Key facts
- An attacker stole $21.2 million from the BonkDAO treasury.
- The exploit involved purchasing BONK tokens to meet governance quorum, not a technical hack.
- The attacker proposed and voted for a proposal that moved treasury funds to their wallet.
- A lack of community participation in governance allowed the proposal to pass.
- BONK's price fell approximately 6.59% following the news.
An attacker has successfully siphoned $21.2 million from the BonkDAO treasury through a governance exploit, rather than a traditional hack. The individual purchased BONK tokens for approximately $4.4 million, enough to meet the quorum threshold for a governance proposal.
The proposal, known as BIP #76, Sowellian BonkDAO, was presented on the governance forum but reportedly went unchecked by the community for seven days. The attacker then used their acquired tokens to vote in favor of the proposal, which automatically executed the transfer of 4.426 trillion BONK tokens to their wallet.
This incident highlights a critical vulnerability in decentralized governance where low community participation can be exploited. The attacker leveraged the democratic process itself to drain the treasury, turning their $4.4 million investment into $21.2 million. No technical security breach occurred; the exploit succeeded due to a lack of oversight and engagement from token holders.
Following the news, the price of BONK experienced a decline of approximately 6.59%, with its market capitalization decreasing by around $40 million. Some cryptocurrency exchanges temporarily halted BONK withdrawals as the situation unfolded. BonkDAO has since identified the attacker's wallets, alerted exchanges and bridges, and informed law enforcement, though recovering the funds is expected to be challenging due to the on-chain and automatic nature of the transaction.