Key Highlights
  • BonkDAO suffered a $20M+ treasury exploit after a malicious governance proposal passed.
  • The attacker spent $4.4M to gain voting power and transfer 4.426T BONK.
  • BONK fell nearly 9%, trading around $0.0544 following the incident.
  • Most stolen tokens remain in the attacker's wallet as BonkDAO works with exchanges and authorities.

The BonkDAO attack is a textbook example of how token-weighted governance — when poorly designed — can be weaponised against the very treasury it is meant to protect. The attacker did not find a smart contract vulnerability, exploit a bridge, or break any cryptographic mechanism. They simply bought enough tokens to outvote everyone else, submitted a proposal to take the money, and waited for it to pass.

BONK at a Glance — July 7, 2026

Bonk (BONK) is currently trading at $0.054366, down 8.80% in the last 24 hours. The token’s market capitalization stands at approximately $384.21 million. The sharp decline comes after news broke that BonkDAO suffered a major governance attack, resulting in the loss of roughly $20–21 million worth of BONK tokens from its treasury.

BONK Price on 07 July 2026
BONK Price on 07 July 2026/Source: Coinmarketcap

What Happened — The Attack Step by Step

Source: Lookonchain, BonkDAO official statement

The mechanics of this attack are straightforward — and that simplicity is precisely what makes it so alarming.

Step 1 — Strategic token accumulation

Over approximately two days before the proposal, the attacker systematically purchased BONK tokens on two major centralised exchanges — Bybit and Binance — spending approximately $4.4 million in total. This was not random buying — it was calculated acquisition specifically to reach the threshold required to pass a governance proposal without meaningful community opposition.

Attacker systematically purchased BONK tokens
Attacker systematically purchased BONK tokens/Source: @lookonchain (X)

Step 2 — Malicious proposal submission

With sufficient voting power accumulated, the attacker submitted BIP-76 — a governance proposal to transfer 4.426 trillion BONK tokens (worth approximately $21.2 million at the time) from the BonkDAO treasury directly to a wallet under their control.

attacker submitted BIP-76 — a governance proposal
attacker submitted BIP-76 — a governance proposal/Source: @lookonchain (X)

Step 3 — Quorum reached, proposal passed

The attacker voted “Yes” on their own proposal using the tokens they had just purchased. Because they had accumulated enough BONK to exceed the required quorum threshold — and community participation was insufficient to counter the vote — the proposal passed automatically. No hack. No exploit. Just a governance mechanism working exactly as designed, being used against the protocol.

Quorum reached, proposal passed
Quorum reached, proposal passed/Source: @lookonchain (X)

Step 4 — Treasury drained

Following the proposal’s passage, 4.426 trillion BONK transferred from the BonkDAO treasury to the attacker’s wallet — a transaction that was fully authorised by the governance mechanism, making it technically indistinguishable from a legitimate treasury action on-chain.

BONK Wallets Transfer
4.426 trillion BONK transferred from the BonkDAO treasury to the attacker’s wallet/Source: @lookonchain (X)

The cost-benefit of the attack:

MetricAmount
Cost to attacker~$4.4 million (BONK purchases)
Treasury drained~$21.2 million
Net gain (if fully liquidated)~$16.8 million
Already deposited to OKX~40B BONK (~$188K)
Remaining in attacker wallet~4.386T BONK (~$19.3M)

The attacker spent $4.4 million to potentially extract $21.2 million — a return of approximately 4.8x on the attack capital, executed without breaking a single line of code.

BonkDAO’s Official Statement

BonkDAO’s official account @bonk_inu confirmed the incident with the following statement:

“BonkDAO was the target of a malicious governance proposal resulting in an estimated $20M worth of BONK tokens being drained from the BonkDAO treasury. During the investigation, BonkDAO identified the exchange wallets used to purchase BONK ahead of the proposal. BonkDAO is currently actively working with exchanges, bridges and Solana Foundation to best manage the situation. Law enforcement has been notified.”

The team’s identification of the exchange wallets used for the pre-attack accumulation is a significant development — centralised exchanges like Bybit and Binance have KYC requirements that mean the attacker’s identity may be traceable. The coordination with the Solana Foundation also suggests potential network-level intervention options are being explored, though the on-chain nature of the treasury transfer significantly complicates any direct fund recovery.

Why This Attack Worked — The Governance Design Failure

The BonkDAO attack did not succeed because of sophisticated technical exploitation. It succeeded because of fundamental governance design weaknesses that made this outcome not just possible but relatively straightforward for a well-capitalised attacker.

