Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Subscribe

BonkDAO Governance Attack Drained $20M Through a Single Proposal

BonkDAO governance attack BonkDAO governance attack

The BonkDAO governance attack on 6 July 2026 cost the attacker approximately $4.4 million in BONK purchases and returned roughly $19.3 million in treasury tokens, with no smart-contract exploit involved. Every step was on-chain. The voting worked exactly as designed.

The drained amount, approximately 4.426 trillion BONK transferred shortly after 4:00 a.m. ET on 6 July, is reported by CryptoNews as worth $19.3 million at the time of transfer; the ~$20 million figure commonly cited reflects subsequent estimates, with CryptoPotato putting the total closer to $21.2 million. The conflict in figures reflects BONK’s price movement around the drain. Following the news, BONK fell approximately 8%, according to Yahoo Finance.

How the BonkDAO Governance Attack Unfolded

The attacker submitted the malicious proposal, named ‘BIP #76 – Sowellian BonkDAO’, at the end of June, according to the Bitcoin Foundation’s report. The proposal then sat live for six days, the normal voting window, while the attacker assembled the weapon.

BonkDAO ran its governance on the Realms platform configured with a 1% quorum threshold: if just 1% of eligible voting power participated and voted yes, the proposal executed automatically, per Crypto Briefing. That design choice, intended to prevent governance gridlock when apathetic token holders ignore votes, is what the attacker exploited.

Starting around 4 July, the attacker bought approximately 882.285 billion BONK on Bybit and Binance, just enough to clear the 879.95 billion BONK required to meet the 1% threshold, according to CryptoPotato. The $4.4 million cost is higher than the $4 million figure cited in initial reports, as CoinDesk confirmed. Seven wallet addresses voted in total. The attacker’s wallets held roughly 99.878% of votes cast. The proposal passed; the smart contract executed.

The drained BONK moved first to a wallet address ending in ‘JHvQ’, identified via Solana blockchain explorer Solscan as funded through a Bybit account, before moving again to a second address ending in ‘eh42’, per CryptoNews. CoinDesk reported the attacker then began selling the drained tokens.

Why a 1% Quorum Is an Open Door

Security firm Halborn characterised the incident as an estimated $20 million hack enabled directly by the quorum design: the attacker only needed YES votes totalling 1% of BONK’s total supply. In a DAO with chronic voter apathy, that bar is trivially low relative to the treasury sitting behind it.

Three design failures converged. No meaningful quorum floor beyond that 1% threshold existed. No timelock separated proposal approval from execution, so there was no window for the community to react once the vote closed. No multisignature control over large treasury movements served as a backstop. Any one of those controls, properly calibrated, could have broken the attack; their combined absence meant $4.4 million was sufficient to take ~$19.3 million.

The quorum configuration also reveals a structural trap common to token-weighted governance. Low participation lowers the token threshold an attacker must reach. The cheaper the attack, the more treasuries are reachable. A DAO with a large treasury and a minimal quorum is pricing itself into the attacker’s target set.

The Defences That Would Have Stopped This

A timelock, a mandatory delay between a vote passing and its execution, is the single highest-leverage fix. It breaks flash-loan variants entirely (borrowed tokens cannot be held across the delay) and gives holders time to notice an anomalous treasury proposal. A six-day voting period is not a timelock; what matters is a hard execution delay after approval.

A substantive quorum floor, calibrated to the treasury’s value rather than set to minimise governance friction, would have voided a seven-wallet result outright. Conviction voting, where voting power accrues the longer tokens are committed, directly penalises the rapid accumulation pattern used here. Emergency multisignature controls over large disbursements add a final backstop, at the cost of some decentralisation, but that trade-off is exactly what BonkDAO’s aftermath now illustrates.

Legal exposure is also unresolved. D’Angelo Legal argues that structuring a treasury drain as a series of ‘valid’ transactions does not necessarily immunise the actor, framing the BonkDAO incident as an illustration of the legal ambiguity surrounding governance-based takeovers. Code executing correctly and conduct being lawful are not the same question.

BonkDAO began tracing the exchange wallets and coordinating with Bybit, Binance, and law enforcement. Recovery is uncertain, precisely because the mechanism was the protocol’s own legitimate process. The real open question is how many other DAOs are running the same quorum configuration, holding a treasury the attacker’s spreadsheet already values.

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use