The post Attacker Drains $20M From BonkDAO Treasury Through Token-Weighted Exploit appeared first on Coinpedia Fintech News BonkDAO (Decentralized Autonomous OrganizationThe post Attacker Drains $20M From BonkDAO Treasury Through Token-Weighted Exploit appeared first on Coinpedia Fintech News BonkDAO (Decentralized Autonomous Organization

Attacker Drains $20M From BonkDAO Treasury Through Token-Weighted Exploit

2026/07/07 07:20
2 min read
For feedback or concerns regarding this content, please contact us at [email protected]
Story Highlights
  • A malicious user has stolen $20M worth of BONK tokens from the BonkDAO treasury by exploiting the majority-token-holder governance privilege.

  • The treasury lacked safety measures such as a multisig wallet and execution delays.

  • BONK is down 7.25% in the day, with this marking a second target on the BONK ecosystem and the second crypto exploit this month.

BonkDAO (Decentralized Autonomous Organization) has reported that it was recently the victim of a $20 million drain via a decentralized governance exploit.

BonkDAO suffers $20M theft

According to the organization, the attacker first purchased $4 million worth of BONK tokens from several exchanges to gain sufficient voting power. They then used this to single-handedly pass a malicious proposal, resulting in the transfer of 4.426 billion BONK tokens (about $20 million at the time) from the BonkDAO treasury to their controlled wallet. The attacker also renamed the DAO to “Sowellian BonkDAO”.

Source: solscan.io

As seen on solscan.io, the siphoner has already started moving these tokens towards exchanges. This has heightened selling pressure, with BONK dropping 7.25% over the last 24 hours to $0.0544. Just two days ago, BONK was among the trending meme coins boasting a 14% rally in a day amid a broader market downturn.

BonkDAO now says it is working wth bridges, exchanges, the Solana Foundation, and law enforcement to track the funds and eventually freeze or recover them.

https://x.com/bonk_inu/status/2074191403781906800

Crypto exploits in July

The brute-force capital approach was successful because the DAO lacked several safety measures. Among them are execution-time locks, which enforce a delay between the approval of an action and its actual execution, so that the community, developers, and researchers can note any oddities. Another is mandatory multisig override, which employs a highly secure multisig wallet to temporarily bypass execution time locks in the event of an emergency, such as a hack. 

The latest incident follows the March hijacking of bonk.fun domain – one of Solana’s meme coin launch pads. At the time, attackers swapped the “accept Terms of Service” prompt with a malicious script that drained all wallets connected to the site. Nonetheless, the attack was short-lived and damage minimal – attackers drained up to 50 Solana (SOL) tokens from each of the 35 affected wallets.

Just hours before today’s incident, blockchain security firm Blockaid flagged an active $6 million exploit targeting the DeFi yield protocol Summer.fi.

World Cup Combo: Aim for 200x

World Cup Combo: Aim for 200xWorld Cup Combo: Aim for 200x

Combine up to 20 World Cup matches in one order

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

$5M in SPCX Positions for Free

$5M in SPCX Positions for Free$5M in SPCX Positions for Free

0 fees, 100x leverage, daily prizes, 7K+ stocks/ETFs