-
A malicious user has stolen $20M worth of BONK tokens from the BonkDAO treasury by exploiting the majority-token-holder governance privilege.
-
The treasury lacked safety measures such as a multisig wallet and execution delays.
-
BONK is down 7.25% in the day, with this marking a second target on the BONK ecosystem and the second crypto exploit this month.
BonkDAO (Decentralized Autonomous Organization) has reported that it was recently the victim of a $20 million drain via a decentralized governance exploit.
BonkDAO suffers $20M theft
According to the organization, the attacker first purchased $4 million worth of BONK tokens from several exchanges to gain sufficient voting power. They then used this to single-handedly pass a malicious proposal, resulting in the transfer of 4.426 billion BONK tokens (about $20 million at the time) from the BonkDAO treasury to their controlled wallet. The attacker also renamed the DAO to “Sowellian BonkDAO”.
Source: solscan.io
As seen on solscan.io, the siphoner has already started moving these tokens towards exchanges. This has heightened selling pressure, with BONK dropping 7.25% over the last 24 hours to $0.0544. Just two days ago, BONK was among the trending meme coins boasting a 14% rally in a day amid a broader market downturn.
BonkDAO now says it is working wth bridges, exchanges, the Solana Foundation, and law enforcement to track the funds and eventually freeze or recover them.
Crypto exploits in July
The brute-force capital approach was successful because the DAO lacked several safety measures. Among them are execution-time locks, which enforce a delay between the approval of an action and its actual execution, so that the community, developers, and researchers can note any oddities. Another is mandatory multisig override, which employs a highly secure multisig wallet to temporarily bypass execution time locks in the event of an emergency, such as a hack.
The latest incident follows the March hijacking of bonk.fun domain – one of Solana’s meme coin launch pads. At the time, attackers swapped the “accept Terms of Service” prompt with a malicious script that drained all wallets connected to the site. Nonetheless, the attack was short-lived and damage minimal – attackers drained up to 50 Solana (SOL) tokens from each of the 35 affected wallets.
Just hours before today’s incident, blockchain security firm Blockaid flagged an active $6 million exploit targeting the DeFi yield protocol Summer.fi.








