$20 Million Attack on BONK: 3 Exchanges Start Investigate
<p class="text-left mb-4 ">The decentralized governance structure of BONK, a Solana-based meme coin project, became the target of a notable attack in the crypto market. Around $20 million worth of BONK tokens were removed from the BONK DAO treasury. The most striking part of the incident was that the funds were not moved through a classic hack, but through the project’s own onchain governance system.</p><p class="text-left mb-4 ">The incident reopened the debate around the security of decentralized autonomous organizations. The attacker did not force their way into the system or break the code by exploiting a smart contract vulnerability. Instead, they bought enough voting power, submitted a proposal, passed the vote and enabled the treasury transfer to be executed automatically.</p><p class="text-left mb-4 ">This exposed a long-discussed weakness in onchain governance models. If a DAO treasury can be controlled by an actor who temporarily secures a majority, its security depends not only on technical infrastructure but also on the cost of buying voting power.</p><h2 class="text-left text-foreground text-3xl font-bold mb-3 mt-1">The Attack Came After a Week of Preparation</h2><p class="text-left mb-4 ">The process dates back to June 30. According to information cited by Chainalysis, an anonymous wallet submitted a proposal to transfer the BONK DAO treasury’s tokens to an address under its own control. For the proposal to take effect, it had to meet a minimum participation threshold equal to 1% of BONK’s supply.</p><p class="text-left mb-4 ">This threshold became the central point of the attack. It was not enough for the attacker to submit the proposal; they also needed enough BONK tokens to pass the vote. For this reason, the attacker began accumulating a large amount of BONK from the market through a different wallet on July 4 and 5.</p><p class="text-left mb-4 ">According to Lookonchain data, the attacker spent around $4.4 million on Bybit and Binance to purchase enough BONK. Some estimates suggest that additional funds were also obtained through DeFi lending platforms. As a result, the attacker built voting power almost exactly at the level needed to pass the proposal.</p><h2 class="text-left text-foreground text-3xl font-bold mb-3 mt-1">Seven Wallets Voted, More Than 18,000 Members Did Not Participate</h2><p class="text-left mb-4 ">The proposal, titled “BIP #76 - Sowellian BonkDAO,” passed with very low participation. Only seven wallets voted in the process. By contrast, more than 18,000 BONK DAO members did not take part in the vote.</p><p class="text-left mb-4 ">The turnout remained at 2.9%. Despite this, the proposal cleared the minimum participation threshold, known as quorum, by a very narrow margin. The number of votes in favor reached 882.38 billion BONK. The required threshold stood at 879.95 billion BONK.</p><p class="text-left mb-4 ">This margin almost exactly matched the voting power the attacker had accumulated over several days. The final result showed 99.9% “yes” votes. However, this high approval rate reflected a single powerful actor approving its own proposal rather than a broad community consensus.</p><p class="text-left mb-4 ">The proposal text also drew attention. It included phrases about restructuring the treasury, using assets to generate revenue and stopping losses. It also stated that “yes” voters would be eligible to receive tokens. However, the real outcome of the proposal was the transfer of 4.43 trillion BONK to the attacker’s wallet.</p><h2 class="text-left text-foreground text-3xl font-bold mb-3 mt-1">The $20 Million Transfer Was Executed Automatically</h2><p class="text-left mb-4 ">On July 6, the attacker used their entire voting power in favor of the proposal. After the proposal passed, around $20 million worth of BONK tokens were automatically transferred from the DAO treasury to the attacker’s wallet.</p><p class="text-left mb-4 ">At this point, no manual approval process came into play. Due to the design of the onchain governance system, the proposal was executed directly because it met the required conditions. This also showed why the attack was so technically controversial.</p><p class="text-left mb-4 ">According to Chainalysis, around $188,000 worth of assets were sent to an exchange roughly nine hours after the transfer. This transaction was likely intended for cashing out. The remaining assets, worth around $19 million, were moved to a multisig wallet.</p><p class="text-left mb-4 ">The attacker also began selling the BONK tokens they had accumulated to carry out the attack. Around one hour after the treasury was drained, they sold approximately $5.3 million worth of BONK. In this way, the attacker offloaded the tokens used to gain voting power while keeping the treasury tokens in a separate wallet.</p><h2 class="text-left text-foreground text-3xl font-bold mb-3 mt-1">South Korean Exchanges Launch BONK Review</h2><p class="text-left mb-4 ">Following the attack, risk perception also rose quickly in the South Korean market. The country’s three major crypto exchanges, Upbit, Bithumb and Coinone, placed BONK on their review lists. This decision means the exchanges may reassess their trading support for the token following the security incident.</p><h2 class="text-left text-foreground text-3xl font-bold mb-3 mt-1">BONK Price Came Under Pressure</h2><p class="text-left mb-4 "><a href="https://jrkripto.com/tr/coin/bonk" target="_blank" rel="noreferrer" class="text-primary underline">BONK </a>also saw a price decline after the attack. According to available data, the token lost around 7% over the past 24 hours. This drop reflected both the confidence shock caused by the treasury loss and the attacker’s market sales.</p><p class="text-left mb-4 ">
<figure class="my-6">
<img src="https://minio-api-1.jrkripto.com/blog/bonkusdt-2026-07-07-11-14-51-432397c4.webp" alt="BONKUSDT_2026-07-07_11-14-51.png" width="auto" height="auto" class="w-full rounded-lg border" />
</figure>
</p><p class="text-left mb-4 ">BONK DAO later confirmed the incident. The project team described it as a malicious governance proposal that drained the treasury. In its statement, the DAO said it had identified the exchange wallets used to purchase tokens before the vote.</p><p class="text-left mb-4 ">BONK DAO also said it was working with exchanges, bridge protocols and the Solana Foundation to manage the situation. It remains unclear how the legal and technical follow-up process will unfold.</p>