TheCryptoUpdates
Crypto Scams

BonkDAO loses $20M in governance attack via valid proposal

Nobody hacked anything. No smart contract failed, no private key leaked, no phishing link fired. On July 6, the treasury of BonkDAO, the community organization behind one of Solana’s flagship memecoins, transferred roughly $20 million worth of $BONK to a wallet controlled by an attacker. Every step of the transfer was a valid transaction executed exactly as the DAO’s own rules prescribed.

The attacker did not break the governance system. They bought it, for about $4.4 million, at an implied return of nearly five to one. Seven wallets participated in the vote, while more than 18,000 members did not. The episode is the cleanest proof to date of an uncomfortable truth: a treasury governed by token-weighted voting is worth exactly the cost of assembling a temporary majority. For most DAOs, that cost is a fraction of the prize.

Six days in the open

On June 30, an anonymous wallet submitted a proposal to BonkDAO’s governance system, which runs on Realms, Solana’s standard DAO tooling. The proposal carried the title BIP #76 and styled itself as a governance renewal plan. It included a line noting that yes-voters would be eligible to receive tokens. Beneath the rhetoric sat the only clause that mattered: an instruction to transfer 4.43 trillion $BONK, the bulk of the treasury, to a wallet the proposer controlled.

The proposal stayed live for six days. During that window, the attacker methodically accumulated voting power by spending approximately $4.4 million buying $BONK through exchange wallets. On-chain researchers, including Yu Xian of security firm SlowMist and analyst Yu Jin, later reconstructed the accumulation pattern. On July 6, the attacker cast the assembled stake. The final tally showed 882.38 billion $BONK in favor against a quorum threshold of 879.95 billion. Turnout was 2.9%. The yes share was 99.9%.

Then the system worked as designed. Realms-based governance executes passed proposals automatically. No human signed off, no council reviewed the transfer, no delay separated approval from execution.

The anatomy of the failure

Three missing safeguards converted a bad proposal into an executed one. The first is a timelock: a mandatory delay between a proposal passing and its instructions executing. The second is a multisig or council veto: an emergency brake allowing designated signers to freeze anomalous executions. The third is quorum and participation design: a system where 1% of supply can constitute a passing majority against 2.9% turnout.

The deeper failure: the treasury’s size bore no relationship to the cost of controlling it. BonkDAO held roughly 15% of all circulating $BONK. The attacker’s arithmetic was public information. Anyone could compute that quorum, multiplied by market price, cost about $4 million to satisfy, against a treasury worth five times that.

The pattern has a canonical ancestor. In 2022, an attacker used a flash loan to seize voting control of Beanstalk and drained about $180 million. The industry’s response then was to treat flash-loan governance as the flaw. BonkDAO’s attacker needed no flash loan. They used patient capital, real purchases held across days.

The market for votes was always there

Vote buying in DAO governance is not a fringe exploit; it is an industry with infrastructure. Bribe markets have operated for years around the largest DeFi governance systems. Vote-lending and delegation markets let holders rent their governance power without selling their tokens. The machinery for converting money into votes was built, normalized, and liquid long before someone aimed it at a treasury.

That normalization is why the security framing has to be economic instead of technical. The relevant metric, which security researchers have urged for years under the name cost of corruption, compares the expense of acquiring decisive voting power against the value extractable by wielding it. For a healthy system, the first number exceeds the second with a wide margin. BonkDAO’s ratio was not marginal.

The tooling default problem

Nothing in the incident involved a flaw in the tooling. Realms executed a validly passed proposal. But defaults are policy. The configuration this DAO ran—automatic execution, no timelock, a static quorum set long ago—is the path of least resistance the tooling made easy. The predictable industry response is already forming: platforms moving protective defaults from opt-in to opt-out, warning surfaces that flag treasury-moving instructions, and simulation tools.

Theft, or the rules working

The philosophical fight broke out immediately. One camp argues that nothing was stolen: the attacker followed every rule, won a vote the rules recognized, and executed a transfer the rules authorized. The opposing camp, which includes BonkDAO itself and figures like Ripple’s chief technology officer emeritus David Schwartz, argues that legality is not defined by protocol validity. A proposal that misrepresents its purpose, transfers assets to its author, and relies on engineered low turnout is fraud in any legal system.

The damage, priced

The market’s verdict was swift but contained. $BONK fell between 8 and 10% on the disclosure. The stolen tokens represent supply that was already outside the market in a treasury. No user wallets were touched, and the token contract itself was never at issue. The loss is concentrated in the commons: the treasury that funded ecosystem grants, marketing, and buyback programs.

The recovery race

Recovery will happen at choke points. Upbit suspended $BONK deposits and withdrawals, closing one of the deepest liquidity venues. The wallet trail through a Bybit-funded account gives investigators a potential identity thread. The limits are equally real: on-chain funds that stay on-chain remain beyond freezing. The realistic best case is not restoration but attrition.

What every other DAO does now

The practical legacy of BIP #76 is a checklist. Timelocks on treasury-affecting proposals move from best practice to table stakes. Emergency veto councils return to favor with sunset clauses. Quorum design gets rethought around adversarial math. Each fix carries its own cost. Timelocks slow legitimate operations. Vetoes recreate the trusted committee that DAOs were invented to remove. High quorums can freeze governance entirely.

For everyone else, the lesson is simple. Every DAO treasury now has a public quote for what its governance is worth: the market price of its quorum. If that number is smaller than the treasury, the treasury is not owned, it is rented. BonkDAO’s members learned the rent on a Monday in July. The rest of the industry gets to learn it from the outside.

Loading

Related posts

US Government Seizes Additional Ethereum from 2021 Uranium Finance Hack

Jack

Qubic Community Votes to Target Dogecoin Next After Monero 51% Attack Success

Jack

General Bytes Suffers Highest Severity Breach, Resulting in Loss of Millions of Dollars

Mridul Srivastava