{"id":918044,"date":"2026-07-07T11:14:30","date_gmt":"2026-07-07T16:14:30","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2026\/07\/07\/attacker-drains-20m-from-bonkdao-treasury-through-token-weighted-exploit\/"},"modified":"2026-07-07T11:14:30","modified_gmt":"2026-07-07T16:14:30","slug":"attacker-drains-20m-from-bonkdao-treasury-through-token-weighted-exploit","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2026\/07\/07\/attacker-drains-20m-from-bonkdao-treasury-through-token-weighted-exploit\/","title":{"rendered":"Attacker Drains $20M From BonkDAO Treasury Through Token-Weighted Exploit"},"content":{"rendered":"<div role=\"main\" id=\"main-content-row\">\n<article id=\"the-post\" data-post-url=\"https:\/\/coinpedia.org\/news\/attacker-drains-20m-from-bonkdao-treasury-through-token-weighted-exploit\/\" data-post-title=\"Attacker Drains $20M From BonkDAO Treasury Through Token-Weighted Exploit\" data-post-edit=\"https:\/\/coinpedia.org\/wp-admin\/post.php?post=573102&#038;action=edit\">\n<div>\n<figure><img onerror=\"this.onerror=null;this.removeAttribute('srcset');this.removeAttribute('sizes');this.removeAttribute('srcset');this.removeAttribute('data-sizes');this.src='https:\/\/image.coinpedia.org\/wp-content\/uploads\/2025\/05\/31122324\/crypto-news.webp';\" width=\"1200\" height=\"628\" alt=\"BONK Overhauls Fee System to Strengthen BNKK\u2019s DAT Accumulation Strategy\" data-main-img=\"1\" decoding=\"async\" fetchpriority=\"high\"  ><\/figure>\n<\/div>\n<div>\n<p>BonkDAO (Decentralized Autonomous Organization) has reported that it was recently the victim of a $20 million drain via a decentralized governance exploit.<\/p>\n<h2 id=\"h-bonkdao-suffers-20m-theft\">BonkDAO suffers $20M theft<\/h2>\n<p>According to the organization, the attacker first purchased $4 million worth of BONK tokens from several exchanges to gain sufficient voting power. They then used this to single-handedly pass a malicious proposal, resulting in the transfer of 4.426 billion BONK tokens (about $20 million at the time) from the BonkDAO treasury to their controlled wallet. The attacker also renamed the DAO to \u201cSowellian BonkDAO\u201d.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"318\" src=\"https:\/\/image.coinpedia.org\/wp-content\/uploads\/2026\/07\/07044458\/bonk-1024x318.webp\" alt=\"BonkDAO token exploit followed on solscan.io\"   data-old-src=\"data:image\/svg+xml,%3Csvg%20xmlns='http:\/\/www.w3.org\/2000\/svg'%20viewBox='0%200%201024%20318'%3E%3C\/svg%3E\" data-lazy-srcset=\"https:\/\/image.coinpedia.org\/wp-content\/uploads\/2026\/07\/07044458\/bonk-1024x318.webp 1024w, https:\/\/image.coinpedia.org\/wp-content\/uploads\/2026\/07\/07044458\/bonk-300x93.webp 300w, https:\/\/image.coinpedia.org\/wp-content\/uploads\/2026\/07\/07044458\/bonk-768x238.webp 768w, https:\/\/image.coinpedia.org\/wp-content\/uploads\/2026\/07\/07044458\/bonk.webp 1309w\" data-lazy-src=\"https:\/\/image.coinpedia.org\/wp-content\/uploads\/2026\/07\/07044458\/bonk-1024x318.webp\"><\/figure>\n<p>Source: <a href=\"https:\/\/solscan.io\/account\/9bxWkNf3BtJ6iehq9KbX9uCWMjem4TFiPZ19T2sYJHvQ?exclude_amount_zero=true&#038;remove_spam=false&#038;token_address=DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263#transfers\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">solscan.io<\/a><\/p>\n<p>As seen on solscan.io, the siphoner has already started moving these tokens towards exchanges. This has heightened selling pressure, with BONK dropping 7.25% over the last 24 hours to $0.0544. Just two days ago, BONK was among the trending meme coins <a href=\"https:\/\/coinpedia.org\/price-analysis\/are-meme-coins-waking-up-pepe-and-bonk-lead-the-crypto-rally\/\" target=\"_blank\" rel=\"noreferrer noopener\">boasting<\/a> a 14% rally in a day amid a broader market downturn.