A quorum priced below the treasury it guarded, a zero-second timelock, and no secondary sign-off let one vote move the entire treasury instantly.

On July 6, 2026, at 09:42 UTC, BonkDAO lost approximately $21.2M when a governance proposal it had approved itself triggered a full treasury transfer in the same transaction the vote closed. There was no smart contract bug, no private key theft, no flash loan, and no reentrancy. The code did exactly what it was told to do. An attacker spent roughly $4.4M buying just over one percent of BONK's circulating supply, used it to clear the DAO's quorum threshold, and voted itself 4.426 trillion BONK out of the community treasury.
BonkDAO governs the BONK token through Realms, Solana's SPL Governance front end used by more than 800 DAOs on the network. Governance is token-weighted: one BONK equals one vote, and any wallet holding enough tokens can create and pass a binding proposal, including one that moves assets directly out of the DAO's treasury (F8FqZuUKfoy58aHLW6bfeEhfW9sTtJyqFTqnxVmGZ6dU).
Four configuration parameters governed what a proposal could do and how fast:
On June 30, 2026, a wallet submits proposal BIP #76, calling itself Sowellian BonkDAO, and pitches it as a reform effort to rebuild the DAO. Buried underneath that pitch is a direct instruction to transfer 4,426,104,450,305 BONK from the treasury to a wallet the submitter controls.

Over the next few days, on July 4 and 5, a separate wallet quietly builds up a BONK position, buying on exchanges and borrowing the rest, until it holds roughly 882.1 billion BONK, just enough to clear the 879.95 billion needed for quorum. The whole position costs around $4.4M.

When voting closes on July 6, almost the entire yes side comes from just two major wallets: one holding 882.2 billion BONK and casting 99.87% of the yes vote, and a second holding 97.8 million BONK for the remaining 0.011%. The final count comes in at 882,383,387,283 BONK in favor against 710,848,288 against, a lopsided win reached with only 2.9% of the DAO turning out to vote.


The vote closes at 09:42 UTC, and because the DAO's instruction hold-up time is set to zero seconds, the transfer instruction fires immediately, in the very same transaction. 4,426,104,450,305 BONK leaves the treasury and lands in wallet 9bxWkNf3BtJ6iehq9KbX9uCWMjem4TFiPZ19T2sYJHvQ.

This was not a smart contract vulnerability, every instruction executed exactly as BonkDAO's own governance program specified. The root cause was a quorum threshold that cost less to acquire than the treasury it guarded, with nothing standing between a passed vote and the transfer.

Attribution for the wallets behind the proposal and the vote remains unconfirmed.
Quorum-to-treasury-value modeling. A quorum threshold should be priced against the treasury it unlocks, not set as a flat percentage in isolation.
Mandatory timelock on treasury-transfer instructions. A 24-72 hour hold-up window on any instruction moving treasury assets gives the team and community a chance to catch and challenge it before funds move.
Secondary sign-off for treasury transfers specifically. Any instruction moving treasury funds above a set threshold should require a separate council multisig or guardian signature, so a vote alone is never sufficient.
Automated flagging of treasury-transfer instructions at submission. Governance tooling can parse a proposal's instructions at submission time and surface a mandatory warning on any direct treasury transfer.
BonkDAO comes forward soon after the vote closes and says a malicious proposal drained an estimated $20M in BONK from the treasury. The team says it has already identified the exchange wallets used to buy the votes, and that law enforcement has been notified.
Days later, BonkDAO posts a follow-up to reassure holders. The BONK token itself was never touched, no individual wallets or user funds were affected, and the damage stayed contained to that one treasury vote. The wallets involved are still being watched, exchanges have paused withdrawals as a precaution, and a full post-mortem is on the way.
The stolen funds are still held in the attacker's wallet as BONK tokens EXaJnmrLf7RAKLfn1hehoKX94keKYmvZm5H5zuYVeh42

BonkDAO Treasury
Proposal Creator Wallet
Voting Wallets (Yes)
Attacker Wallets (Post-Drain)
Proposal
Key Transactions
BonkDAO's treasury did not fall to a code exploit. It fell to a governance configuration that made a $4.4M outlay a rational bid for a $21.2M treasury, with no timelock and no secondary sign-off standing in the way once quorum cleared. Every check the DAO's program performed passed correctly. The specification, not the code, was the vulnerability. A quorum threshold is only a safeguard if buying it costs more than the treasury it protects.
Contents


From day-zero risk mapping to exchange-ready audits — QuillAudits helps projects grow with confidence. Smart contracts, dApps, infrastructure, compliance — secured end-to-end.