BonkDAO Loses $20M in Governance Exploit After Malicious Proposal Drains Treasury
BonkDAO suffered a $20 million treasury exploit after an attacker accumulated enough voting power to pass a malicious governance proposal, exposing critical weaknesses in token-weighted DAO governance.
BonkDAO Treasury Drained in $20 Million Governance Attack
$20 Million Worth of BonkDAO Tokens Stolen via Governance Attack
In a $20 million exploit on the Solana memecoin BONK, the decentralized autonomous organization, BonkDAO, which manages the BONK token, lost $20 million worth of BONK tokens due to the manipulation of the organization's governance system.
What makes this hack unique compared to smart contracts is the fact that in this situation, it was the governance system that was attacked. The attacker simply bought the required number of votes to execute their governance proposal.
How the Attack Happened
According to accounts, the hacker reportedly spent about $4 million on BONK tokens in order to get past the quorum threshold required by the DAO.
Upon meeting the voting threshold, the hacker then sent out a harmful motion and successfully approved it, which allowed the transfer of 4.4 trillion BONK tokens held by the BonkDAO treasury.
Blockchain detectives observed that the motion was done using just a few number of wallets that participated in the vote.
Immediate Market Impact
The news led to a significant drop in BONK's price, where the coin dropped in value by approximately 8-10% due to the treasury hack.
Monitoring of the on-chain data showed that the tokens were heading towards the exchange wallets, raising fears of any sell-off. The members of the ecosystem started monitoring their wallets.
BonkDAO Responds
In an official statement shared on X, BonkDAO described the incident as a "malicious governance proposal" and confirmed it is working alongside:
- Major cryptocurrency exchanges
- Cross-chain bridge operators
- The Solana Foundation
- Law enforcement agencies
It was noted by the group that the wallets used for purchasing the governance tokens have been traced out, and measures are being taken in order to recover the stolen funds.
What the Exploit Means for DAO Governance
The case has once again raised concerns regarding the safety of token-governed systems.
Decentralized governance seeks to delegate decision-making authority to token owners; however, there is a risk if the attacker manages to acquire sufficient voting power through temporary accumulation to approve malicious proposals. It has been suggested that solutions like execution timelocks, increased quorum requirements, multisig wallets for treasuries, and better reviewing of proposals might help address this problem.
Looking Ahead
BonkDAO’s hack is yet another instance that demonstrates how governance protocols need to be as important as smart contracts when it comes to security. As the treasuries of the DAOs become more valuable, there will be increased need for protecting such governance frameworks from possible attack vectors while maintaining decentralization.
Meanwhile, the investigation into what exactly happened at BonkDAO is still ongoing.
