Skip to content
An oversized hand drops a stack of votes that outweighs a scattered crowd on a tipping scale, swinging open a treasury vault as coins stream out.
exploitsJuly 7, 20264 min read

BonkDAO's $20M Governance Takeover: When Buying the Vote Beats Hacking the Code

Dmitry Serdyuk
Dmitry SerdyukCo-Founder & CDO

Updated on July 7, 2026

TL;DR

On July 6, 2026, an attacker drained roughly $20 million in BONK from the BonkDAO treasury on Solana. There was no reentrancy, no oracle trick, no signature forgery. The attacker bought enough BONK to hold a voting majority, submitted a governance proposal, and let the DAO's own rules approve the transfer of its treasury. Preliminary on-chain analysis put the cost of that majority at about $4 million in BONK, accumulated quietly through exchange wallets over several days. This is the cleanest kind of "hack" there is: the code did exactly what it was told, by whoever paid the most to tell it.


What actually happened?

BonkDAO governs the treasury behind BONK, one of the larger Solana meme-coin ecosystems. Like most Solana DAOs, it runs on Realms, the front end for the SPL Governance program, where voting power is denominated in the governance token. One token, one vote. Whoever controls the most tokens controls the outcome.

The attack rode a proposal labeled BIP-76, "Sowellian BonkDAO," which was dressed up in the language of a turnaround: install a new council, "rebuild from the ashes, monetize holdings, and stop the bleeding." The narrative was cover. The mechanism was the proposal's second instruction, which moved roughly $20 million in BONK out of the treasury and into the attacker's control the moment the vote executed. The proposal even dangled a reward: every "yes" voter would supposedly receive BONK. None ever did. The drained tokens went to the attacker's own wallets, not to voters, so the incentive was theater, a way to dress a treasury raid as a community rescue and pull a few more "yes" votes across the line.

BonkDAO says it has identified the exchange wallets used to buy BONK ahead of the vote and is working with exchanges, cross-chain bridges, the Solana Foundation, and law enforcement to trace and freeze the funds. On-chain trackers followed the outflow to a Bybit-funded wallet before the stolen BONK began moving toward exchanges. Upbit and Kraken paused BONK deposits and withdrawals in response. BONK fell about 9% in the 24 hours that followed, and its market capitalization dropped to around $380 million as volume spiked.


How does a "governance attack" drain a treasury without a bug?

This is the part teams keep getting wrong: a governance attack is not an exploit of broken code. It is an exploit of correct code with weak parameters.

In token-weighted governance, the treasury is protected by exactly one assumption: that no hostile party can cheaply acquire more voting weight than the honest holders who will show up to vote against them. Everything else is downstream of that assumption. When it holds, the system is safe. When a token is liquid, cheap, and thinly voted, the assumption is not an assumption. It is a price.

BonkDAO's token was all three. So the attacker did the only rational thing: they treated the vote as a market and bought it.

rendering diagram…

Three properties turned a legitimate governance system into a withdrawal mechanism:

  1. Voting power was purchasable at a discount to the prize. Roughly $4 million bought control of a treasury worth roughly $20 million. The moment that ratio is positive, the attack is not a question of whether but of who and when.
  2. Quorum did not stop a whale. Token-weighted quorum only measures how many tokens voted, not how many independent people. One attacker with a majority satisfies quorum by themselves.
  3. There was no timelock between approval and execution. A passing proposal executed its instructions immediately, so the community had no window to notice the treasury-draining instruction and respond.

The other half of the attack: timing the vote

Buying the majority was only half the play. The other half was choosing when to spend it.

A voting period is a window, and a window has quiet hours. The attacker did not vote the moment they had the tokens. They held back and cast the deciding vote late in the voting window, in the stretch where turnout thins and almost no one is watching the proposal queue. By the time the tally mattered, there was too little time and too little attention left for honest holders to notice the treasury-draining instruction and organize a counter-vote. The reporting is blunt about the result: the operation went unnoticed until the funds were already moved.

So the low participation was not bad luck. It was the design of the attack. Token-weighted quorum is trivial to satisfy when you already hold the majority, and a late, quiet vote guarantees the minority never shows up in force. Every hour the attacker held back was an hour fewer for anyone to react, and the "yes"-voter reward gave the few who were paying attention a reason to wave it through rather than fight it. Combined with no execution timelock, the timing closed the last escape route: by the time the vote resolved, the transfer had already run.