<\/p>\n<div>\n<p><a href=\"https:\/\/www.google.com\/preferences\/source?q=coinpedia.org\" target=\"_blank\" rel=\"noopener nofollow\"><img src=\"https:\/\/image.coinpedia.org\/static\/common\/trusted-google-coinpedia.webp\" alt=\"Add Coinpedia as a trusted source in Google News\" loading=\"lazy\" decoding=\"async\" data-old-src=\"data:image\/svg+xml,%3Csvg%20xmlns='http:\/\/www.w3.org\/2000\/svg'%20viewBox='0%200%200%200'%3E%3C\/svg%3E\" data-lazy-src=\"https:\/\/image.coinpedia.org\/static\/common\/trusted-google-coinpedia.webp\"><\/a><\/p>\n<\/div>\n<p>BonkDAO now says it is working wth bridges, exchanges, the Solana Foundation, and law enforcement to track the funds and eventually freeze or recover them.<\/p>\n<figure>\n<p> https:\/\/x.com\/bonk_inu\/status\/2074191403781906800<\/p>\n<\/figure>\n<h2 id=\"h-crypto-exploits-in-july\">Crypto exploits in July<\/h2>\n<p>The brute-force capital approach was successful because the DAO lacked several safety measures. Among them are execution-time locks, which enforce a delay between the approval of an action and its actual execution, so that the community, developers, and researchers can note any oddities. Another is mandatory multisig override, which employs a highly secure multisig wallet to temporarily bypass execution time locks in the event of an emergency, such as a hack.\u00a0<\/p>\n<p>The latest incident follows the March hijacking of bonk.fun domain \u2013 one of Solana\u2019s meme coin launch pads. At the time, attackers swapped the \u201caccept Terms of Service\u201d prompt with a malicious script that drained all wallets connected to the site. Nonetheless, the attack was short-lived and damage minimal \u2013 attackers drained up to 50 Solana (SOL) tokens from each of the 35 affected wallets.<\/p>\n<p>Just hours before today\u2019s incident, blockchain security firm Blockaid <a href=\"https:\/\/coinpedia.org\/crypto-live-news\/summer-finance-suffers-6-million-ethereum-exploit\/\" target=\"_blank\" rel=\"noreferrer noopener\">flagged<\/a> an active $6 million exploit targeting the DeFi yield protocol Summer.fi.<\/p>\n<\/div>\n<section>\n<div>\n<h3>Was this writing helpful?<\/h3>\n<ul data-post-id=\"573102\">\n<li> <\/li>\n<li> <\/li>\n<\/ul>\n<\/div>\n<p>Story Ends Here<\/p>\n<div>\n<h3>Trust with CoinPedia:<\/h3>\n<p>CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto &#038; blockchain, right from startups to industry majors.<\/p>\n<h3>Investment Disclaimer:<\/h3>\n<p>All opinions and insights shared represent the author&#8217;s own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.<\/p>\n<h3>Sponsored and Advertisements:<\/h3>\n<p>Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.<\/p>\n<\/div>\n<p>Read the Next News<\/p>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/coinpedia.org\/news\/attacker-drains-20m-from-bonkdao-treasury-through-token-weighted-exploit\/\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Steve Muchoki<\/p>\n","protected":false},"excerpt":{"rendered":"<p>BonkDAO (Decentralized Autonomous Organization) has reported that it was recently the victim of a $20 million drain via a decentralized governance exploit. BonkDAO suffers $20M theft According to the organization, the attacker first purchased $4 million worth of BONK tokens from several exchanges to gain sufficient voting power. They then used this to single-handedly pass<\/p>\n","protected":false},"author":1,"featured_media":918045,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28261,31423],"tags":[],"class_list":["post-918044","post","type-post","status-publish","format-standard","has-post-thumbnail","category-attacker","category-drains"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/918044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=918044"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/918044\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/918045"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=918044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=918044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=918044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}