Low quorum threshold relative to treasury value

The most critical failure: the amount of BONK required to pass a governance proposal — the quorum — was low enough that $4.4 million could purchase sufficient tokens to exceed it. For a treasury holding $21 million, the security mechanism protecting those funds required only a fraction of that value to circumvent. This is an extreme mismatch between treasury value and governance security cost.

Low community participation

Token-weighted governance depends on the assumption that the token holder community will actively participate in voting. When participation is low — as is typical for most DAO governance outside of major, contentious votes — a determined attacker does not need to outspend the entire community. They only need to outspend the active voters.

No time-lock or multi-sig protection on treasury transfers

Standard DAO security best practices include requiring either a time delay between proposal passage and execution — allowing time for the community to identify and respond to malicious proposals — or a multi-signature requirement for treasury transfers above certain thresholds. The absence of either mechanism meant the proposal executed immediately upon passage with no intervention window.

No veto or guardian mechanism

Many well-designed DAOs include an emergency pause or veto capability held by a trusted multisig committee — specifically for situations where a passed proposal appears malicious. Without this backstop, the governance mechanism had no circuit breaker once the vote concluded.

Recovery Prospects — What Happens Now

The recovery situation is complex and uncertain. The key variables:

Exchange cooperation — The attacker used Bybit and Binance for the accumulation purchases — both of which have KYC data and the ability to freeze associated accounts. BonkDAO’s statement confirms they have identified these exchange wallets, making this the most actionable near-term recovery path.

OKX deposit — The 40 billion BONK (~$188K) already deposited to OKX represents a small fraction of the total but confirms the attacker is beginning to liquidate. OKX has been cooperative in prior exploit situations across the industry.

The remaining $19.3M — The bulk of the stolen funds remain in the attacker’s wallet — which is both a risk and an opportunity. While the attacker has not yet liquidated, the BONK sitting in that wallet is visible and traceable on-chain. Any attempt to move significant amounts will be detectable.

Law enforcement — BonkDAO has notified law enforcement. Given the use of KYC-linked exchanges for the accumulation, there is a realistic path to identifying the attacker — though legal processes across jurisdictions take time.

Bottom Line

The BonkDAO attack cost the attacker $4.4 million and returned $21.2 million — a clean, code-free exploit of a governance mechanism that was not designed to protect a treasury of that size. The attacker did not break anything. They used the system exactly as intended.

BONK’s -8.80% price drop reflects the market’s immediate reaction to both the loss and the governance design questions the attack raises. Whether BonkDAO can recover the funds — through exchange cooperation, law enforcement, or attacker identification via KYC — will determine how much of the $21.2 million is ultimately returned.

The broader lesson is clear: DAO governance is not just a product feature — for any treasury holding tens of millions of dollars, it is a security mechanism that needs to be designed, audited, and stress-tested with the same rigour as the smart contracts themselves.

What happened to BonkDAO?

On July 6, 2026, BonkDAO was the target of a governance attack where an attacker spent $4.4 million buying BONK on Bybit and Binance to gain enough voting power to pass a malicious proposal (BIP-76) transferring $21.2 million in BONK from the treasury to their own wallet.

How did the attacker exploit BonkDAO’s governance?

By purchasing enough BONK to exceed the quorum threshold, submitting a treasury transfer proposal, voting yes with their own tokens, and allowing it to pass automatically — no code exploit required.

What is BonkDAO doing to recover the funds?

Coordinating with exchanges (Bybit, Binance, OKX), bridges, and the Solana Foundation — while law enforcement has been notified. The attacker’s KYC-linked exchange accounts may assist in identification.

🛡️  Trust & Editorial Standards — CoinsProbe
1. Investment Disclaimer

The opinions and market insights shared on CoinsProbe represent the views of individual authors based on prevailing market conditions at the time of publication. Cryptocurrency investments carry significant risk and volatility. Readers are encouraged to conduct their own research and seek professional financial advice before making investment decisions. CoinsProbe and its contributors do not accept responsibility for financial losses or decisions made based on published content.

2. Sponsored Content & Advertising Policy

CoinsProbe may publish sponsored articles, affiliate links, or promotional collaborations. All sponsored material is clearly labeled to maintain transparency with our audience. Our editorial decisions remain fully independent, and advertising partnerships do not influence reviews, rankings, or published opinions.

3. Why Trust CoinsProbe

Since 2023, CoinsProbe has delivered reliable insights on cryptocurrency, blockchain, and digital assets. Our content is created by experienced researchers and analysts who follow strict editorial standards focused on accuracy, transparency, and credibility. Every article is carefully reviewed and verified using trusted sources and current market data. We provide unbiased analysis and timely updates covering everything from emerging crypto projects to major industry developments.