Solana cryptocurrency token photo for a ProCoinNews article about the BonkDAO governance attack.

BonkDAO Treasury Drained for $20 Million in a Governance Attack, Not a Wallet Hack

July 6, 2026 3:32 pm Comments

BonkDAO is dealing with the kind of crypto attack that starts inside governance rather than at a wallet-drainer link.

The DAO says an estimated $20 million worth of BONK was drained from its treasury after a malicious governance proposal passed.

That makes the incident more specific than a broad Solana scare or a simple private-key theft headline.

The reported path runs through proposal approval, voting power, and treasury execution. That is where the market risk lives.

The Block reported on July 6 that BonkDAO was hit by a governance attack that appears to have drained approximately $20 million worth of BONK tokens. The size puts the incident in the serious DAO-treasury-loss category.

The report cited Bonk Inu’s official X page for the treasury-drain statement. It said the attacker pushed through a suspicious governance proposal that allowed the treasury to be drained.

The Block also said stolen BONK had started moving toward exchanges, adding pressure to the token price. At the time of its report, BONK was down more than 9% on The Block’s price page.

Exchange response became part of the story quickly. The Block said South Korea-based Upbit temporarily suspended BONK deposits and withdrawals after the incident.

The report also said law enforcement had been notified and that BonkDAO continued working with relevant parties to recover funds and identify those responsible. Those details keep the story in an active-response stage rather than a finished postmortem.

The exchange response also shows how quickly a DAO treasury event can become a centralized-market issue when stolen tokens start moving toward venues with liquid order books.

BONK is one of Solana’s best-known meme tokens, launched in December 2022 and backed by a large community. That profile is why a DAO treasury incident can move from governance tooling into broader token-market pressure so quickly.

CryptoBriefing added more detail on the response around the same malicious proposal. The response frame matters because recovery now depends on coordination outside the DAO.

Its July 6 report said BonkDAO was working with exchanges, bridges, and the Solana Foundation to manage the situation. It also said law enforcement had been notified.

CryptoBriefing reported that BonkDAO identified exchange wallets used to purchase BONK ahead of the proposal. That detail connects the governance attack to market activity before the vote, without naming a confirmed attacker beyond the project’s own public statement.

The important mechanics are straightforward. If voting power can be accumulated and then used to pass a proposal that moves treasury assets, governance itself becomes an attack surface.

That does not require a broken base chain. It can happen when proposal rules, quorum thresholds, voting concentration, execution delays, and treasury safeguards fail to stop a hostile or malicious action.

CryptoBriefing framed the incident around DAO governance systems and token voting power. That is the sharper lesson for other treasuries watching the BonkDAO response.

The recovery path now depends on coordination across onchain tracing, exchange controls, bridge monitoring, and law-enforcement channels.

BeInCrypto reported preliminary mechanics that explain how the proposal may have passed. Its account turns the incident from a loss headline into a governance-control case study.

Its July 6 article said preliminary on-chain analysis suggested the attacker purchased roughly $4 million worth of BONK to secure enough voting power. The report said the approved proposal then authorized an estimated $20 million transfer from the DAO treasury.

BeInCrypto described the path as governance approval through BonkDAO’s governance system on Solana’s Realms platform. It also separated the incident from a smart-contract exploit, describing it as token-weighted voting used to approve a malicious treasury transaction.

The security conversation changes once the vote path becomes the execution path. A smart-contract exploit usually means code allowed an unintended action.

A governance attack can mean the system allowed an intended action through a hostile use of voting power.

Both outcomes can drain funds, but the fixes can differ. Governance attacks push teams toward safeguards such as timelocks, multisig execution, proposal simulation, vote-delay windows, treasury caps, delegate review, or emergency veto mechanisms.

The BeInCrypto account is still preliminary. The public record can change as investigators trace wallets, exchange flows, and proposal execution details.

Realms gives the infrastructure context for why this kind of incident travels beyond one meme-token treasury. The platform context shows why proposal tooling is part of the security stack.

The public Realms site describes the platform as infrastructure for Solana digital organizations. It lists more than 4,000 organizations created, more than $500 million in total value locked, and more than 30 protocol integrations.

Those numbers show how much value and organizational control can sit behind governance tooling. Proposal systems become more than forums or signaling boards when they can authorize treasury movement.

The Realms context should not be read as blame for the BonkDAO loss. It explains the environment: Solana DAOs use onchain governance tools to manage stakeholders, proposals, execution, and treasuries.

When that environment works, it gives communities transparent control over assets and decisions. When voting power is concentrated or proposal review is weak, the same transparency and automation can move against the treasury.

That is the bigger market lesson. DAO treasury security is governance security, and governance security has to be treated as financial infrastructure.

Large token communities can move fast, but treasury execution rules need enough friction to stop a bad vote from becoming an irreversible transfer.

BonkDAO’s next test is recovery. The wider industry’s test is whether other DAOs review their own proposal thresholds, execution delays, voting-power concentration, and treasury controls before a similar attack reaches them.

Join the conversation!

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.