BonkDAO lost $20 million in BONK tokens after an attacker pushed through a malicious governance proposal on Solana's Realms platform, the project confirmed July 6.
Preliminary on-chain analysis shows the attacker purchased roughly $4 million worth of BONK through exchange wallets to accumulate enough voting power for the proposal to pass, according to blockchain investigators tracking the exploit.
Unlike a smart contract exploit, the incident was a governance attack where token-weighted voting was used to approve a legitimate-looking treasury transfer. The DAO managed approximately 15% to 16% of the total BONK token supply through its governance structure. Stolen tokens have already started moving to exchanges, raising the risk of liquidation.
The $20 million loss represents a significant portion of BonkDAO's treasury, which funded ecosystem development and community initiatives. The team is working with exchanges, the Solana Foundation, bridges and law enforcement to trace and potentially freeze the assets before they are laundered beyond recovery.
The attack renews industry debate over DAO governance security, particularly around safeguards such as timelocks, multisignature approvals and treasury execution delays designed to prevent single governance proposals from draining protocol funds.
BONK fell more than 10% following the news, according to CoinGecko data. The token's price decline reflects investor concern that the attacker may attempt to liquidate the stolen holdings on the open market.
The incident is the latest in a series of governance exploits targeting DAOs across multiple chains. Similar attacks have exploited token-weighted voting systems where large holders can push through malicious proposals without additional checks.
This article is for informational purposes only and does not constitute investment advice.