An unknown actor drained $20 million worth of BONK tokens from the BonkDAO treasury through a perfectly valid governance proposal that saw only 7 out of over 18,000 members vote. The incident, which unfolded on July 6, 2026, has been classified as a criminal cyberattack despite there being no exploit, no compromised private key, and no smart contract bug. Instead, the attacker quietly accumulated slightly over 1% of the total BONK supply for approximately $4.4 million via Binance, Bybit, and DeFi lending markets, then submitted and voted through a treasury transfer proposal on Solana’s Realms platform. With a 2.9% turnout and 99.9% approval, the funds moved instantly at the close of voting, leaving the community stunned.
The mechanics resembled a hostile corporate takeover. The attacker borrowed tokens to avoid moving the price, crossed the quorum threshold, and faced zero resistance. Once drained, the treasury’s address was renamed “Sowellian BonkDAO.” BonkDAO confirmed the breach roughly 20 hours later, stating it is working with exchanges, Solana Foundation, and law enforcement to trace the funds. Security analysts highlighted two missing safeguards: no execution time‑lock and no emergency multisig, leaving a $20 million treasury reliant solely on voter participation.
The market reacted swiftly. BONK fell by 7–10% within 24 hours, dropping to $0.00000422 and sliding below all major simple moving averages. Upbit and Kraken suspended deposits and withdrawals to contain risk. The stolen 4.43 trillion BONK now represents a standing liquidation threat, while the broader Solana DAO ecosystem faces pressure to implement time‑locks and emergency councils. Legally, the case may set a precedent for whether on‑chain asset conversion via governance can be treated as theft, regardless of code compliance.