BonkDAO loses $20M in BONK via malicious governance proposal

BonkDAO says a malicious governance proposal drained about $20 million in BONK tokens from its treasury; the stolen tokens are moving toward exchanges.

BonkDAO reported that a malicious governance proposal allowed an attacker to drain roughly $20 million worth of BONK tokens from the DAO treasury. The group said the stolen tokens began moving toward cryptocurrency exchanges within hours of the transfer, triggering selling pressure and a price fall.

Bonk Inu’s official X account wrote on Monday: “BonkDAO was the target of a malicious governance proposal resulting in an estimated $20M worth of BONK tokens being drained from the BonkDAO treasury.” The post said the proposal enabled the transfer of tokens out of the DAO’s holdings.

South Korean exchange Upbit posted that it has “temporarily suspended” deposits and withdrawals for BONK while it reviews the activity. BonkDAO added that law enforcement has been notified and that it is working with counterparties to recover funds and identify those responsible.

Market data showed BONK’s price dropped more than 9% after the transfers. BonkDAO and related service providers have acted to limit on-chain activity involving the stolen tokens and to coordinate investigative steps.

Decentralized autonomous organizations like BonkDAO use token-weighted governance to approve proposals that can change protocol rules, move funds or grant permissions. When a governance vote is approved, whether through standard voting or a manipulated process, it can authorize transactions from a DAO treasury. BonkDAO’s statement indicates the attacker used an approved governance action to execute the transfer.

BONK is a dog-themed memecoin launched on the Solana blockchain in December 2022. The token drew attention for a large community airdrop and has been listed on several exchanges and included in some investment products, exposing it to both retail and institutional investors.

BonkDAO and the exchanges involved continue to investigate. The identity of the attacker and the exact mechanism used to pass the malicious proposal have not been disclosed.

The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.

Articles by this author