🔥BTC/USDT

BonkDAO loses 20 million in governance exploit

BonkDAO, a governance organization tied to the Solana-based meme token BONK, lost about $20 million in treasury assets after an attacker used its own voting rules to pass a proposal that transferred 4.4 trillion BONK tokens to a single wallet.

The incident, disclosed early July 7 Beijing time, was not described as a conventional smart contract hack or a breach of private keys. Instead, blockchain data and early analysis indicate that the attacker exploited BonkDAO’s token-weighted governance system on the Realms voting platform. By acquiring enough BONK to submit a proposal and then using overwhelming voting power to approve it, the attacker pushed through “Bonk Improvement Proposal #76,” or “BIP #76,” which authorized the transfer of the DAO’s treasury tokens.

Once the proposal passed, the Realms smart contract executed the transaction automatically. The treasury funds moved without an additional review period, without a veto window, and without a delay that might have allowed BonkDAO or other ecosystem groups to intervene. The result was a rapid drain of assets valued at roughly $20 million at the time of the transfer.

The event immediately raised concerns across the Solana ecosystem and among cryptocurrency traders because it showed how a decentralized governance structure can be captured through procedure rather than code. BONK’s market price fell more than 9% after reports of the treasury drain began circulating, reflecting anxiety over both the stolen supply and the broader governance risks exposed by the incident.

How the proposal passed

According to blockchain data, the wallet behind the proposal accumulated 882.285 billion BONK shortly before the vote. That position was valued at about $4.4 million and appeared sufficient to meet the 1% token threshold required to submit a governance proposal through BonkDAO’s Realms framework.

After reaching that threshold, the address submitted BIP #76. The proposal was written to authorize the transfer of 4.4 trillion BONK from BonkDAO’s treasury to a wallet controlled by the proposer. Because BonkDAO’s governance gave voting power based on token holdings, the same entity that submitted the proposal was also able to dominate the vote.

On-chain records showed the address controlled 99.878% of the total voting power involved in the proposal. Only seven wallets participated in the vote, a level of engagement that analysts said was critically low for a decision involving one of the DAO’s most important assets: its treasury.

With almost all voting power concentrated behind the proposal, BIP #76 passed with near-unanimous support. The Realms smart contract then carried out the approved instruction and transferred the 4.4 trillion BONK to the proposer’s wallet.

The estimated economics were stark. The attacker spent roughly $4.4 million to acquire the BONK needed to submit and approve the proposal, then received tokens worth about $20 million. That left an apparent paper profit of around $15.6 million, achieved not by breaking software but by following the rules in a way the system had failed to defend against.

Why this was not a typical hack

Analysts reviewing the transaction said the BonkDAO incident should be understood as a governance attack rather than a software exploit. In a traditional hack, attackers may identify a coding flaw, bypass authentication, compromise a wallet, or manipulate a smart contract in a way developers did not intend. In this case, the system appears to have worked as designed: a proposal was submitted, voted on, approved, and automatically executed.

That distinction matters because it shifts attention from code security to governance design. BonkDAO’s rules allowed a sufficient amount of voting power to control a treasury decision. The platform did not appear to include several common protective mechanisms used by other decentralized organizations to slow or block dangerous proposals.

Among the missing safeguards were minimum quorum requirements, time locks, delayed execution, and broader participation thresholds. A quorum rule would have required a minimum share of eligible voting power or wallets to participate before a proposal could pass. A time lock would have created a delay between approval and execution, giving DAO members and ecosystem partners time to review the decision. A veto or emergency pause system could have allowed a trusted security group or multisignature committee to stop a suspicious treasury movement before assets left the DAO.

Because those protections were not in place, the approved transfer finalized before any oversight body could react. That made the attack exceptionally clean from a procedural standpoint and extremely difficult to reverse once completed.

Market reaction and exchange response

The market’s response was swift. BONK fell more than 9% as traders digested the implications of the treasury drain. The immediate concern was that the stolen tokens could be sold into the market, creating additional pressure on the token’s price. Large transfers from DAO treasuries often unsettle traders because they can alter expectations around circulating supply, liquidity, and project stability.

BonkDAO said it had flagged the associated wallet and begun coordinating with blockchain entities to trace the assets. It also notified law enforcement and worked with the Solana Foundation and exchanges in an effort to limit the attacker’s ability to move or liquidate the tokens through centralized venues.

Some exchanges, including Upbit and Kraken, temporarily suspended BONK deposits and withdrawals as a precaution. Such steps are often used when stolen or disputed tokens may be routed through trading platforms. By pausing transfers, exchanges can buy time to identify suspicious flows, prevent direct deposit of tainted assets, and coordinate with compliance teams.

On-chain data showed that the drained assets first moved to a wallet funded through Bybit before later being transferred to a second address. Once assets begin moving across wallets, recovery becomes more complicated. Even when wallets are flagged publicly, decentralized networks generally do not allow transactions to be reversed unless the recipient voluntarily returns funds or centralized endpoints freeze assets before conversion or withdrawal.

