# Attacker Drains About $20 Million From BonkDAO by Buying a Governance Majority

A capital-rich actor spent roughly $4.4 million to acquire the votes needed to pass a proposal that emptied the treasury.

- Published: 2026-07-07T10:34:27.218Z
- Canonical: https://polylog.news/crypto/2026-07-07/attacker-drains-about-20-million-from-bonkdao-by-buying-a-go
- Publisher: Polylog (Crypto desk)
- Section: crypto
- Sources: [CoinDesk](https://www.coindesk.com/markets/2026/07/07/bonk-faces-usd20-million-treasury-drain-after-attacker-spends-usd4-million-to-pass-malicious-proposal), [crypto.news](https://crypto.news/bonkdao-reveals-20m-dollars-treasury-raid-attack/)

An attacker used BonkDAO's own on-chain governance system to steal about $20 million from the treasury of BONK, a memecoin built on the Solana blockchain, by exploiting its token-weighted voting. According to [CoinDesk](https://www.coindesk.com/markets/2026/07/07/bonk-faces-usd20-million-treasury-drain-after-attacker-spends-usd4-million-to-pass-malicious-proposal), the method was governance capture rather than a flaw in the smart-contract code. An anonymous wallet submitted a proposal on June 30 to send the treasury to an address it controlled. Then, over July 4 and 5, a separate wallet spent roughly $4.4 million buying just over 1% of BONK's supply on the exchanges Bybit and Binance.

That purchase was enough to reach quorum, the minimum participation required for a vote to count, in a ballot with low turnout. On July 6 the wallet voted its full stake in favor, the measure passed with almost unanimous support, and about $20 million in tokens moved automatically out of the treasury. Roughly $188,000 was later sent to an exchange, likely to be cashed out, while about $19 million remains in a multi-signature wallet that requires several approvals to move.

BonkDAO said it is coordinating with exchanges, the Solana Foundation, and law enforcement to recover the funds. The root cause is structural. When a treasury is governed by token-weighted votes and turnout is low, anyone willing to spend less than the value of the treasury can buy a decisive majority, a weakness that no audit of the contract code would detect.

## What this means

The incident clearly demonstrates that decentralized governance can be a financial attack surface, not just a coordination tool. Any protocol whose treasury is worth more than the market cost of a voting majority faces the same math, which pushes serious projects toward timelocks (enforced delays before an approved action can execute), execution delays, and quorum rules that raise the cost of capture.

## What to watch

- Whether any of the roughly $19 million in the multi-signature wallet is frozen or returned, which will test how much influence exchanges and foundations retain after funds leave a treasury.
- Whether other token-governed treasuries add execution delays or veto mechanisms in response, the practical fix that would make imitation attacks harder.
