BonkDAO was hit by a malicious governance proposal that drained approximately $20 million worth of BONK tokens from its treasury, according to the project's official X account statement posted on Monday. The attack exploited the DAO's governance process rather than a wallet vulnerability, with the attacker pushing through a suspicious proposal that allowed treasury assets to be removed. The incident reflects a wider pattern in decentralized finance where governance systems and treasury permissions become attack surfaces, with the stolen tokens already moving toward crypto exchanges and BONK's price falling more than 9% following the disclosure.
The attack targeted BonkDAO's governance process rather than a simple wallet exploit. According to the project's statement, the attacker pushed through a suspicious proposal that allowed treasury assets to be removed. "BonkDAO was the target of a malicious governance proposal resulting in an estimated $20M worth of BONK tokens being drained from the BonkDAO treasury," the project wrote on Monday.
The incident makes governance systems, voting controls, proposal execution rules, and treasury permissions part of a wider attack surface pattern in decentralized finance. Unlike traditional smart contract exploits, this attack used the DAO's own approved governance mechanisms to authorize the treasury drain.
The stolen BONK tokens started moving toward crypto exchanges, prompting immediate platform responses. South Korea-based Upbit suspended BONK deposits and withdrawals after the incident, a step designed to limit the movement of potentially stolen assets through its platform.
Exchange suspensions are common after large token exploits because attackers often try to convert stolen assets into more liquid cryptocurrencies or move them through centralized platforms before tracing efforts become more effective. The quick tracking of funds to exchanges may improve the chances of freezing some assets, though recovery remains uncertain once tokens are moved across venues, swapped, or routed through other wallets.
BONK fell more than 9% following the disclosure, reflecting both the direct treasury loss and investor concern over whether the attacker may attempt to sell the tokens through centralized venues. The immediate market risk is selling pressure if the stolen tokens reach liquid trading venues, where the attacker may attempt to sell into order books.
BONK is one of the better-known memecoins on Solana, originally launched through a broad community airdrop in December 2022. Its profile has expanded beyond typical memecoin trading, with inclusion in some exchange-traded products and broader market discussions around Solana-based assets. That visibility makes the governance attack more damaging, as a treasury drain raises questions about internal controls beyond typical memecoin volatility.
"Law enforcement has been notified. BonkDAO continues to work with relevant parties to recover funds and identify those responsible," Bonk wrote. The recovery process depends on coordination between the project, exchanges, blockchain analytics firms, and law enforcement.
For token holders, the incident highlights that treasury controls, proposal safeguards, quorum rules, and execution delays are key parts of project due diligence. Governance attacks can be especially severe because they may use approved system functions rather than exploit code in the traditional sense, making the line between unauthorized theft and governance failure harder to manage operationally.
What happened to BonkDAO on Monday? BonkDAO was hit by a malicious governance proposal that drained approximately $20 million worth of BONK tokens from its treasury, according to the project's official X account. The attack exploited the DAO's governance process rather than a wallet vulnerability.
How did exchanges respond to the BonkDAO attack? South Korea-based Upbit suspended BONK deposits and withdrawals after the incident to limit the movement of potentially stolen assets through its platform. The stolen tokens started moving toward crypto exchanges following the attack.
Why did BONK's price fall after the governance attack? BONK fell more than 9% following the disclosure, reflecting both the direct $20 million treasury loss and investor concern over whether the attacker may attempt to sell the stolen tokens through centralized exchanges.
Related News
OFAC Sanctions Drive Tether’s USDT Wallet Freeze
Summer Finance Pauses Vaults After $65.4M Flash Loan Attack Causes $6M Loss
TRUMP Token Holders Lose $3.81B as Price Collapses 97% From All-Time High
Summer.fi Loses $6M in Flash Loan Attack on DeFi Vault
「Ill Bloom」wallet weak mnemonic vulnerability exploited, losses exceed $5 million since May