It took only a $4.4 million investment from an attacker to extract $21.2 million from the Bonk (BONK) treasury. Weak Decentralized Autonomous Organization (DAO) protocols were the key to turning a massive profit from the perpetrator’s bet.
Late Monday evening (UTC), BonkDAO alerted its community on X about a malicious governance proposal that drained an estimated $20 million worth of tokens from its treasury. The DAO claimed that it had already identified the exchange wallets involved in the heist and was actively working with them. It also notified cross-chain bridges and the Solana (SOL) Foundation about the issue.
Additionally, BonkDAO contacted law enforcement authorities so they can help in the investigation to uncover the identity of the culprit. The organization is likewise hoping that the cooperation will lead to the recovery of stolen funds.
BonkDAO has yet to provide specific details about the attack. However, Lookonchain already looked into the matter.
The blockchain analytics platform discovered that the attack wasn’t complex at all. All it took was careful planning and execution to profit $16.8 million.
The heist started with a governance proposal on June 30 to move 4.456 trillion BONK tokens from BonkDAO’s treasury to a wallet the perp controlled at 9bxW…JhvQ. It came with the heading “BIP #76 – Sowellian BonkDAO.”
BONK Governance Exploit (Source: Lookonchain)
The proposal framed the request as part of the DAO’s efforts to implement a Sowellian system of governance. Moreover, it duped the community into believing that it aims to install new members, monetize assets, prevent the token’s further devaluation, and “rebuild [BONK] from the ashes.”
Strangely, as one commenter pointed out, the proposal didn’t elaborate on what it would do differently. That alone was a major red flag.
Around two days before the attack, the culprit bought 882.285 billion BONK for $4.4 million through Bybit and Binance. The perpetrator’s holdings were just enough to surpass the proposal’s 879.95 billion BONK quorum requirement.
The money shot came as the attacker voted “Yes” to the proposal using the entire 882.285 BONK stack. BIP #76 passed as a result of the proposal’s low participation rate, which routed trillions of BONK into the perpetrator’s wallet.
Hours ago, the attacker transferred 40 billion BONK, valued at roughly $188K, to OKX. Meanwhile, the remaining 4.386 trillion BONK worth $19.3 million went to wallet address ExaJ…eh42.
The post Attacker’s $4.4M BONK Extracts $21.2M From DAO Exploit appeared first on Blockzeit.


