Someone Stole $21M From BonkDAO Without Hacking Anything
Highlights
- An attacker has stolen $21.2 million from the BonkDAO treasury without hacking anything.
- BONK price has dropped approximately 6.59% with 955.47 billion volume.
- There is work ongoing to recover the funds, but the transfer was on-chain and automatic, making it difficult to get back any funds.
An attacker has stolen $21.2 million from the BonkDAO treasury without hacking anything. He purchased BONK tokens for $4.4 million, proposed via the governance forum that nobody checked for seven days. He voted yes for the proposal with his own tokens, and watched the funds move to his wallet automatically. Once executed, it was irreversible.
In a few hours, BONK price has dropped approximately 6.59% with 955.47 billion volume.
The token went from a high near 0.00000490 to 0.00000417 as the news spread. Market cap lost approximately $40 million and some exchanges halted BONK withdrawals.

Details of the BonkDAO Steal
The proposed name for the project was BIP #76, Sowellian BonkDAO. It talked about governance improvements, asset monetization, and rebuilding the token, but it didn’t explain what this meant in concrete terms.
The transaction contained one instruction to move 4.426 trillion BONK tokens to a wallet address owned by the attacker.
The attacker would have to have meet quorum threshold to implement the proposal. So they bought just 882.285 billion BONK tokens. Their full stack was used to vote.
When the voting period ended, trillions of BONK tokens poured into their wallets as the vote was accepted as passed.
A seven-day voting period passed with too few community members reading and voting against the proposal to halt the vote. That’s the point here. No technical problem occurred. There was simply nobody listening.
More Details on BonkDAO Exploit
BONK was launched on Christmas Day 2022, shortly after FTX collapsed in a few weeks. The whole concept was based on community ownership, meaning no VC investment, no insider allocation, and power given to the owners.
BonkDAO has identified the attacker’s wallets, notified exchanges and bridges, sent a message to the Solana Foundation, and notified law enforcement. There is work ongoing to recover the funds, but the transfer was on-chain and automatic, making it difficult to get back any funds.
The attacker made a single transaction, and his $4.4 million became $21.2 million. This is a 5x return via the project’s own democratic process.
What BonkDAO’s Situation Means for DAO Governance
A DAO in which most of the holders of the tokens do not vote is not decentralized governance; it’s just a treasury with an unlocked door. No quorum was obtained at BIP #76, and, therefore, $4.4 million in bought votes was enough to reach quorum.
There was no hacking involved in the exploit. This same attack is possible anywhere that the quorum is low enough.
If you’re looking for the best crypto analysis website, check out our coverage on crypto research tools.











