BonkDAO said on 6 Jul that a malicious governance proposal drained around $20mn worth of BONK tokens from its treasury, sending the Solana-based memecoin lower.
BonkDAO Says $20mn of BONK Drained in Governance Attack
In a post on X, BonkDAO – the decentralized autonomous organization (DAO) tied to the BONK token – said it identified exchange wallets used to purchase BONK ahead of the governance proposal and is working with exchanges, bridges and the Solana Foundation to manage the situation.
The BonkDAO treasury drain is the latest in a wave of Web3 attacks. Earlier today, DeFi protocol Summer.fi paused all vaults across after an exploit that blockchain security firms estimated netted an attacker about $6mn.
Governance attacks exploit weaknesses in a DAO's voting system, allowing attackers to gain enough voting power to approve proposals that benefit them, including transferring treasury assets.
"Law enforcement has been notified," the team said. "BonkDAO continues to work with relevant parties to recover funds and identify those responsible."
BONK fell as much as about 11% after the project disclosed the attack, before paring some of the losses. The Solana-based memecoin was down about 5% over 24 hours, with a market capitalization of about $395mn as of 22:43UTC. The token has traded at fractions of a cent since its 2022 debut, reflecting a supply measured in tens of trillions of tokens.
What happened?
The project did not disclose any technical details explaining how the proposal succeeded or whether the attacker exploited a vulnerability in the DAO's governance process. BONK also did not immediately respond to Sandmark's questions about the attack, the affected wallets or recovery efforts.
Available onchain analyses indicated that the attacker may have accumulated BONK through multiple wallets across exchanges before the vote, gaining enough voting power to make the malicious transfer.
The attacker then moved the stolen BONK into a newly created BONK 2.0 DAO, where a proposal titled "A New Chapter" was later created on Solana's Realms governance platform.
Latest DeFi attack
In the earlier attack, all vaults across Summer.fi's Lazy Summer Protocol were paused after an attacker used a flash loan to manipulate the protocol's vault accounting before withdrawing the funds, researchers said.
While the BonkDAO and Summer.fi incidents were unrelated, they highlight how attackers continue to exploit vulnerabilities across networks.
Earlier today, blockchain security firm CertiK also reported that hackers stole more than $1.31bn across 344 incidents during the first half of 2026.