The lesson for defenders is uncomfortable. A proposal that looks safe at hour one of a voting period is not safe at the final hour, because the decisive weight can arrive at the end. Governance risk is not a snapshot. It is the whole window, and the most dangerous moment is the one when the fewest people are watching.


Attack path, step by step

StepAttacker actionGovernance / on-chain stateControl that would have blocked it
1Accumulate BONK through multiple exchange wallets over several daysVoting weight rising, spread across addresses to avoid a single obvious whaleMonitoring on governance-power concentration and large token inflows into voting positions
2Cross the effective voting majorityAttacker can now pass any proposal unilaterallyConviction voting or a hard quorum-of-independent-voters floor
3Submit BIP-76 with a benign-sounding title, dangling a "yes"-voter rewardProposal enters voting; treasury-touching instruction buried as instruction twoProposal-simulation and human review that flags any instruction transferring treasury assets
4Hold back, then cast the deciding vote late in the windowTurnout is thin; the malicious tally lands with minimal oppositionA participation floor, plus a review window that resets when large voting weight arrives late
5Proposal passesToken-weighted tally clearsHigher approval threshold for treasury-spending proposals
6Proposal executes~$20M BONK leaves the treasury in one transactionA timelock / hold-up period before execution, plus an emergency multisig veto
7Move funds outOutflow routed through a Bybit-funded wallet toward exchangesReal-time treasury-egress alerting tied to a freeze/response runbook

Every row is a control that exists and is well understood. BonkDAO simply had none of them positioned in the path of this transaction.


Why spending $4M to steal $20M was rational

It is tempting to read "$4 million to attack" as a deterrent. It is the opposite. It is the attacker's cost of goods sold.

A five-to-one payout on a legal-gray, hard-to-claw-back on-chain action is an extraordinary return, and the $4 million was not even fully sunk. It was spent buying an asset the attacker still held while voting, and part of the drained treasury was the same token. The real cost was slippage, exchange risk, and the chance that the community would notice in time. With no timelock, the last risk was close to zero.

This is the uncomfortable math of token-weighted governance over a liquid token: the treasury is only ever as safe as the spread between its value and the market cost of a controlling stake. Bull markets make that spread worse, not better, because a rallying token pulls the treasury's dollar value up faster than the float needed to control it.


Was this preventable?

Yes, and not with anything exotic. Every control that would have stopped BIP-76 is standard practice in mature DAO design:

  • A timelock on execution. The single highest-value fix. If approved proposals sit for 24 to 72 hours before their instructions run, a treasury-draining instruction becomes visible while it is still stoppable. A timelock does not prevent a malicious proposal from passing; it converts a silent, atomic theft into a loud, interruptible one.
  • Conviction voting or a real quorum floor. Raising the cost and time required to manufacture a majority, and weighting long-term aligned holders over freshly bought tokens, removes the "buy the vote at market open" attack entirely.
  • A participation floor and a reset on late deciding votes. Require a minimum share of independent voting weight for a treasury proposal to pass, and restart the review clock when a large block of new voting weight arrives in the final hours, so a last-minute majority cannot clear a quiet window before anyone reacts.
  • An emergency multisig or council veto on large treasury movements. A small, trusted group that can freeze a single class of action, treasury egress above a threshold, without controlling day-to-day governance.
  • Monitoring on the two signals that preceded this attack. First, the accumulation: large, coordinated token inflows into governance positions from exchange wallets. Second, the proposal itself: any instruction that transfers treasury assets. Both were observable before the money moved.

That last point is where detection and design meet, and it is worth being precise about what monitoring can and cannot do here. Runtime monitoring alone cannot reverse an atomic on-chain transfer, and against a DAO with no timelock, an alert on the execution transaction arrives at the same instant as the loss. Monitoring earns its keep earlier: it can flag the voting-power accumulation days ahead, and it can flag a treasury-touching proposal the moment it is submitted. But those alerts only become prevention when there is a timelock or a veto window for a human to act inside. Detection buys you time you can only spend if the governance design gave you a window to begin with. That is the honest division of labor: design creates the window, monitoring tells you to use it.


