An attacker exploited BonkDAO's governance by acquiring enough tokens to pass a proposal that drained about 4.426 trillion BONK, worth near $20 million. The operation used legitimate on-chain transactions without exploiting code vulnerabilities.

The hacker bought approximately 882 billion BONK for $4.4 million, exceeding the quorum needed to approve proposals. This allowed the attacker to redirect treasury tokens to their own wallet.

So far, 800 billion BONK have been sold for around $2 million, causing a 7-9% price drop to roughly $0.00000383. The attacker still holds 2.4 trillion tokens, maintaining pressure on the market due to potential future sales.

Issues With Token-Weighted Governance

This event highlights the risks of systems where voting power depends directly on token holdings. Without safeguards like multi-signature controls, time-locked voting, or tiered proposal thresholds, DAOs remain vulnerable to such attacks.

Investors should carefully evaluate governance structures to avoid exposure. On-chain tools can monitor the attacker’s wallet, but reactive measures often come too late.

This material is informational and not financial advice.