440万撬走2000万:BONK遭遇了一次「合法明抢」
- 核心观点:Solana 生态 Meme 项目 BonkDAO 因治理机制缺陷,遭恶意提案攻击,攻击者未利用技术漏洞,而是通过购买大量代币获取投票控制权,从财库合法转走价值约 2000 万美元的 BONK 代币。
- 关键要素:
- 攻击者于 6 月 30 日在 Realms 治理平台提交名为“BIP #76”的恶意提案,伪装为治理改革,实际意图是转走财库中 4.4 万亿枚 BONK(约 2000 万美元)。
- 攻击者从交易所提取 8822.85 亿枚 BONK(价值 440 万美元),达到最低投票门槛(1% 代币),并以此在投票中获 99.878% 权重,凭借绝对优势通过提案。
- BonkDAO 缺乏关键防御机制,如投票有效门槛、时间锁和延迟投票机制,导致提案通过后立即执行,资产被自动划转。
- 攻击得手资金约 2000 万美元,成本仅 440 万美元,凸显 DAO 治理中“唯票数论”的风险和经济博弈的脆弱性。
- BonkDAO 官方已识别攻击者地址,正与交易所、跨链桥及 Solana Foundation 合作处理,但资产已被转移。
Original Author: KarenZ, Foresight News
If someone told you they walked away with nearly $20 million worth of tokens from a DAO's treasury, fair and square, without hacking anyone's computer, exploiting a single code vulnerability, or even telling a single lie—you'd think they were bragging.
But in the world of Web3, this actually happened.
BonkDAO, a leading Meme project on the Solana ecosystem, suffered a governance attack. The attacker didn't employ any sophisticated hacking techniques; instead, they perfectly exploited the "votes-are-all-that-matters" survival rule of decentralized governance to siphon off nearly $20 million in BONK tokens.
In the early hours of July 7, 2026, Beijing time, BONK official revealed on X that BonkDAO had encountered a malicious governance proposal, resulting in the transfer of approximately $20 million worth of BONK from the treasury. The official also stated that they had identified exchange wallets that purchased BONK before the proposal and were coordinating with exchanges, cross-chain bridges, and the Solana Foundation.
Robbery Disguised as Governance
The governance page associated with this incident was a proposal submitted on Realms on June 30th, titled BIP #76 - Sowellian BonkDAO. The proposal claimed to implement a so-called "Sowellian" governance scheme, replacing members and committees, rebuilding the DAO, disposing of/liquidating holdings, stemming losses, and distributing tokens to all those who voted in favor.
Stripping away these fancy industry buzzwords and translating it into plain English, it basically says: "I am applying to have the full amount of over 4.4 trillion BONK tokens (worth $20 million) from the treasury transferred to my address."

Even more ironic is the term "Sowellian" in the proposal name. Sowellian game theory is the name of the governance prediction market system on Solana's governance platform Realms (the underlying system where BONK held this vote). Realms designed the Sowellian mechanism with the noble intention of introducing economic games where participants vote on proposals with real money, essentially "rewarding good decisions and punishing bad decisions and malicious attacks."
Yet, the attacker, when submitting this malicious proposal for blatantly "robbing" the treasury, proactively named it "Sowellian BonkDAO." The attacker used the platform's most vaunted "game rules" to seize a DAO treasury's assets.
$4.4 Million Stake for a $20 Million Prize: The Attacker's Math
After initiating the proposal on June 30th, the "attacker" employed an extremely simple, brute-force "superpower" that smart contracts couldn't intercept:
1. **Covert Accumulation:** According to on-chain data analyst Ember, over the past few days, the "attacker" withdrew enough BONK (882.285 billion tokens, worth $4.4 million) from Binance and Bybit to meet the minimum vote requirement (minimum 1% of tokens) and moved them on-chain.
2. **Voting:** This on-chain address cast a 'yes' vote on the Realms governance system. However, due to the typically low daily governance participation in BonkDAO, only 7 addresses voted in total. This address wielded its 882.285 billion BONK to cast 99.878% of the voting weight, securing an overwhelming and decisive "absolute controlling stake."

On July 6th, the voting result was announced: the proposal passed. The smart contract, following its programmed rules, automatically transferred 4.4 trillion BONK (worth approximately $20 million) from the treasury directly into the attacker's pocket.

Where Was the DAO's Defense Mechanism?
You might be asking: Weren't there any restrictions? Could he just vote and immediately take the money?
This is precisely the fatal mistake made by BonkDAO. In more mature DAO governance, there are usually several lines of defense:
- Voting Quorum Threshold: Proposals involving the core asset transfer of the treasury must require a significantly higher number of voters and a stricter passing rate to prevent a minority from launching a surprise attack.
- Timelock: After a proposal passes, there should be a mandatory lock-up period of 3 to 7 days before execution. During this time, if the community identifies it as a malicious proposal, a multi-sig administrator or the core team has time to intervene via a "veto," or urgently modify the contract.
- Delayed Voting Mechanism: Prevents someone from suddenly manipulating the outcome using a flash loan or massive capital injection at the very last moment before voting ends.
Unfortunately, BonkDAO lacked sufficient defensive buffers and multi-sig intervention mechanisms, allowing the malicious proposal to be executed immediately upon passing. The attacker swiftly moved the funds after succeeding.
Summary
Using a $4.4 million stake, the attacker "voted" to legally extract a $20 million fortune from an unguarded ballot box.
The Bonk governance attack serves as a stark wake-up call for the entire Web3 industry. This was not a smart contract code vulnerability; it was a pure act of "governance manipulation and economic exploit," a failure of governance logic and rules.


