Hacker Drains $20M From Bonk Memecoin via Fake Governance Vote

The tl;dr
An attacker bought enough Bonk tokens to pass a malicious governance proposal, redirecting the project's $20 million treasury to a wallet they controlled. The stolen funds were then moved to crypto exchanges. Bonk's developers have reported the attack to law enforcement and are working to trace and recover the assets.
Markets in this story
30-day · delayedKey points
- An attacker purchased sufficient Bonk tokens to gain control of a governance vote, allowing them to pass a proposal that transferred the entire DAO treasury (roughly $20 million in Bonk tokens) to a wallet under their control.
- The attacker spent approximately $4 million to acquire enough voting power, making it a profitable attack despite the upfront cost.
- The stolen tokens were tracked to crypto exchanges, including South Korea-based Upbit, which halted deposits and withdrawals of Bonk to prevent further movement of the stolen assets.
- Bonk is a dog-themed memecoin built on the Solana blockchain and relies on community governance; the attack exploited the ability to pass proposals with a concentrated token purchase.
- The Bonk team reported the incident to law enforcement and stated they are working to identify the attacker and recover the stolen funds.
By the numbers
Bonk, a popular dog-themed memecoin built on the Solana blockchain, suffered a $20 million treasury theft through a loophole in its decentralized governance system. An attacker purchased enough Bonk tokens to gain voting control, then used that power to pass a proposal redirecting the entire DAO treasury to a wallet under their control. The perpetrator spent roughly $4 million acquiring the tokens needed to execute the attack, making it economically viable despite the substantial acquisition cost.
Once the funds were transferred, the attacker began liquidating the stolen Bonk tokens on crypto exchanges. The stolen assets were tracked to multiple platforms, including the South Korea-based exchange Upbit, which suspended Bonk deposits and withdrawals to prevent further movement of the compromised funds. The rapid deposit of stolen funds to exchanges suggests the attacker’s goal was to convert the tokens to other cryptocurrencies or fiat currency and exit with the proceeds.
The Bonk team has notified law enforcement and initiated recovery efforts. The incident highlights a critical weakness in DAO governance systems that rely on token voting: if voting thresholds are set too low or voting power is insufficiently distributed, a single actor with enough capital can exploit the system to seize community assets. Other DAOs using similar governance structures face comparable risks unless they implement additional safeguards like multi-signature approvals, time delays for sensitive proposals, or higher quorum requirements.
This attack exposes a structural vulnerability in decentralized governance systems where large token purchases can bypass intended safeguards, raising concerns about the security of other DAO treasuries managed through similar voting mechanisms.
Read the full story
We summarised these sources. Click through to read them in full.
Topics
- bonk
- solana
- governance attack
- dao security
- memecoin
This summary is AI-generated from the sources above and may contain errors, so always verify with the original reporting. It's general information only, not financial, investment, or trading advice, and not a recommendation to buy or sell anything. Markets carry risk; do your own research. See our full disclaimer.


