Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Attackers Vote Themselves $20 Million in BONK Cryptocurrency via Governance Attack
Attackers Vote Themselves $20 Million in BONK Cryptocurrency via Governance Attack
NEWS

Attackers Vote Themselves $20 Million in BONK Cryptocurrency via Governance Attack

An attacker spent $4 million to buy enough BONK tokens to control BonkDAO's governance system, then voted through a malicious treasury transfer proposal and drained $20 million — no smart contract exploit required. The incident highlights a fundamental structural vulnerability in token-weighted DAO governance.

Dylan H.

News Desk

July 6, 2026
3 min read

BonkDAO confirmed on July 6, 2026 that it was the victim of a malicious governance proposal attack, in which an adversary acquired enough BONK tokens to control the decentralized autonomous organization's voting process — then voted to transfer approximately $20 million in BONK from the project treasury directly into their own wallets.

The attack required no smart contract vulnerability. The protocol worked exactly as designed.

How the Attack Worked

Token-weighted governance is a standard feature of DeFi projects: holders of the native token vote on proposals, with voting power proportional to holdings. BonkDAO's governance is hosted on Solana's Realms platform.

The attacker executed a calculated, multi-step operation:

  1. Acquired ~$4 million worth of BONK tokens — enough to achieve a controlling voting position in the DAO's governance system.
  2. Submitted a malicious governance proposal authorizing a treasury transfer to attacker-controlled wallets.
  3. Voted the proposal through using their acquired stake, meeting whatever quorum or threshold was required.
  4. Claimed approximately $20 million in BONK — a roughly 5:1 return on the initial investment.

BonkDAO described the incident on social media as a "malicious governance proposal" attack. The entire operation used only legitimate on-chain mechanisms — no bug exploitation, no reentrancy, no flash loan abuse.

Market Impact

The attack immediately rattled BONK's market:

  • BONK token price dropped over 10% following the announcement
  • Trading volume surged 48% as holders responded to the news
  • The $20 million drain represented a significant portion of the DAO's accessible treasury

Response and Recovery Efforts

BonkDAO coordinated with multiple parties in an attempt to freeze or recover the stolen funds:

  • Cryptocurrency exchanges were notified to flag and potentially freeze attacker wallets
  • Cross-chain bridge operators were alerted to block movement of the stolen BONK
  • The Solana Foundation was contacted for investigative support
  • Law enforcement was notified, and investigators identified exchange wallets used to purchase BONK before the proposal was submitted

At the time of reporting, stolen funds were moving toward exchanges and no confirmed recovery had been announced.

Why Governance Attacks Are Hard to Stop

This incident illustrates a fundamental tension in DAO design. Governance attacks via token acquisition are a known and well-documented risk in the DeFi space — but they are difficult to prevent without undermining the decentralization that makes DAOs attractive in the first place.

Common mitigations include:

  • Time-locks on proposals — requiring a delay between a proposal passing and execution, giving the community time to respond
  • Veto mechanisms — allowing a guardian multisig to block clearly malicious proposals
  • Quorum thresholds — requiring participation from a broad base of holders, not just a concentrated attacker
  • Governance token velocity limits — preventing very recent token purchases from immediately influencing votes

BonkDAO's governance apparently lacked sufficient protections in at least one of these areas, enabling the attack to proceed faster than the community could respond.

Broader Pattern

Governance attacks are not unique to BonkDAO. Similar attacks have targeted Beanstalk Farms ($182M, 2022), Build Finance DAO (2022), and Tornado Cash governance (2023). The consistent lesson is that any DAO with a valuable treasury and insufficient governance safeguards is a target — and the attack vector requires only capital, not technical skill.


Source: The Record — Attackers vote themselves $20 million in BONK cryptocurrency

#Cryptocurrency#DeFi#Governance Attack#BonkDAO#Blockchain

Related Articles

More Than $10 Million Stolen from Crypto Platform THORChain

THORChain officials confirmed that one of their six vaults was compromised in a security incident, leading to a loss of approximately $10.7 million. The...

3 min read

Hacker Charged with Stealing $53 Million from Uranium

U.S. prosecutors have charged a Maryland man with hacking DeFi protocol Uranium Finance twice and laundering over $53 million through cryptocurrency mixers.

4 min read

Hacker Walks Away with $24.5 Million After Breaching Resolv

A compromised private key allowed an attacker to mint $80 million in unbacked USR stablecoins on the Resolv DeFi protocol, extract $24.5 million in ETH,...

4 min read
Back to all News