine hours later, roughly $188,000 was sent to an exchange, likely to cash out, while the remaining $19 million moved to a multisig wallet.

Theft or Fair Play?

The attack revived an old and genuinely thorny argument in crypto.

Because every step was a valid transaction executed through BONK DAO’s own governance system, some on-chain observers argued the attacker didn’t break in at all. They simply exploited a weak governance design. SlowMist co-founder Yu Xian pointed out it wasn’t a hack in the traditional sense, since the attacker just spent $4 million to accumulate enough BONK to influence a vote that had been live for six days, and no one made any effort to challenge it. In the harsh logic of “code is law,” the attacker played the game as written and won.

BONK DAO and the analytics firms firmly treat it as an attack. The DAO notified law enforcement, identified the exchange wallets used to buy tokens before the vote, and began working with exchanges, bridges, and the Solana Foundation to trace the funds. Ripple’s David Schwartz labeled the act corporate fraud. South Korean exchange Upbit suspended BONK deposits and withdrawals as a precaution.

The disagreement matters less than the lesson underneath it. A treasury that can be drained by whoever assembles a temporary voting majority is only as secure as the cost of buying that majority. Here, that cost was $4 million to claim a $20 million prize. When the math is that favorable, someone will always take the trade.

Why Governance Attacks Are Getting Common

This wasn’t the first attack of its kind, and it won’t be the last. The reason is simple economics.

Governance attacks are becoming more common precisely because they require no elite technical skill, only capital and a poorly defended voting system. Finding a smart contract vulnerability requires deep expertise and luck. Buying tokens requires only money. Token-weighted voting gives the most power to whoever holds the most tokens, and accumulating enough tokens to swing a low-turnout vote is often far cheaper than finding a code exploit.

The historical record backs this up. In 2022, an attacker drained about $180 million from the Beanstalk protocol using a similar flash-loan-powered governance takeover. The playbook is almost always identical: accumulate tokens, pass a malicious proposal, drain the treasury. Memecoin DAOs are especially exposed because many hold large treasuries (BONK DAO controlled roughly 15-16% of the total BONK supply) behind governance systems with low voter participation.

Low turnout is the silent enabler. When only a tiny fraction of token holders bother to vote, the number of tokens needed to dominate a decision drops dramatically. A vibrant, engaged voting community is a defense. An apathetic one is an open door.

What Actually Stops These Attacks

The good news is that defenses exist. The uncomfortable part is that BONK DAO had few of them in place, and many DAOs are in the same position.

The most important safeguard is a timelock, a mandatory delay between when a proposal passes and when it executes. Had BONK DAO enforced a multi-day delay on treasury transfers, the community would have had time to see the malicious proposal succeed and respond, whether by rallying counter-votes or freezing the treasury through emergency measures. Instant execution gave no such window.

Other defenses include higher quorum requirements that make buying a majority far more expensive, emergency multisig controls that require multiple trusted signers to approve large treasury movements, and conviction voting, which weights votes by how long tokens have been committed rather than just how many are held. Each raises the cost or difficulty of a governance takeover.

The reason these protections aren’t universal is that they involve trade-offs. Timelocks slow down legitimate governance. Multisig controls reintroduce a degree of centralization that pure DAO advocates dislike. Higher quorums can make it hard to pass anything when turnout is low. Every safeguard chips away at the frictionless, fully decentralized ideal that DAOs were built to embody.

The BONK attack is a stark reminder that the ideal has a price. In a system where money votes, whoever can rent enough votes can rewrite the rules. Until DAOs make that equation unprofitable, through delays, higher thresholds, and emergency controls, the spend-$4-million-to-steal-$20-million trade will keep tempting attackers. For BONK holders and the broader DAO ecosystem, the recovery of the stolen funds remains uncertain, but the lesson is already clear: decentralized governance is only as strong as the safeguards protecting the treasury behind it.

FAQ

What is a governance attack?
A governance attack is when someone uses a DAO’s legitimate voting system to pass a malicious proposal, rather than exploiting any code vulnerability. In token-weighted voting, whoever holds the most tokens controls decisions. An attacker accumulates enough tokens to dominate a vote, submits a proposal that benefits them (like transferring the treasury to their wallet), and lets the DAO’s own smart contracts execute it automatically once it passes. No hacking is involved; the system works exactly as designed.

How did the BONK DAO attack work?
Starting June 30, an attacker submitted a proposal to transfer BONK DAO’s treasury to their wallet. Over July 4-5, a separate wallet spent about $4.4 million buying just over 1% of BONK’s supply to meet the voting quorum. Because turnout was extremely low (only seven addresses voted), the attacker’s stake represented roughly 99.9% of votes cast. The proposal passed on July 6, automatically draining about $20 million in BONK to the attacker’s wallets. BONK DAO has notified law enforcement and is working with exchanges and the Solana Foundation to trace the funds.

How can DAOs prevent governance attacks?
The main defenses are timelocks (mandatory delays between a proposal passing and executing, giving the community time to react), higher quorum requirements that make buying a majority more expensive, emergency multisig controls requiring multiple trusted signers for large treasury moves, and conviction voting that weights votes by how long tokens have been held. BONK DAO lacked most of these safeguards, allowing the attacker to drain funds instantly. The trade-off is that these protections reduce the frictionless decentralization DAOs are designed for.

Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making any investment decisions.

Salar Salek

Salar Salek Verified AltcoinReporter Author

Salar covers cryptocurrency markets, blockchain technology, DeFi, and emerging digital asset trends for AltcoinReporter. With a background in technology and finance, he has been actively following and investing in the...