Is this a Solana problem or a DAO problem?

It is a DAO problem that happens to have surfaced on Solana. Nothing about SPL Governance or Realms is broken here; the same attack shape has drained token-weighted DAOs across every chain, because the vulnerability lives in the economic design, not the runtime. A meme-coin treasury is an especially soft target because the governance token is liquid and cheap relative to the value it controls, and because meme-coin communities rarely turn out enough independent voting weight to defend a proposal.

The generalization for anyone running a treasury DAO: your governance is a smart contract whose most important parameter is not in the code at all. It is the market price of a controlling stake in your token versus the value of what that stake can move. If that number is ever favorable to an attacker, and nothing sits between "proposal passes" and "funds leave," you do not have a treasury. You have an order book.


What operators should do this week

  1. Price your own attack. Calculate the market cost of acquiring a voting majority in your token and compare it to your treasury's value. If the ratio is anywhere near favorable, treat it as an open incident, not a hypothetical.
  2. Put a timelock in front of execution. If approved proposals execute immediately, that is the first thing to change. Even 24 hours converts a silent drain into a visible one.
  3. Add a circuit breaker on treasury egress. An emergency multisig or council that can veto or freeze large treasury movements without owning general governance.
  4. Raise the bar for treasury-spending proposals. A higher approval threshold and a real quorum floor for anything that moves funds, separate from routine governance.
  5. Simulate and review every proposal's instructions. Do not vote on titles. Decode what each instruction actually does; flag anything that touches the treasury for mandatory human review.
  6. Monitor accumulation and proposal instructions, wired to a runbook. Alert on coordinated token inflows into governance positions and on any proposal instruction that transfers treasury assets, and make sure the alert lands with someone who can pull the freeze inside the timelock window.
  7. Treat the close of the voting window as the risk peak. Alert when a large block of voting weight lands late in a proposal's window, require a minimum-participation threshold for treasury proposals, and reset the review clock on a late swing, so a quiet, last-minute vote cannot slip a treasury raid through.

SigIntZero works with teams on exactly this: governance-design review that finds the missing timelock and quorum floor before an attacker prices them, paired with Tripwire monitoring that flags voting-power concentration and treasury-touching proposals early enough for the window to matter. The fix for BonkDAO's loss was never a better patch. It was a governance design that gave someone a chance to say no.


Frequently Asked Questions

Was BonkDAO hacked, or is this something else? Neither the BONK token contract nor the SPL Governance program was exploited in the code sense. The attacker used the governance system exactly as designed, after buying enough voting power to control its outcome. It is a theft executed through legitimate mechanics, which is why recovery depends on exchanges and law enforcement rather than a contract fix.

How much did the attack cost the attacker? On-chain analysis reported that the attacker spent roughly $4 million buying BONK through exchange wallets to secure a voting majority, then passed a proposal that moved about $20 million out of the treasury.

Would runtime monitoring have prevented it? Not on its own. Monitoring could have flagged the voting-power accumulation days earlier and the treasury-draining proposal the instant it was submitted, but stopping the transfer requires a timelock or veto window for someone to act inside. Detection and governance design have to work together; neither is sufficient alone.

How did the vote pass if BonkDAO holders could have voted no? Timing. The attacker already held the majority, then cast the deciding vote late in the voting window when turnout was lowest, so honest holders had little time or reason to notice the treasury instruction and vote against it. The proposal also promised "yes" voters a BONK reward that was never paid. Low participation was not an accident; it was part of the attack.

What is the single most important fix? A timelock between a proposal passing and its instructions executing. It is the control that turns an unstoppable, atomic drain into an interruptible event, and it is the one BonkDAO most visibly lacked.

Does this mean token-weighted DAO governance is unsafe? It means token-weighted governance is only as safe as the spread between the value it controls and the market cost of a controlling stake, backed by a timelock and a veto. For a liquid, low-cost token guarding a large treasury with no execution delay, that spread is an invitation.


Sources / References

Dmitry Serdyuk
Dmitry Serdyuk

Co-Founder & CDO

Full-Stack Operator | Building across security, AI, and digital infrastructure.