Someone just pulled off one of the most brazen DAO heists of the year, and they didn’t need to write a single line of malicious code to do it. An anonymous attacker drained approximately 4.426 trillion BONK tokens from BonkDAO’s treasury by simply playing the governance game better than everyone else.
The attacker has already sold 800 billion BONK for roughly $2 million and still holds 2.4 trillion tokens.
How the attack worked
The attacker accumulated around 882 billion BONK tokens at a cost of approximately $4.4 million. That stake was enough to surpass BonkDAO’s voting quorum, the minimum threshold of participation required to pass a proposal.
With quorum in hand, the attacker submitted and passed a malicious governance proposal that directed treasury funds to a wallet they controlled. The entire operation was executed through legitimate on-chain transactions with no smart contract vulnerability, flash loan trickery, or re-entrancy bug exploited.
The total haul came to roughly 4.426 trillion BONK, valued at approximately $20-$21 million at the time of the drain. For a $4.4 million investment, that’s a return that would make even the most aggressive hedge fund managers jealous.
The sell-off and market impact
BONK’s price dropped 7-9% immediately following the attack, trading around $0.00000383 shortly afterward.
The attacker has so far liquidated 800 billion BONK tokens for roughly $2 million. Dumping 4.4 trillion tokens at once would crater the price and leave the attacker holding bags of near-worthless tokens.
The remaining 2.4 trillion BONK creates a constant overhang on the market, as buyers must factor in the possibility that the attacker could sell at any time.
Why this matters beyond BONK
The BonkDAO exploit is a case study in why token-weighted governance remains one of crypto’s most persistent unsolved problems. When votes are proportional to token holdings, anyone with enough capital can temporarily seize control of a protocol.
Common defenses include time-locked voting, multi-signature treasury controls, and tiered proposal thresholds that scale with the amount of funds being moved. BonkDAO apparently lacked sufficient protections in at least some of these areas.
What investors should watch
The immediate concern for BONK holders is the remaining 2.4 trillion tokens sitting in the attacker’s wallet. On-chain monitoring tools can track the wallet, but by the time sells are visible, the damage is usually done.
If a $4.4 million investment can unlock $20 million from a treasury, the incentive structure for attackers is overwhelmingly favorable. Investors should scrutinize the governance parameters of any DAO-governed token they hold: quorum requirements, proposal time locks, treasury access controls, and whether any multisig or veto mechanism exists as a backstop.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

2 hours ago
2
















English (US) ·