Read More
Tags: BONKCrypto SecurityDAO governanceSolanatreasury attack

Related Posts

Hinkal Exploit Drains

Hinkal Exploit Drains About $820K in USDC as Funds Move Through Tornado Cash

by Dans Kramer
July 3, 2026
0

Hinkal exploit concerns are spreading across DeFi after the privacy protocol reportedly lost about $820,000 in USDC, with attacker-linked funds...

Aavenomics 3.0

Aavenomics 3.0 Goes Live as Aave Automates AAVE Buybacks and Cuts DAO Spending

by Dans Kramer
June 29, 2026
0

Aavenomics 3.0 is now live, marking one of Aave’s biggest tokenomics changes since the DeFi protocol introduced its original governance...

GENIUS Act Stablecoin Rules

GENIUS Act Stablecoin Rules Bring Bank-Level Compliance to Crypto Issuers

by Dans Kramer
June 20, 2026
0

GENIUS Act stablecoin rules are pushing crypto issuers closer to traditional finance, with new U.S. proposals requiring permitted payment stablecoin...

DeFi Has Lost $13 Billion to Exploits Since 2022, Binance Research Says

DeFi Has Lost $13 Billion to Exploits Since 2022, Binance Research Says

by Salar Salek
June 16, 2026
0

Binance Research published a report this morning that puts a specific figure on something the industry has been talking around...

Circle Launches cirBTC on Ethereum to Challenge Coinbase in the $15 Billion Wrapped Bitcoin Market

Circle Launches cirBTC on Ethereum to Challenge Coinbase in the $15 Billion Wrapped Bitcoin Market

by Salar Salek
June 9, 2026
0

Circle built its reputation on USDC, the stablecoin that powers institutional DeFi and processes billions in daily volume. On Sunday...

Load More
  • Trending
  • Comments
  • Latest
Solana Alpenglow Upgrade 2026: Launch Date, Features, and What It Means for SOL

Solana Alpenglow Upgrade 2026: Launch Date, Features, and What It Means for SOL

April 18, 2026
Justin Sun vs WLFI: “See You in Court” as Backdoor Token Freeze Row Explodes

Justin Sun vs WLFI: “See You in Court” as Backdoor Token Freeze Row Explodes

April 13, 2026
Former UK Chancellor Kwarteng Leads Bitcoin Firm as Farage Backs BTC

Former UK Chancellor Kwarteng Leads Bitcoin Firm as Farage Backs BTC

April 16, 2026
Bitcoin Price Hits Highest Since January as Bulls Eye $85K

Bitcoin Price Hits Highest Since January as Bulls Eye $85K

May 7, 2026
North Korea’s Six-Month Con: How Hackers Stole $286M from Solana’s Drift Protocol

North Korea’s Six-Month Con: How Hackers Stole $286M from Solana’s Drift Protocol

0
Ethereum’s Glamsterdam Upgrade: What It Is and Why It Matters in 2026

Ethereum’s Glamsterdam Upgrade: What It Is and Why It Matters in 2026

0
Bitcoin’s Worst Q1 Since 2018: Can April Turn the Tide?

Bitcoin’s Worst Q1 Since 2018: Can April Turn the Tide?

0
Former UK Chancellor Kwarteng Leads Bitcoin Firm as Farage Backs BTC

Former UK Chancellor Kwarteng Leads Bitcoin Firm as Farage Backs BTC

0
Strategy Just Sold Bitcoin Days After Buying It, Netting Only 69 Coins for $20 Million

Strategy Just Sold Bitcoin Days After Buying It, Netting Only 69 Coins for $20 Million

July 8, 2026
A Hacker Just Spent $4 Million to Steal $20 Million From the BONK DAO

A Hacker Just Spent $4 Million to Steal $20 Million From the BONK DAO

July 8, 2026
Vitalik Buterin Says Ethereum Is Preparing Its Biggest Rebuild Since the Merge

Vitalik Buterin Says Ethereum Is Preparing Its Biggest Rebuild Since the Merge

July 8, 2026
The IMF Just Warned That Tokenization Could Make Finance More Vulnerable to Shocks

The IMF Just Warned That Tokenization Could Make Finance More Vulnerable to Shocks

July 5, 2026

About

AltcoinReporter

AltcoinReporter is an independent crypto news platform built to keep you ahead of the market. We cover everything from Bitcoin and altcoins to DeFi, NFTs, regulation, and emerging blockchain technology.


Our editorial team delivers accurate news, detailed market analysis, and expert insights, with every article written and reviewed by named contributors. We are committed to transparent, independent reporting our readers can trust.

News

  • Altcoins
  • Bitcoin
  • Blockchain
  • DeFi
  • Ethereum
  • NFT

Reviews

  • Exchanges
  • NFT Marketplaces
  • Wallets

Company

  • About Us
  • Advertise
  • Write for Us
  • Contact Us

Disclaimer: AltcoinReporter.com provides cryptocurrency news for informational purposes only, not financial, investment, or legal advice. Crypto markets carry significant risk. Always do your own research and consult a financial advisor before investing. We may earn compensation through affiliate links, ads, and sponsored content, which are clearly labelled. AltcoinReporter is not responsible for any financial losses resulting from information on this site.

  • Cookie Policy
  • Ethics
  • Corrections
  • Editorial Standards
  • Privacy Policy
  • Terms & Conditions

© 2026 AltcoinReporter. All rights reserved.

No Result
View All Result
  • Home
  • News
    • Altcoins
    • Bitcoin
    • Blockchain
    • DeFi
    • Ethereum
    • NFT
  • Press Releases
  • Reviews
    • Exchanges
    • NFT Marketplaces
    • Wallets
  • Market Analysis
  • Contact Us

© 2026 AltcoinReporter. All rights reserved.