BonkDAO has confirmed that approximately $20 million worth of BONK tokens were drained from its treasury following a malicious governance proposal executed on July 6, 2026. The attack exploited the DAO’s own voting system rather than any smart contract vulnerability.
The attacker reportedly built voting power quietly over several days using exchange wallets, allowing the proposal to go unnoticed until the funds were already moved.
This marks one of the largest governance-related treasury drains in the Solana ecosystem this year.
BonkDAO was the target of a malicious governance proposal resulting in an estimated $20M worth of BONK tokens being drained from the BonkDAO treasury.
During the investigation, BonkDAO identified the exchange wallets used to purchase BONK ahead of the proposal. BonkDAO is…
— BONK!!! (@bonk_inu) July 6, 2026
Sharp Price Reaction
The news triggered an immediate sell-off. BONK price dropped more than 9% within hours, falling from around $0.48 to as low as $0.415 before partially recovering. The 1-day chart shows a clear steep decline during the evening of July 6.

How the Attack Happened
According to on-chain data and BonkDAO’s statement, the attacker accumulated a large position in BONK tokens which are estimated at around $4 million using exchange wallets. This gave them enough voting power to pass a malicious proposal that transferred roughly $20 million from the DAO treasury.
Key points about the attack:
- The attacker did not exploit any smart contract code.
- They used the DAO’s normal token-weighted voting system on Solana’s Realms platform.
- Exchange wallets were used to build the voting position before submitting the proposal.
- Once the proposal passed, treasury funds were moved directly to attacker-controlled wallets.
How This Attack Differs from the March Bonk.fun Hack
This governance attack is fundamentally different from the March 2026 Bonk.fun incident. Here’s a clear comparison:
- March 2026 Bonk.fun Hack: Attackers hijacked the website domain and deployed a wallet drainer. Users were tricked into signing a fake Terms of Service, leading to direct losses from individual wallets.
- July 2026 BonkDAO Attack: No user wallets were drained. The attacker targeted the DAO treasury itself by passing a governance proposal. The funds belonged to the DAO, not individual users.
- Reversibility: The March attack was a front-end issue that could be fixed relatively quickly. Governance attacks are much harder to reverse once a proposal has been executed on-chain.
Because this attack hit the core treasury, it carries greater long-term implications for the project’s development funds and community trust.
Why Governance Attacks Are a Growing Risk
Governance attacks have become more common because they require less technical expertise than traditional smart contract exploits. Here are the main reasons this type of attack is increasing:
- Token-weighted voting gives more power to large token holders.
- Accumulating enough tokens to influence votes is often cheaper than finding code vulnerabilities.
- Many DAOs, especially meme coin projects, hold large treasuries but use relatively simple governance systems.
- Once a proposal passes, reversing the transaction is extremely difficult.
Recovery Efforts and Next Steps
BonkDAO has stated that it is working with exchanges, bridges, the Solana Foundation, and law enforcement to trace the stolen funds. The team has already identified the exchange wallets used to accumulate voting power.
Upbit has suspended BONK deposits and withdrawals as a precautionary measure.
Recovery of the funds remains uncertain. Governance attacks are notoriously difficult to reverse because the transactions are executed through the DAO’s own system.
What This Means for DAO Governance
This incident highlights the need for stronger governance protections across DAOs. Possible improvements that projects may consider include:
- Adding timelocks on proposals to give the community time to react.
- Implementing higher quorum requirements or conviction-based voting.
- Introducing emergency multisig controls for large treasury movements.
- Regular security reviews focused specifically on governance parameters.
As more projects move large amounts of funds under community governance, securing the decision-making process is becoming just as important as securing smart contracts.
