The role of Realms governance

Realms is a governance platform widely used across the Solana ecosystem. It allows decentralized organizations to create proposals, manage voting, and execute approved actions through smart contracts. The platform itself is not necessarily at fault in a governance capture scenario. Rather, each organization using such infrastructure must configure its rules in a way that reflects the value and risk of the assets under control.

In BonkDAO’s case, the critical weakness was the combination of token-weighted voting, low participation, and immediate execution. Token-weighted voting is common in decentralized finance and DAO governance because it gives more influence to holders with larger economic exposure. The idea is that those holding more tokens have more at stake and should therefore have greater say in protocol decisions.

But the model also creates openings for wealthy or opportunistic actors. If enough voting power can be acquired on the open market, borrowed, or temporarily controlled, governance can be redirected. This can be especially dangerous when a DAO treasury holds assets worth far more than the cost required to gain proposal power.

That gap appears to have been central to the BonkDAO case. The attacker’s cost to acquire qualifying voting power was much lower than the value of the treasury transfer the proposal authorized. Without quorum requirements or time delays, the attacker did not need broad community support. The only requirement was enough voting power under the rules then in place.

A familiar weakness in DAO design

The BonkDAO incident highlights a recurring weakness in decentralized autonomous organizations: voting power is often concentrated, while turnout is often low. Previous research into major DAOs has found that a small number of active voters can determine the outcome of many proposals. In some organizations, three to five voters may be enough to pass critical decisions, particularly when broader token holders do not participate.

Low turnout is not unique to BonkDAO. Many governance systems struggle to attract consistent participation because token holders may be passive, proposals may be technical, and voting may require time, wallet interaction, or knowledge of protocol mechanics. Some traders hold tokens for price exposure rather than governance involvement, leaving decision-making to a small group.

That creates strategic risk. If most eligible voters remain inactive, an attacker does not need to control a majority of all tokens. The attacker only needs to control a majority of the votes actually cast, or enough voting power to satisfy the proposal rules. In systems without a meaningful quorum, that bar can be dangerously low.

This is why many DAOs with large treasuries add layers of protection around treasury movements. Common tools include time locks, multisignature approvals, emergency councils, proposal review periods, delegated voting, and higher thresholds for sensitive transactions. These measures can reduce the purity of fully automated governance, but they also help prevent a single hostile or opportunistic actor from draining community assets in one vote.

The trade-off between decentralization and safety

The BonkDAO case will likely renew debate over how decentralized organizations should balance open governance with asset protection. Fully permissionless governance is attractive because it allows anyone with the required token stake to participate directly. It avoids central gatekeepers and reflects one of the core ideas of decentralized finance.

However, open systems can be gamed when financial incentives are large. If the reward for capturing governance exceeds the cost of acquiring voting power, the system may invite attack. The more liquid the token, the easier it may be for an attacker to build a position quickly. The larger the treasury, the greater the temptation.

Security experts often argue that decentralization should not mean the absence of controls. A time lock, for example, does not prevent token holders from making decisions. It simply delays execution long enough for the community to identify an abnormal proposal. A quorum does not eliminate voting rights; it ensures that major decisions require meaningful participation. A multisignature layer may reduce automation, but it can provide a final line of defense for treasury movements.

For traders evaluating DAO-linked tokens, the incident adds governance architecture to the list of risks that must be examined. Token supply, exchange liquidity, developer activity, and market momentum remain important, but treasury controls can be just as critical. A project may have a large community and strong brand recognition, yet still be vulnerable if its governance system allows a small group to control large pools of assets.

What comes next for BonkDAO

BonkDAO’s immediate focus is asset tracing, exchange coordination, and damage control. Flagging wallets can make it harder for the attacker to liquidate funds through centralized exchanges, but it does not guarantee recovery. If the tokens are routed through multiple addresses, decentralized exchanges, bridges, or other on-chain tools, tracking becomes more complex and enforcement options become limited.

The longer-term issue is governance reform. BonkDAO and similar organizations may face pressure to add time locks, higher quorum requirements, proposal review periods, and emergency protections for treasury transactions. Projects using Realms or comparable governance platforms are also likely to review whether their own settings could allow a similar attack.

The stolen BONK will remain a key market concern. If a large portion is sold, BONK could face further downward pressure. If the tokens remain idle in flagged wallets, the overhang may still weigh on sentiment because traders will remain alert to any movement. In either case, the episode has already changed the conversation around BONK from meme-token momentum to governance risk.

The broader lesson is clear: decentralized governance can fail even when the code works. BonkDAO’s treasury was not drained because a smart contract malfunctioned. It was drained because the rules allowed a concentrated holder to approve a transfer that benefited itself. For the wider crypto market, that may be the most troubling part of the incident. It shows that in token-weighted governance, security depends not only on code audits but also on the design of the voting system itself.


To understand DAOs and avoid similar governance risks, explore our guide here today.

Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.

Sign up and trade to earn over 15,000 USDT
Sign up