Particle.news
Download on the App Store

BonkDAO Loses $20 Million After Malicious Governance Vote

A purchased voting majority on the Realms platform let an attacker trigger an automatic transfer of treasury BONK, prompting exchange freezes and a law-enforcement trace of the funds.

Overview

  • BonkDAO confirmed that a malicious proposal passed on Monday and moved about 4.43 trillion BONK, roughly $20 million, from the DAO treasury to an attacker-controlled wallet ending in “JHvQ.”
  • On July 4–5 an attacker bought just over the 1% quorum threshold, spending about $4.4 million on exchanges to assemble the voting stake used to pass BIP #76 with only seven wallets voting.
  • Blockchain analysts report that about $188,000 of the stolen tokens was sent to an exchange within hours and the remainder was moved into a multisig address, and BonkDAO says it has identified exchange wallets used to build the stake.
  • BonkDAO has notified law enforcement and is working with centralized exchanges, bridges and the Solana Foundation to trace and try to freeze or recover funds while BONK’s price fell about 7–10% after the drain.
  • Security experts say the incident was not a smart-contract hack but an exploitation of token-weighted governance rules and they recommend fixes such as execution timelocks, higher quorum tied to distinct wallets, multisig or veto oversight, and alternative voting models to protect DAOs with large treasuries.