In a surprising turn of events, BONK DAO revealed that it lost approximately $20 million in BONK tokens through a nefarious governance proposal, without any hacking or phishing involved. The theft was possible because the attacker exploited the very governance mechanisms established to empower community decision-making.

Understanding the Attack and Its Implications

$BONK is a meme-based cryptocurrency on the Solana blockchain, and BONK DAO governs it through token holder votes. Once a proposal passes, it is executed automatically on-chain, which is precisely what made it vulnerable in this situation.

The incident began on June 30, when a clandestine wallet introduced a deceptive proposal titled “BIP #76 Sowellian BonkDAO.” The proposal, framed under the guise of rebuilding and monetizing holdings, included a critical instruction: to transfer about 4.4 trillion BONK tokens to the attacker's wallet. This highlight masked as a community initiative ultimately led to the significant financial drainage.

  • Proposal submitted on June 30
  • Approx. 4.4 trillion BONK tokens transferred
  • Over $4.4 million spent to acquire necessary voting power
  • Voting turnout was just 2.9%

To pass the proposal, the attacker needed votes representing at least 1% of the total BONK supply. Thus, they invested about $4.4 million to purchase enough tokens on exchanges like Bybit and Binance over July 4 and 5. The final voting was remarkably skewed, with just seven wallets voting in favor, achieving quorum by a narrow margin. Ultimately, the DAO executed the transfer, leading to an astonishing $20 million moving into the attacker’s possession.

Aftermath: Where Did the Funds Go?

Immediately after the transfer, the stolen assets were almost entirely liquidated. The massive amount of 4.4 trillion BONK, valued at roughly $19.3 million at the time, was moved from the treasury to another wallet associated with a Bybit account. Later that same day, the tokens were transferred once again to further obscure their trail, indicating a calculated effort by the perpetrators to erase all traces of the theft. Promised rewards to voting participants never materialized, suggesting that the attackers had no intention of honoring any community pledges.

What’s Next for BONK DAO?

Moving forward, it will be essential to monitor how BONK DAO addresses vulnerabilities in its governance model. The incident raises vital questions about the security of decentralized autonomous organizations and the measures that should be taken to mitigate such occurrences in the future. Stakeholders will be keen to watch for any alterations to governance protocols that may arise as a direct response to this incident.

Disclaimer: This material is for informational purposes only and is not financial advice.