• Attacker spent $4.4 million to legally gain voting power and drain BONK’s $20 million treasury.
  • Only seven wallets approved the proposal, while thousands of BONK holders never voted.
  • The attack exposed major governance weaknesses across decentralized autonomous organizations.

A single governance vote changed everything for BONK DAO. One anonymous trader spent roughly $4.4 million, then walked away with control of a treasury worth $20 million. No software bug existed. No smart contract failed. Every action followed the protocol exactly as designed. That strange reality has sparked fresh concerns across crypto. Many now question whether decentralized governance can truly protect community funds from determined and well-funded participants.

A Governance Vote Opened the Door

The attack started on June 30. An anonymous wallet submitted a governance proposal to BONK DAO. Hidden inside the proposal sat one critical instruction. The treasury would transfer 4.43 trillion BONK tokens to a wallet controlled by the proposer. Approval required yes votes equal to 1% of BONK’s total supply. During July 4 and July 5, the attacker quietly accumulated that amount. Purchases came through Binance and Bybit.

Additional funds arrived through borrowing on DeFi lending platforms.The buying campaign cost about $4.4 million. That investment secured enough voting power to decide the proposal. Only seven wallets voted in favor. More than 18,000 community members never participated. Voter turnout reached only 2.9%. The proposal passed by the smallest possible margin above quorum. One participant effectively approved a proposal that benefited the same wallet.

The proposal carried an optimistic message. The text promised to rebuild BONK DAO and improve treasury management. Deep within that message, however, sat the transfer instruction. Once voting ended, the smart contract automatically executed the transaction. Around $20 million worth of BONK immediately left the treasury. Blockchain records showed every step publicly. Nothing bypassed protocol rules.

EliteFXLabs Banner

Fallout Raises Bigger Questions

About nine hours after the transfer, roughly $188,000 reached an exchange, likely for liquidation. According to Chainalysis, the remaining $19 million moved into a multisignature wallet. Such wallets require multiple approvals before future transfers. Around one hour after the treasury transfer, the attacker began selling BONK purchased for voting power. Roughly $5.3 million worth entered the market. Treasury tokens stayed separate from those sales.

BONK DAO later confirmed the incident. Project leaders identified exchange wallets linked to token purchases before voting. Teams now work alongside exchanges, crypto bridges, and the Solana Foundation to limit further damage. Law enforcement also received notification. Investigators continue efforts to recover assets and identify whoever planned the operation.The incident has divided crypto observers.

Some view the event as clever exploitation. Others describe the outcome as straightforward theft. Protocol rules allowed every action, yet community expectations suffered serious damage. A larger lesson now stands before every DAO. Treasury security depends on governance design, not only smart contracts. Cheap voting power can become an expensive weakness.

Profile picture of Patrick Kariuki
Patrick Kariuki Posted by

Cryptocurrency Writer

Patrick is a seasoned cryptocurrency writer with over five years of experience. His aim is to help readers stay informed and make informed trading & investment decisions.