BONK DAO Just Lost $20M - Without a Single Smart Contract Being Hacked.


This wasn't an exploit. It was governance manipulation.
Here's exactly how the attacker pulled it off:
➤ Accumulated ~$4M worth of $BONK to gain significant voting power.
➤ Submitted a malicious governance proposal requesting the transfer of 4.4 Trillion BONK (~$20M) to a wallet they controlled.
➤ The proposal remained largely unnoticed throughout the 7-day voting period.
➤ Just before voting closed, the attacker used their voting power to pass the proposal.
➤ Because the DAO executed approved proposals automatically, the treasury transferred the tokens without any smart contract being compromised.
➤ The attacker then sold the tokens, turning an estimated $4M investment into approximately $20M.
Key Takeaway:
This wasn't a protocol hack, it was a governance attack.
When governance tokens become concentrated, attackers can effectively "buy" control of a DAO and legally drain treasury funds through on-chain voting if proper safeguards are missing.
Strong governance requires more than secure smart contracts. It also needs protections such as quorum thresholds, vote monitoring, execution delays (timelocks), and emergency veto mechanisms.
BONK DAO has stated that it has notified law enforcement and is actively working to recover the stolen funds.
BONK-6.93%
post-image
post-image
post-image
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned