返回新闻列表
CoinDesk2026/07/07 05:40作者未公开

BONK faces $20 million treasury drain after attacker spends $4 million to pass malicious proposal

BONK faces $20 million treasury drain after attacker spends $4 million to pass malicious proposal
单篇新闻分析利好影响 93

AI 摘要

Onchain governance was heralded a few years ago as the future of how communities run themselves. But a multimillion-dollar attack on the memecoin BONK shows the cost of putting a treasury at the mercy of a public vote...

利好评分
64
利空评分
34
风险等级
sol合约安全融资DeFi

风险提示

这条新闻可能带来较大波动,建议先核对原文和后续公告。

所属事件

同一市场事件下的相关新闻会集中整理。

1 个事件

Onchain governance was heralded a few years ago as the future of how communities run themselves. But a multimillion-dollar attack on the memecoin BONK shows the cost of putting a treasury at the mercy of a public vote anyone can buy their way into.

BONK DAO was drained of $20 million late Monday, the culmination of a week-long scheme in which an opportunistic attacker spent about $4.4 million buying up the project's bonk tokens to force through a vote. Every step was a legitimate transaction — such as the buying, the vote, the payout — and together they carried out a theft.

BONK is a Solana-based memecoin, and BONK DAO is the decentralized autonomous organization that governs it, a structure where token holders vote on proposals rather than a company making decisions. Anyone holding enough tokens can propose a change and, if a vote passes, have it executed automatically onchain.

That design was the specific weapon used in this attack. BONK prices are down 7% in the past 24 hours, data shows , in the aftermath of the attack.

The sequence began on June 30, when an anonymous wallet submitted a proposal to transfer the treasury's holdings to a wallet it controlled, per Chainalysis . To pass, the proposal needed yes votes equal to 1% of BONK's supply, the quorum, or minimum participation, required for it to take effect.

Over July 4 and 5, a separate wallet acquired exactly that much, spending about $4.4 million to buy BONK on the exchanges Bybit and Binance and, by one account, borrowing more through DeFi lending platforms, according to Lookonchain .

Titled "BIP #76 - Sowellian BonkDAO," the proposal passed with just seven wallets voting, against more than 18,000 members who did not, a turnout of 2.9%.

It cleared quorum by the narrowest margin, 882.38 billion BONK in favor against an 879.95 billion threshold, almost exactly the stake the attacker had spent days assembling.

The 99.9% "yes" result was effectively a single voter agreeing with itself. Its written pitch reads less like a governance motion and more like a boast, promising to "rebuild from the ashes, monetize holdings, stop the bleeding," with a line noting that "all YES voters are eligible to receive tokens."

Beneath it sat the only instruction that should have turned heads – a transfer of 4.43 trillion BONK to the attacker's wallet.

By July 6, the voter held just enough. It cast its entire stake in favor of the proposal, which then passed, and shortly after, about $20 million in BONK automatically moved out of the treasury into the attacker's wallet.

Nine hours later, roughly $188,000 was sent to an exchange, likely to cash out, while the remaining $19 million was sent to a multisig wallet, which requires multiple approvals to move funds, Chainalysis said.

Just over an hour after the drain, the attacker began selling the BONK it had bought for the attack, offloading about $5.3 million worth. It kept the treasury tokens but not the stake it had assembled to seize them.

BONK DAO has since confirmed the attack , describing it as a malicious governance proposal that drained an estimated $20 million from its treasury. It said it had identified the exchange wallets used to buy tokens ahead of the vote and was working with exchanges, bridges and the Solana Foundation to manage the fallout.

The attack has revived an old argument about whether this kind of thing is theft or a fair use of the rules.

Because every step was a valid transaction, some onchain observers argued the attacker simply exploited a weak governance design rather than breaking in. BONK DAO and the analytics firms treat it as an attack, and the involvement of law enforcement reflects that.

Either way, the mechanism is the lesson. A treasury that can be drained by whoever assembles a temporary voting majority is only as secure as the cost of buying that majority, and here that cost was far less than the prize.

Zcash’s Tachyon upgrade aims to scale shielded payments, improve quantum readiness, and test whether its funding, security, and governance can hold.

Disclosure & Polices : CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies . CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of Bullish (NYSE:BLSH), an institutionally focused global digital asset platform that provides market infrastructure and information services. Bullish owns and invests in digital asset businesses and digital assets and CoinDesk employees, including journalists, may receive Bullish equity-based compensation.

新闻图片

BONK faces $20 million treasury drain after attacker spends $4 million to pass malicious proposal 图片 2
BONK faces $20 million treasury drain after attacker spends $4 million to pass malicious proposal 图片 3
BONK faces $20 million treasury drain after attacker spends $4 million to pass malicious proposal 图片 4
BONK faces $20 million treasury drain after attacker spends $4 million to pass malicious proposal 图片 5
BONK faces $20 million treasury drain after attacker spends $4 million to pass malicious proposal 图片 6
BONK faces $20 million treasury drain after attacker spends $4 million to pass malicious proposal 图片 7
BONK faces $20 million treasury drain after attacker spends $4 million to pass malicious proposal | 币小二