BonkDAO reveals $20M treasury raid after malicious governance attack
BonkDAO has disclosed that attackers have drained roughly $20 million worth of BONK tokens from its treasury after exploiting a malicious governance proposal.
Summary
- BonkDAO says attackers stole about $20 million in BONK through a malicious governance proposal targeting its Solana treasury.
- The DAO has contacted law enforcement and is investigating the exploit while attempting to recover the stolen funds.
- The incident adds to recent DeFi security breaches as the memecoin market remains under pressure.
According to a statement published by BonkDAO on X, the unauthorized proposal allowed an unknown entity to remove approximately $20 million in BONK from the project’s treasury on the Solana blockchain.
The DAO said it has reported the incident to law enforcement and is working to recover the stolen assets while helping identify those responsible.
The disclosure quickly weighed on market sentiment. Bonk (BONK) fell about 8.5% over the following 24 hours to trade at $0.0000044 as investors reacted to the treasury breach. The incident also adds to a growing list of governance and smart contract attacks that have affected decentralized finance projects in recent months.
What happened during the BonkDAO treasury attack?
BonkDAO attributed the loss to what it described as a “malicious governance proposal,” though it did not release technical details explaining how the proposal passed or how the treasury controls were bypassed. The organization said additional information would be shared as its investigation progresses.
Launched in December 2022, BONK became one of Solana’s best-known memecoins after its developers distributed half of the token’s total supply through an airdrop. Alongside Dogecoin, Shiba Inu and Pepe, the token remains among the most recognized assets in the memecoin sector.
Market data shows the sector has already been under pressure before the attack. CoinMarketCap data indicates the combined market value of leading memecoins, including DOGE, SHIB and PEPE, dropped to roughly $22 billion last week before recovering above $26 billion in July.
Even after that rebound, the category stood at about $25.3 billion at publication, down more than 54% over the previous 12 months, according to CoinMarketCap.
Why are governance and DeFi attacks drawing renewed attention?
Recent security incidents suggest attackers continue to target decentralized protocols through different methods. In May, memecoin launch platform DxSale disclosed that it lost about $7.3 million in tokens after a cyberattack affecting liquidity providers on BNB Chain.
Although blockchain investigators identified the attacker’s wallet, one security expert said the infrastructure used to move the stolen funds could make tracing and recovery more difficult.
A separate incident has also unfolded in decentralized finance. Security company Blockaid recently said its exploit detection system identified an active attack targeting Summer.fi, a DeFi yield aggregation and automated vault management platform.
According to Blockaid, roughly $6 million had already been drained when it issued its alert, though neither the firm nor Summer.fi had released a complete technical explanation at the time.
Crypto.news also previously reported another Blockaid alert involving a smart contract exploit affecting ShapeShift’s FOX Colony on Arbitrum, highlighting how security firms can detect active attacks before full forensic reports become available.
The BonkDAO breach also comes as scrutiny of memecoin projects has intensified. Earlier, crypto.news reported that blockchain analytics firm Nansen estimated around one million investors in U.S. President Donald Trump’s Official Trump (TRUMP) memecoin had collectively lost about $3.8 million as of June 30.
The report was published days after the president disclosed earning more than $1.4 billion from crypto-related businesses, including approximately $635 million linked to memecoin projects.

