An attacker drained roughly $20 million in BONK tokens from the BonkDAO treasury on Monday by buying just over 1% of the token supply and using it to pass a malicious on-chain governance proposal. The raid did not exploit a smart-contract bug — it weaponized the DAO’s own voting rules in a low-turnout ballot that passed with 99.9% “yes” votes, then began selling the stolen tokens.

Context: what BonkDAO is

BONK is a Solana-based memecoin launched in late 2022 that became one of the chain’s most widely held tokens. BonkDAO is the decentralized autonomous organization (DAO) that manages a community treasury of BONK tokens — funds earmarked for ecosystem grants, marketing, and development.

DAOs are meant to let token holders vote on how pooled assets get spent. In practice, many rely on token-weighted voting: whoever holds the most governance tokens at snapshot time has the loudest voice. When participation is thin, a temporary majority can be bought on the open market for far less than the treasury is worth.

That is exactly what happened here.

How the attack worked

According to CoinDesk’s reporting, the attacker spent approximately $4.4 million to accumulate just over 1% of BONK’s circulating supply. That stake was enough to meet the DAO’s quorum threshold — the minimum participation required for a vote to count — in a ballot where almost nobody else showed up.

With quorum satisfied and no competing votes, the malicious proposal passed with 99.9% approval. The proposal’s payload automatically transferred roughly $20 million worth of BONK from the community treasury to a wallet the attacker controlled. Once the tokens landed, the attacker began selling them on the open market.

BonkDAO confirmed the incident on its official X account Monday, saying the attack routed through a governance vote rather than a code vulnerability. The team said it has identified the exchange wallets used to buy BONK ahead of the proposal, is working with exchanges, bridges, and the Solana Foundation, and has notified law enforcement.

The Defiant noted that this vector — buying governance power to pass a treasury-draining proposal — has hit other protocols this year, including a June governance takeover at Balancer-linked TOP token pools that drained about $1.58 million.

Why governance attacks are different from code exploits

Smart-contract hacks get the headlines, but governance raids follow a simpler playbook: acquire voting tokens, propose a transfer, vote yes, exit. No bug report required — the rules worked exactly as written.

The economics are brutal. If a $20 million treasury can be captured by spending $4.4 million on tokens (plus transaction costs), the attacker nets a roughly 4.5x return before slippage eats into the sell side. Even after dumping BONK into a thin market, the profit margin can still dwarf what most DeFi exploits return.

Low turnout makes the math worse. DAOs often assume engaged communities will show up to block bad proposals. In reality, most token holders do not vote — they farm, trade, or simply hold. A single wallet that crosses quorum becomes the entire electorate.

For Solana specifically, the chain’s speed and low fees make it cheap to accumulate governance tokens quickly and execute the proposal in a single session. BONK’s deep liquidity on major Solana DEXs and CEX listings also gave the attacker a clear exit path once the treasury transfer cleared.

What this means for holders — and for LatAm users on Solana

BONK is a memecoin, and PTYcoin does not treat meme-token pumps as investment advice. But the exploit pattern matters well beyond one dog-themed token.

Solana has become a major chain for LatAm crypto activity — fast settlement, low fees, and integrations with regional fintechs and payment apps make it a practical rail for stablecoin transfers, remittances, and merchant tools. When a high-profile Solana DAO loses $20 million through governance, it is a reminder that on-chain treasuries are only as safe as their voting design, not their brand recognition.

The lessons apply whether you hold BONK, participate in any DAO, or simply keep assets on Solana:

  • Token-weighted voting without safeguards is a liability. Quorum thresholds, timelocks, multi-sig guardians, and veto councils exist precisely because open-market token purchases can flip outcomes overnight.
  • Treasury size attracts attackers. A $20 million pot with 1% quorum is an open invitation. Security teams should model governance attacks the same way they model smart-contract exploits — by asking what a motivated buyer could pass with current rules.
  • Self-custody limits your exposure to other people’s governance failures. If you never delegated tokens to a DAO or staked them in a governance pool, this specific raid did not touch your wallet directly. But if you hold any governance token — including on chains popular in Brazil, Argentina, and Mexico — check whether your stake is locked in a voting contract you did not read.

BonkDAO says recovery efforts are underway, but no funds have been publicly returned as of this writing. BONK’s price fell roughly 9% on the news, per Coinpedia’s market recap — a modest move relative to the treasury loss, suggesting markets had already priced in governance risk on thinly designed DAOs.

Takeaway

A $4.4 million shopping spree bought control of a $20 million treasury because almost nobody voted. That is not a hack in the traditional sense — it is a governance design failure executed through perfectly valid on-chain mechanics.

If you participate in DAOs, read the voting rules before you delegate tokens. If you do not, treat community treasuries as someone else’s problem — and keep assets you cannot afford to lose in wallets you control. This is a security story, not a buy-the-dip moment. Not financial advice.