Skip to content

governance

BonkDAO treasury drained of ~$20M in BONK via BIP-76 'Sowellian' governance attack

BonkDAO confirmed a ~$20M treasury drain on July 6, 2026 after malicious proposal BIP-76 'Sowellian BonkDAO' passed on its own governance platform. Upbit and Kraken paused BONK.

by 6 min read

BonkDAO — the governance body for the Solana-based memecoin BONK — confirmed on July 6, 2026 that its treasury was drained of roughly 4.4 billion BONK, valued at approximately $19.3M, after a hostile governance proposal passed on the project's own voting platform. The proposal, filed as Bonk Improvement Proposal #76 and titled "Sowellian BonkDAO," transferred the treasury balance to a wallet the team says was funded from a Bybit account and labelled by Solana explorers with the suffix ending in JHvQ. Multiple outlets — The Record, Crypto Briefing, BeInCrypto, Coinpedia — reported the same facts within hours of the drain. Exchanges Upbit and Kraken paused BONK deposits and withdrawals.

What happened

The attacker did not exploit a smart-contract bug. They exploited the DAO's design.

  • Over several days, the address later credited with the drain accumulated roughly $4M in BONK across multiple centralized exchange withdrawals — enough voting weight, under BonkDAO's token-weighted governance, to swing a proposal on its own.
  • On the DAO's platform, they submitted BIP-76 "Sowellian BonkDAO," whose text promised to "implement Sowellian governance, install a new members and council, rebuild from the ashes, monetize holdings, and stop the bleeding" and mentioned a token distribution to yes-voters.
  • The proposal's payload — separate from its stated goals — authorized a transfer of the treasury balance of ~4.426 billion BONK to an attacker-controlled Solana wallet. Once the vote closed in favor, the transfer was executed on-chain as an authorized DAO action.

Because the treasury lacked a multisig wrapper and there was no execution timelock, the vote result became a treasury payout with no human review step in between.

Mechanism — token-weighted governance without a timelock

This is a governance-primitive failure, not a code bug. Three design choices compounded:

  1. Token-weighted vote with a low-cost majority. BonkDAO's rules gave direct proportional weight to BONK held at snapshot. With BONK's market cap around $380M and daily float thin enough to accumulate voting size for ~$4M, the ratio of cost-to-buy-a-majority vs. treasury-at-stake was roughly 1:5 — a positive expected value for any attacker willing to hold and burn the position.
  2. No execution delay. A short timelock between a passed proposal and its on-chain execution is the standard defense against exactly this scenario. It buys the community a window to counter-propose, freeze via multisig, or coordinate with exchanges. BonkDAO's flow had no such gap.
  3. Treasury held under governance-controlled keys, not a multisig. A multisig wrapper on the treasury — even a low-threshold one — would have required a human co-sign before any withdrawal. There was none. The passed proposal was the withdrawal.

Numbers

- Treasury drained          : ~4.426 billion BONK
- Approx. USD value at drain: ~$19.3M
- Attacker acquisition cost : ~$4M in BONK (open-market)
- Ratio (cost / take)       : ~1:5
- Proposal ID               : BIP-76 "Sowellian BonkDAO"
- Attacker wallet (partial) : ends in JHvQ (Solscan-labeled;
                              funded from a Bybit hot wallet)
- Exchanges paused          : Upbit, Kraken (BONK deposits + withdrawals)
- BONK 24h move             : -7% to -10% (multiple outlets)
- BONK market cap           : ~$380M

Impact and response

  • BonkDAO team. The BonkDAO desk said it had contacted law enforcement and was coordinating with the Solana Foundation, centralized exchanges, and bridge operators to freeze or recover funds. It said it had already identified the exchange-side accounts that funded the accumulation.
  • Exchanges. Upbit (South Korea) and Kraken (US) paused BONK deposits and withdrawals. The team is asking other venues to do the same to prevent the ~4.4B BONK from being sold into liquidity or bridged off-chain.
  • Funding trail. According to Solscan labels reported by the outlets covering the incident, the drain-recipient wallet — with suffix JHvQ — was funded from a Bybit hot wallet before the attack. Public reporting says funds were then moved to a second Solana address ending in eh42. Neither piece of information rules in or out any specific actor; a Bybit-funded withdrawal is trivial to arrange and identifies no one.
  • Recovery odds. Governance-attack drains where the payout is executed on-chain by the DAO itself are legally messy: the transfer looks, on paper, like a valid protocol operation. Recovery in past comparable cases has depended almost entirely on the attacker cashing out through KYC'd venues that then freeze the account. On-chain freeze primitives on Solana do not exist at the token level for BONK.

Attribution — hedged

No group has claimed responsibility. What is known: an address with no long BONK-holder history bought voting weight over a compressed window, filed a proposal in the DAO's own template, and withdrew via a Bybit-linked wallet. The playbook — accumulate → propose → execute — matches recent DAO takeovers such as the Tornado Cash flagged malicious proposal and the TOP token Aragon governance takeover. Pattern-match is not attribution. Anyone naming a specific actor at this point is guessing.

What to watch

  1. Does the treasury wallet cash out? The 4.4B BONK sitting at the attacker address is the leverage point. If it moves into Jupiter, Raydium, or a bridge, on-chain analytics shops (Arkham, Nansen, Chainalysis) will track the exit routes in real time.
  2. Exchange freezes past Upbit and Kraken. Binance, OKX, Bybit, Bitget and Coinbase are the venues where a sale would happen. The delay between BonkDAO's notification and any freeze there is the single biggest lever on recovery.
  3. A BonkDAO restructure vote. After the 2024 Beanstalk and 2023 Tornado Cash governance drains, both DAOs shipped hardening proposals within days — multisig wrappers, execution timelocks, quorum floors. Expect a similar package here. Whether it survives BonkDAO's post-attack governance politics is a separate question.
  4. BONK trading pair restrictions. Solana DEX aggregators can throttle a token's routes if enough LPs pull. Watch DefiLlama's BONK liquidity page for the shape of any drawdown over the next 48 hours.

Context — third DAO governance takeover flagged on this site in a month

BonkDAO is the third major DAO in five weeks to lose treasury value — or nearly lose it — to a passed-proposal attack rather than a code exploit:

  • June 9, 2026: TOP token Aragon takeover — attacker funded a buy campaign from Tornado Cash, accumulated a majority, voted to mint, exited via DEX liquidity for ~$1.58M.
  • June 25, 2026: Tornado Cash DAO flagged malicious proposal — proposal quietly swapped the governance address for a lookalike controlling ~$23M in TORN; caught by researchers before execution.
  • July 6, 2026: BonkDAO — attacker paid ~$4M for voting power, executed a $20M payout.

The primitive is the same in all three: cheap voting weight relative to treasury size, no timelock, no multisig floor. These are not Solana bugs, EVM bugs, or Aragon bugs. They are DAO design choices that a rising number of protocols are making the same way. Until the incentive math is broken — bond the proposer, timelock the execution, cap the treasury payout per proposal — the pattern will keep working.

Sources:

Related stories