
Spending $4.4 Million to "Vote" Away $20 Million, BonkDAO Suffers the Most Ironic DAO Governance Attack in History
TechFlow Selected TechFlow Selected

Spending $4.4 Million to "Vote" Away $20 Million, BonkDAO Suffers the Most Ironic DAO Governance Attack in History
When the market is poor, if no one pays attention to the governance forum, governance becomes self-service withdrawal.
Author: Claude, TechFlow
TechFlow Insights: Approximately $20 million worth of BONK tokens were "legally" moved from the BonkDAO treasury via a governance proposal. The attacker spent $4.4 million to buy BONK with just over 1% voting power, submitted a proposal disguised as governance reform, waited 6 days without anyone paying attention, then voted to pass it themselves, triggering the smart contract to automatically execute the transfer.
There were no code vulnerabilities or hacker intrusions throughout the process, only a governance forum that almost no one reads and a proposal that was ignored for a full 6 days. The price of BONK fell by about 8% in response.

One person spent $4.4 million to move $20 million worth of BONK tokens. No code was breached; they used BonkDAO's own voting system.
On July 6, a malicious proposal submitted by an attacker via the Solana on-chain governance platform Realms was automatically executed, transferring approximately 4.426 trillion BONK tokens from the BonkDAO treasury to a wallet controlled by the attacker, worth about $20 million at the time.
BonkDAO subsequently confirmed on the X platform that it had suffered a "malicious governance proposal" attack, stating that law enforcement had been notified and coordination was underway with exchanges, cross-chain bridges, and the Solana Foundation to track the funds.
The striking aspect of this incident lies in the method: the attacker followed "legal procedures" throughout the entire process.
Exploiting Governance Rules Like a Bug, Just to Transfer Money to Themselves
According to a CoinDesk report on July 7, the attacker's operational path was not complex.
On June 30, the attacker submitted proposal number BIP #76, titled "Sowellian BonkDAO," superficially packaged as a governance reform plan. The content mentioned "appointing new members and committees," "monetizing assets," "stopping the bleeding," and even promised that "all those who vote yes are eligible to receive tokens." However, there was only one core execution instruction in the proposal:
Transfer 4.426 trillion BONK tokens to an address controlled by the attacker.
Prior to this, the attacker had purchased approximately $4.4 million worth of BONK in batches through exchanges such as Bybit and Binance, accumulating a position just exceeding BonkDAO's 1% voting threshold (quorum, i.e., the minimum participation rate required for a proposal to take effect).

The proposal hung on the governance forum for 6 days. During this period, among BonkDAO's over 18,000 eligible voting members, only 7 wallets participated in the voting, with a voting rate of about 2.9%. The attacker voted yes using their own holdings, accounting for 99.878% of the total votes cast. There were 88.238 billion BONK yes votes, just crossing the threshold of 87.995 billion.
On July 6, the proposal automatically passed, the smart contract executed according to rules, and $20 million was transferred away.
No One Reads the Governance Forum, Proposals Become ATMs
Crypto KOL TheDeFinvestor believes this was not even a hacker attack. The reason the proposal passed is simple and absurd: no BONK holders actually checked the details of the proposal on the governance forum to see what it was.
This statement strikes at the underlying assumption of entire DAO governance.
The logical premise of token-weighted voting is: holders will care about the project's future because they have economic interests tied to it. But this assumption fails almost completely on meme coin projects.
The vast majority of BONK holders are speculative traders; they buy for price volatility, and governance decisions have nothing to do with them. When the token price fell 93% from the all-time high of $0.000059 in November 2024, and the market cap shrank from over $4 billion to less than $400 million, even the speculators' enthusiasm was fading, let alone anyone bothering to flip through the proposal list on the governance forum.
When the market is cold, the forum is also cold. When the forum is cold, a proposal hiding a transfer instruction can hang quietly for 6 days, waiting for automatic execution.
A 2023 survey by research firm Gauntlet showed that over 60% of major DeFi protocols have voting participation rates below 10%. BonkDAO's 2.9% voting rate is not even considered abnormal in this context.
$4.4 Million for $20 Million: Attack Cost Far Lower Than Returns
If you are a bad actor wanting to launch an attack, this calculation is actually very cost-effective.
The attacker spent about $4.4 million to buy voting power and moved about $20 million in treasury assets, with a ROI close to 1:5.
From a purely economic perspective, as long as the DAO treasury asset size is greater than the cost required to buy the voting threshold, such attacks are profitable. BonkDAO's quorum is set at 1% of total supply, while voting participation rates have long been below 3%. The attacker does not need to convince anyone, they only need to appear when no one is paying attention, and then vote with money.
Blockchain security company PeckShield monitored that about $148,000 worth of the stolen BONK has already flowed into the OKX exchange. Korean exchange Upbit has suspended BONK deposits and withdrawals. SlowMist co-founder Yu Xian confirmed the transfer record of approximately 4.426 trillion BONK on the X platform.
The price of BONK fell by about 8% to 10% after the news was announced, trading near $0.000004 at the time of publication.
Recovery Prospects Not Optimistic, Governance Patching is the Real Issue
BonkDAO stated it has identified the exchange wallets used by the attacker to purchase BONK and is cooperating with on-chain analysis companies such as Chainalysis to track the flow of funds. However, on-chain transfers executed via governance proposals are technically "legal transactions," unlike smart contract vulnerability exploits, and cannot be reversed via on-chain rollbacks or hard forks. Hope for recovering funds mainly rests on exchange freezes and law enforcement intervention, premised on successfully identifying the attacker's real identity.
The bigger hidden danger is that over 800 DAOs run on Solana's Realms governance platform, managing treasury assets totaling over $1.5 billion. Any DAO with a treasury size larger than the quorum purchase cost and a voting participation rate below 10% faces the same risk exposure.
Finally, the author finds the most ironic part is that the full name of DAO is "Decentralized Autonomous Organization," and the premise of "Autonomous" is that someone is actually governing.
When no one reads the governance forum, "Decentralized" becomes "No One Controls," and "Autonomous" becomes "Self-Service Withdrawal."
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














