Attack on BonkDAO governance: $20 million stolen through malicious voting — emergency measures by exchanges

The decentralized autonomous organization (DAO) BonkDAO, which manages the memecoin BONK, has suffered a targeted attack on its governance system. Using a malicious proposal, the attacker drained approximately $20 million worth of tokens from the organization's treasury. The incident triggered an immediate response from cryptocurrency exchanges: Kraken and Upbit temporarily suspended BONK deposits and withdrawals to assess the situation and prevent further damage.
Attack Mechanics: Voting as a Weapon
According to a statement from the BonkDAO team, the attacker pushed a malicious proposal through the governance system, which was approved by a vote. Technical details and parameters of the vote itself have not yet been disclosed, but analysts link the incident to the Bonk Improvement Proposal #76. Its description included the dubious phrase "implement Sowellian governance" and a promise of a reward in BONK for those who voted "yes."
Essentially, this is a classic example of a DAO attack, where holders of a large volume of tokens use their voting weight to pass a decision that transfers treasury assets to addresses under their control. In this case, the funds were not distributed among the voting participants: they were first sent to an address associated with the Bybit exchange, and then to another wallet. This indicates a well-planned operation to withdraw and subsequently liquidate the stolen funds.
Market Reaction and Consequences
News of the attack immediately impacted the BONK price. Over the past 24 hours, the memecoin has lost 7.7%, trading at around $0.00000432. The suspension of operations on major exchanges such as Kraken and Upbit creates additional pressure on liquidity and increases uncertainty among holders.
BonkDAO stated that it is actively cooperating with exchanges, bridges, and the Solana Foundation to manage the situation. During the investigation, the team has already identified the exchange wallets used to purchase BONK before submitting the malicious proposal, which could help in freezing the funds and identifying the attacker.
Context and My Expertise
This incident highlights a fundamental vulnerability of many DAOs: the concentration of votes among large token holders. Until the governance system is protected from "majority attacks," such cases will recur. It is important to note that the attack occurred against a backdrop of declining interest in memecoins: in June 2026, activity on Pump.fun dropped by 30%. In such conditions, governance vulnerabilities become particularly dangerous, as a loss of trust can trigger a cascading sell-off.
My professional advice: always verify DAO proposals for their real value, especially if they promise quick rewards. The attack on BonkDAO is not just a loss of $20 million; it is a signal of the need to reconsider governance mechanisms within the Solana ecosystem and beyond.