The BONK DAO lost approximately $20 million after an attacker gained sufficient voting power to pass a malicious governance proposal. This incident has raised concerns about vulnerabilities within decentralized governance systems reliant on token-based voting.
Importance of the Incident
This breach underscores significant weaknesses in how governance is structured within decentralized autonomous organizations (DAOs). As many DAOs depend on token-holder voting to make decisions, this event serves as a warning about the potential for manipulation that can lead to substantial financial losses.
Key Details of the Attack
- Estimated loss: $20 million in BONK tokens.
- Attacker's expenditure on acquiring voting power: $4.4 million.
- Voting participation: Only 7 wallets involved despite over 18,000 eligible members.
- Proposal passed with 882.38 billion votes, slightly above the required 879.95 billion.
The attack commenced on June 30 when an anonymous wallet submitted a treasury transfer proposal requesting 4.43 trillion BONK tokens. To pass the proposal, the attacker had to acquire a substantial amount of tokens, which led to a purchase of approximately $4.4 million worth in BONK from exchanges.
Despite only a handful of wallets participating, the voting power acquired by the attacker was enough to approve the transfer. Once the vote succeeded, the governance mechanism automatically executed the treasury transfer, moving approximately $20 million worth of BONK to the attacker's wallet.
Future Considerations
The BONK DAO is actively investigating the attack and is collaborating with exchanges, bridges, and the Solana Foundation to respond effectively to this incident. The organization aims to strengthen its governance structure to prevent similar occurrences in the future.
This material is for informational purposes only and does not constitute financial advice.



