Security & Audits
Share
An attacker spent ~$4.4M buying BONK tokens to seize a temporary voting majority in BONK DAO, then passed a governance proposal that automatically transferred ~$20M from the treasury to a wallet they controlled. The incident illustrates a shift in crypto attacks from smart contract exploits to governance manipulation.
Cybercriminals are finding increasingly sophisticated ways to exploit the crypto ecosystem, and the latest attack on BONK DAO shows they no longer need to hack code to steal millions.
Instead of exploiting a smart contract vulnerability or compromising private keys, an attacker reportedly spent approximately $4.4 million acquiring enough BONK tokens to gain voting power within the project's decentralized governance system. That temporary majority was then used to approve a proposal transferring roughly $20 million from the DAO's treasury to a wallet under the attacker's control.
The new BONK $20M treasury hack incident highlights a growing trend in crypto security: exploiting governance mechanisms rather than software flaws.
BONK DAO, the decentralized organization that oversees the Solana-based memecoin, allows token holders to vote on proposals that can be executed automatically once approved.
According to blockchain analytics firm Chainalysis, the attacker submitted a proposal on June 30 requesting that the treasury's funds be transferred to a wallet they controlled.
To pass, the proposal required support representing at least 1% of BONK's circulating supply.
Over the following days, the attacker accumulated that voting power by purchasing BONK through exchanges including Bybit and Binance, while additional funds were reportedly borrowed through decentralized lending platforms, according to Lookonchain.
The proposal ultimately passed with participation from just seven wallets, while more than 18,000 eligible members did not vote.
The measure received approval by the narrowest possible margin, surpassing the required quorum with 882.38 billion BONK voting in favor against a threshold of 879.95 billion BONK.
Once approved, the DAO's smart contracts automatically executed the transaction, transferring approximately 4.43 trillion BONK, worth around $20 million, to the attacker's wallet.
Unlike many high-profile crypto exploits, the attacker did not breach the protocol's security or manipulate its code.
Every step, from purchasing tokens to casting votes and executing the treasury transfer, followed the DAO's existing governance rules.
That has reignited debate within the crypto industry over whether such incidents should be classified as hacks or governance exploits. While some on-chain observers argue the attacker merely took advantage of a flawed voting system, BONK DAO and blockchain security firms have described the incident as a malicious attack.
Shortly after receiving the treasury funds, the attacker reportedly transferred around $188,000 worth of BONK to a cryptocurrency exchange, likely to begin cashing out. In comparison, approximately $19 million was moved to a multisignature wallet requiring multiple approvals before the funds can be transferred.
The attacker also sold roughly $5.3 million worth of the BONK tokens accumulated to influence the vote, effectively disposing of the temporary stake once it had served its purpose.
BONK DAO has confirmed the incident and said it is working with cryptocurrency exchanges, blockchain bridges, the Solana Foundation, and law enforcement to respond to the attack.
The exploit serves as a reminder that cybersecurity risks are no longer limited to software vulnerabilities. As decentralized governance becomes more common, attackers are increasingly targeting the rules that govern protocols rather than attempting to break the underlying technology.
The BONK incident suggests that, for decentralized organizations, the greatest weakness may not be the code itself, but governance models that allow anyone with enough capital to temporarily buy control over multimillion-dollar treasuries.
Disclaimer of Warranty
The information provided in this article is for general informational purposes only. We make no warranties about the completeness, reliability, and accuracy of this information. Read full disclaimer
Editor's Picks

Prediction Markets Face Their Regulatory Moment as ESMA Draws the Line
Walid Abou Zaki
Jul 5, 2026
8 min

FATF R.16 Consultation: What It Could Mean for Stablecoin Payments
Walid Abou Zaki
Jun 25, 2026
7 min

Inveniam to Acquire MANTRA After $20M Post-Crisis Bet
Walid Abou Zaki
Jun 17, 2026
8 min
Read More Articles
In the Same Space

$1 Billion in 30 Days: Inside “The Binance Experience” Reshaping Global Stock Access
Salma Naueihed
Jul 3, 2026
3 min

Securitize Lists on NYSE While Bringing Its Own Shares On-Chain
News Desk
Jul 3, 2026
3 min

Binance Withdraws Greece MiCA Application, Confirming Earlier Regulatory Signals From ESMA Analysis
Salma Naueihed
Jun 25, 2026
5 min

Blockchain Becomes Key Tool in UNDP's Humanitarian Mission
News Desk
Jul 7, 2026
4 min