Loading article…
BonkDAO governance breach saw attacker spend $4 M on BONK to pass a proposal that drained $20 M from the treasury, pushing the token 7% lower.
A single malicious proposal approved on July 6 2026 siphoned roughly $20 million in BONK from the DAO’s Solana treasury after an attacker bought enough voting power for the 1 % quorum with about $4 million of tokens [1].
At a glance
| At a glance | |
|---|---|
| Treasury loss | ~$20 M (≈4.4 trillion BONK) |
| Token purchase cost | ~$4 M to acquire 1 % of supply |
| Quorum margin | 882.38 bn BONK vs. 879.95 bn threshold |
| Price reaction | BONK down ~7 % in 24 h |
The attacker submitted proposal “BIP #76 – Sowellian BonkDAO” on June 30, instructing the DAO to transfer 4.4 trillion BONK to a wallet they controlled. To meet the 1 % quorum, they bought exactly that share of the token over July 4‑5 on Bybit and Binance, spending about $4 million [1]. When voting closed, only seven wallets cast votes, achieving a 99.9 % “yes” result that barely cleared the quorum—882.38 bn BONK in favor versus the 879.95 bn threshold [1]. The DAO’s automatic execution then moved the treasury funds to the attacker’s address.
The stolen BONK was quickly shuffled through multiple addresses, with $148 k later spotted on OKX, indicating attempts to obscure the trail [1]. BONkDAO flagged the incident as an attack, notified law enforcement, and is cooperating with the Solana Foundation and exchanges to recover assets [1]. Despite the scale, the token’s price fell only about 7 % in the following 24 hours, and exchanges such as Upbit and Kraken halted BONK deposits and withdrawals as a protective measure [1].
No smart‑contract bug or private‑key compromise occurred; the breach stemmed from the DAO’s lack of safeguards—no timelock, insufficient quorum, and no multisig override [1]. This design allowed an attacker to “buy” voting power and legally approve a treasury drain, highlighting a broader risk for DAOs that rely solely on token‑based voting without additional controls [3].
The BonkDAO incident underscores that a DAO’s financial security can be compromised without any code exploit, raising urgent questions about how governance mechanisms must evolve to protect sizable treasuries in the rapidly expanding memecoin space.
Coverage is mostly measured — 91 of 95 reports stay neutral.
Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.
Free · 3-min read · one-click unsubscribe
AI-assisted synthesis by the TrendWatcher Editorial Desk · sourced from 3 outlets · Jul 14, 2026 · How we report
The attacker purchased approximately $4.4 million worth of BONK tokens, reaching the quorum threshold of 879.95 billion BONK and securing a 99.9% yes vote, which automatically executed the transfer.
BonkDAO lacked a timelock delay, a multisig or council veto mechanism, and had a quorum design that enabled control with only about 1% of token supply, all of which could have halted the malicious proposal.
CRV increased by roughly 4% over a day, with on‑chain data showing reduced selling pressure and a 16% rise in open interest, indicating increased speculative leverage.