Solana's Bonk DAO Loses $20M in Governance Attack

Editorial illustration for: Solana Meme Coin Bonk Loses $20 Million in Governance Attack

In brief

  • BonkDAO treasury drained of $20 million via malicious governance proposal.
  • 4.4 trillion BONK tokens transferred from DAO wallet to attacker Monday.
  • Upbit and Kraken paused BONK trading; law enforcement notified.
  • BONK price fell 7% post-incident; token trades 93% below all-time high.

How the Attack Unfolded

The incident took place around 4:00 a.m. ET on Monday, when more than 4.4 trillion BONK tokens, valued at $19.3 million, were transferred from the treasury wallet to an address ending in JHvQ. The malicious transfer was executed as the second key instruction in Bonk Improvement Proposal #76, a governance proposal that was submitted and passed using BonkDAO's governance platform.

The wallet that received the stolen tokens, identified as being funded via a Bybit account, transferred the funds around 3:30 p.m. ET to a different Solana address ending in eh42. During the investigation, BonkDAO identified the exchange wallets used to purchase BONK ahead of the proposal, suggesting the attacker had accumulated tokens in preparation for the vote.

Response and Market Impact

Law enforcement has been notified of the incident. BonkDAO is working with centralized exchanges, network bridges, and the Solana Foundation to navigate the situation and attempt recovery.

South Korean exchange Upbit and American exchange Kraken have both paused deposits and withdrawals of the BONK token in response to the security incident. The moves aim to prevent further movement of stolen funds through the exchanges.

BONK fell approximately 7% in the 24 hours following the incident to trade around $0.0000043. That price is around 93% below its all-time high mark of $0.000058.

The Proposal Behind the Attack

Entitled "Sowellian BonkDAO," the proposal sought to "implement Sowellian governance, install new members and council, rebuild from the ashes, monetize holdings, and stop the bleeding." It also indicated that all "yes" voters would be eligible to receive BONK tokens. The incentive structure appears to have been exploited by the attacker, who likely accumulated voting power ahead of the proposal to ensure passage of the malicious instruction.