Someone Stole $21M From BonkDAO Without Hacking Anything

Coingapestaff
Updated
Coingapestaff

Coingapestaff

Journalist
CoinGape comprises an experienced team of native content writers and editors working round the clock to cover news globally and present news as a fact rather than an opinion. CoinGape writers and reporters contributed to this article.
Read full bio
coingape google news
Why Trust CoinGape
CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Someone Stole $21M From BonkDAO Without Hacking Anything
Sponsored This page may contain affiliate links. If you sign up through these links, we may earn a commission at no additional cost to you. This does not influence our editorial reviews or rankings.

Highlights

  • An attacker has stolen $21.2 million from the BonkDAO treasury without hacking anything.
  • BONK price has dropped approximately 6.59% with 955.47 billion volume.
  • There is work ongoing to recover the funds, but the transfer was on-chain and automatic, making it difficult to get back any funds.

An attacker has stolen $21.2 million from the BonkDAO treasury without hacking anything. He purchased BONK tokens for $4.4 million, proposed via the governance forum that nobody checked for seven days. He voted yes for the proposal with his own tokens, and watched the funds move to his wallet automatically. Once executed, it was irreversible.

In a few hours, BONK price has dropped approximately 6.59% with 955.47 billion volume.

The token went from a high near 0.00000490 to 0.00000417 as the news spread. Market cap lost approximately $40 million and some exchanges halted BONK withdrawals.

 BONK price - TradingView
BONK price has dropped approximately 6.59%

Details of the BonkDAO Steal

The proposed name for the project was BIP #76, Sowellian BonkDAO. It talked about governance improvements, asset monetization, and rebuilding the token, but it didn’t explain what this meant in concrete terms. 

The transaction contained one instruction to move 4.426 trillion BONK tokens to a wallet address owned by the attacker.

The attacker would have to have meet quorum threshold to implement the proposal. So they bought just 882.285 billion BONK tokens. Their full stack was used to vote.

When the voting period ended, trillions of BONK tokens poured into their wallets as the vote was accepted as passed.

A seven-day voting period passed with too few community members reading and voting against the proposal to halt the vote. That’s the point here. No technical problem occurred. There was simply nobody listening.

More Details on BonkDAO Exploit

BONK was launched on Christmas Day 2022, shortly after FTX collapsed in a few weeks. The whole concept was based on community ownership, meaning no VC investment, no insider allocation, and power given to the owners.

BonkDAO has identified the attacker’s wallets, notified exchanges and bridges, sent a message to the Solana Foundation, and notified law enforcement. There is work ongoing to recover the funds, but the transfer was on-chain and automatic, making it difficult to get back any funds.

The attacker made a single transaction, and his $4.4 million became $21.2 million. This is a 5x return via the project’s own democratic process.

What BonkDAO’s Situation Means for DAO Governance

A DAO in which most of the holders of the tokens do not vote is not decentralized governance; it’s just a treasury with an unlocked door. No quorum was obtained at BIP #76, and, therefore, $4.4 million in bought votes was enough to reach quorum. 

There was no hacking involved in the exploit. This same attack is possible anywhere that the quorum is low enough.

If you’re looking for the best crypto analysis website, check out our coverage on crypto research tools.

Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.
Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.

Why Trust CoinGape

CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights Read more… to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.

Newsletter
Your crypto brief.
Delivered every day.
  • Insights that move markets
  • 100,000 active subscribers
By signing-up you agree to our Terms and Conditions and Privacy Policy.
About Author
About Author
CoinGape comprises an experienced team of native content writers and editors working round the clock to cover news globally and present news as a fact rather than an opinion. CoinGape writers and reporters contributed to this article.