VYPR
breachPublished Jul 6, 2026· 1 source

Attackers Steal $20 Million in BONK Cryptocurrency via Malicious Governance Proposal

BonkDAO, the decentralized governance body for the BONK cryptocurrency, announced that attackers exploited a malicious governance proposal to steal approximately $20 million worth of BONK tokens.

The decentralized autonomous organization (DAO) responsible for the BONK cryptocurrency has announced a significant security breach, resulting in the theft of approximately $20 million worth of BONK tokens. The incident occurred when attackers leveraged a malicious governance proposal, a tactic that exploits the very mechanisms designed for community-driven decision-making within decentralized finance.

BonkDAO, which oversees the popular dog-themed memecoin built on the Solana blockchain, stated that threat actors used a large holding of BONK tokens to artificially inflate their voting power. This allowed them to pass a proposal that effectively transferred a substantial amount of the project's treasury or reserves into their own wallets. Reports suggest that the attackers had amassed around $4 million worth of BONK specifically to execute this exploit.

In the wake of the discovery, BonkDAO confirmed that it has notified law enforcement agencies and is actively collaborating with relevant parties to trace the stolen funds and identify the perpetrators. The organization also noted that it identified the exchange wallets used by the attackers to acquire the BONK tokens prior to the malicious vote, a crucial piece of information for the ongoing investigation.

The exploit has had a noticeable impact on the BONK cryptocurrency's market performance. As of Monday afternoon Eastern U.S. time, the price of BONK had fallen by approximately 7 percent, with its overall market capitalization dropping to around $400 million. The South Korean cryptocurrency exchange Upbit also temporarily suspended deposits and withdrawals of BONK in response to the incident.

This attack highlights the inherent risks associated with decentralized governance models. DAOs, by design, rely on token holders to vote on proposals, which can range from protocol upgrades to treasury management. While intended to foster transparency and community control, this system can be vulnerable to manipulation if a single entity or coordinated group amasses enough tokens to sway votes, a scenario known as a "51% attack" on governance.

Malicious governance proposals differ from more common smart contract exploits, which target vulnerabilities in the automated code that governs transactions. Instead, this attack directly corrupted the decision-making process itself. This type of attack is not unprecedented in the cryptocurrency space; a similar incident in 2022 saw attackers drain about $180 million from the Beanstalk platform through a governance exploit.

While recovery efforts are underway, the incident serves as a stark reminder of the evolving threat landscape in the cryptocurrency sector. The decentralized nature of DAOs, while offering benefits, also presents unique challenges for security and oversight. The ongoing investigation by law enforcement and BonkDAO's efforts to recover funds will be closely watched by the wider crypto community.

BonkDAO held approximately 15 percent of the total available BONK supply, underscoring the significant control that could be wielded through token ownership within the ecosystem. The incident is expected to prompt further scrutiny of governance mechanisms and security protocols within DAOs across the blockchain industry.

Synthesized by Vypr AI