Summary
- BonkDAO lost roughly $20 million in BONK tokens through a malicious governance proposal executed on July 5 2026.
- The attacker bought $4.4 million worth of BONK tokens to meet quorum and pass the proposal using just seven wallets.
- Upbit and Bithumb halted BONK deposits and withdrawals due to suspected security issues tied to the BonkDAO hack.
An attacker drained roughly $20 million in BONK tokens from the BonkDAO treasury on July 5 2026. The hacker pushed through a malicious governance proposal. Targeted buys met the quorum on Solana.
This exposed clear flaws in standard DAO rules.
The attack hit the Solana network fast. Community members rushed to tally losses and lock down remaining assets. Exchanges froze activity within hours.
"An attacker spent $4.4 million buying BONK tokens, passed a malicious governance proposal with just 7 wallets voting, and walked away with $20 million."
, CoinDesk (Source)
Context
BonkDAO handles community funds for the BONK meme coin on Solana. Token-weighted votes decide proposals that move treasury assets. Low turnout and easy token buys let outsiders grab voting power without real support.
This setup invites trouble.
Governance attacks stay common in crypto. Attackers need only a quorum. They zero in on concentrated supplies to force results.
Details
The attacker bought $4.4 million worth of BONK ahead of the vote. Seven controlled wallets cleared the quorum and passed the proposal. It immediately sent about $20 million in BONK out of the treasury.
BonkDAO confirmed the loss on July 6 2026. The group notified exchanges and started an internal review. Upbit and Bithumb halted all BONK deposits and withdrawals over suspected ties to the hack.
The drain followed the DAO's own rules. No code exploit was involved. Governance parameters alone became the weak point when token supply allowed cheap quorum capture.
Reaction
Trading venues acted first. Upbit and Bithumb froze activity to block movement of the stolen tokens. The wider market turned to fresh questions about DAO vote thresholds and token distribution on Solana.
Outlook
BonkDAO keeps reviewing its setup. Exchanges watch for follow-on moves. Other projects with similar governance will likely tighten quorum rules and add lockups to limit future attacks.
