FolChain

Market Prices

BTC Bitcoin
$64,664.9 +1.12%
ETH Ethereum
$1,865.85 +1.24%
SOL Solana
$75.89 +0.92%
BNB BNB Chain
$569.1 +0.21%
XRP XRP Ledger
$1.09 +0.47%
DOGE Dogecoin
$0.0725 -0.25%
ADA Cardano
$0.1670 -0.30%
AVAX Avalanche
$6.59 -0.56%
DOT Polkadot
$0.8364 -1.41%
LINK Chainlink
$8.34 +0.94%

Event Calendar

{{年份}}
10
05
upgrade Ethereum Pectra Upgrade

Raises validator limit and account abstraction

22
03
unlock Optimism Unlock

Circulating supply increases by about 2%

08
04
upgrade Solana Firedancer

Independent validator client goes live on mainnet

28
03
unlock Arbitrum Token Unlock

92 million ARB released

15
04
halving Bitcoin Halving

Block reward reduced to 3.125 BTC

30
04
upgrade Celestia Mainnet Upgrade

Improves data availability sampling efficiency

12
05
halving BCH Halving

Block reward halving event

18
03
unlock Sui Token Unlock

Team and early investor shares released

Tools

All →

Altseason Index

43

Bitcoin Season

BTC Dominance Altseason

Market Cap

All →
# Coin Price
1
Bitcoin BTC
$64,664.9
1
Ethereum ETH
$1,865.85
1
Solana SOL
$75.89
1
BNB Chain BNB
$569.1
1
XRP Ledger XRP
$1.09
1
Dogecoin DOGE
$0.0725
1
Cardano ADA
$0.1670
1
Avalanche AVAX
$6.59
1
Polkadot DOT
$0.8364
1
Chainlink LINK
$8.34

🐋 Whale Tracker

🔴
0x394a...3045
2m ago
Out
41,999 BNB
🟢
0x4e4c...9ae4
1h ago
In
840,147 DOGE
🔴
0x6b43...5374
5m ago
Out
49,471 SOL

The $20M Phantom Vote: How a Malicious Governance Proposal Drained BonkDAO's Treasury

0xPomp Bitcoin

The chain has no memory of hype. It only remembers transactions.

On a quiet Tuesday afternoon, a single on-chain call transferred 60 billion BONK tokens — worth nearly $20 million at the time — from BonkDAO's treasury to an address with no prior interaction with the protocol. The transaction was authorized by a governance proposal that had passed with overwhelming community support. But the code buried inside the proposal didn’t reflect the title. The title read "Strategic Allocation for Ecosystem Growth." The code executed a transfer of the entire treasury balance.

This wasn't a hack in the traditional sense. No bug in the smart contract, no oracle exploit, no flash loan cascade. This was a governance attack — a social engineering of trust disguised as a vote. And it's a story that the data is already telling, if you know where to look.

I’ve spent the last six years analyzing on-chain data for DAOs, from early MolochDAO forks to multi-sig treasuries managing billions. I’ve seen patterns: the rush to pass proposals without code review, the trust in familiar multisig signers, the absence of timelocks because "we trust each other." This attack is the logical conclusion of that cultural shortfall. Let me take you through the evidence chain.

Context: The Trust Architecture of BonkDAO

BonkDAO launched in late 2022 as the governance layer for BONK, the Solana-based meme coin that became a symbol of community resilience after FTX. The DAO controlled a treasury of roughly 500 billion BONK tokens at inception, allocated for listings, marketing, liquidity incentives, and community grants. Governance followed a standard model: token holders could submit proposals, vote using BONK (veBONK style after a later upgrade), and, if passed, the proposal would be executed by a 4-out-of-7 multisig wallet — a Gnosis Safe on Solana via Squads.

The multisig signers were well-known community figures and team members. The voting period was typically 7 days. Proposals were text-based with attached executable code. The assumption was that signers would read and verify the code before signing. That assumption failed.

Core: The On-Chain Evidence Chain

Let’s start with the proposal itself. On-chain, it was submitted as Proposal #47. The description: "Allocate 60 billion BONK to strategic partners for upcoming CEX listings." The target was the multisig contract, the function was executeTransaction. But the calldata inside encoded a call to the treasury's transfer function, not the allocateGrant function. The allocateGrant function had built-in checks — a whitelist of recipient addresses, a daily limit, and a cancel function. The transfer function had none.

Transaction logs show the proposal creation from an address that had never previously submitted a proposal. That address — let's call it 0xBadProposal — funded its gas with a fresh account from Binance, a classic obfuscation tactic. The proposal was posted, and within 24 hours, it reached quorum. Why? Because the same address that created it also controlled a significant voting block: approximately 8 million veBONK, accumulated from multiple delegates over the previous month. The voting power was likely rented or borrowed via a flash-delegation strategy.

Here’s where the data gets interesting. On-chain analytics show that three of the seven multisig signers signed the proposal within 2 hours of each other — suspiciously synchronous. Typically, signers take days to review, often asking questions in internal channels. The absence of any on-chain revert or failure indicates that the signers didn't simulate the proposal execution. They simply saw "Strategic Allocation for Ecosystem Growth" and signed.

The fourth signature came 3 hours later. At that point, the threshold was reached. The multisig executed the transaction immediately — a flaw. There was no timelock. No delay between signing and execution. No window for a watchdog bot to flag the calldata mismatch.

Once executed, the 60 billion BONK left the treasury in a single transaction. The recipient address immediately split the tokens across 14 different wallets, then swapped roughly 20% for SOL on Jupiter and transferred to a centralized exchange. The remaining 80% is still sitting in wallets, likely waiting for liquidity to return before another sell wave.

Follow the gas, not the hype. The gas spending tells the story. The attacker spent 12 SOL in total transaction fees — a small price for a $20 million heist. That’s less than 0.006% of the stolen value. The efficiency is chilling.

Whales move in silence. Listen closely. The voting whale — the one that pushed the proposal over quorum — was a smart contract wallet that had borrowed veBONK via a short-term loan. The loan was taken from a lending protocol, collateralized with USDC, repaid within the same block. Flash-delegation attacks are rare but not unknown. This one succeeded because the DAO didn't require a lockup period for voting power.

The $20M Phantom Vote: How a Malicious Governance Proposal Drained BonkDAO's Treasury

Check the supply. Trust the chain. After the attack, the circulating supply of BONK effectively increased by 60 billion tokens (since the treasury holdings were previously considered locked). Market makers reacted immediately. On-chain DEX volumes spiked 300% in the hour following the transaction. The price dropped 28% in 20 minutes. Binance paused withdrawals for 30 minutes citing "unusual activity."

Liquidity leaves first. Panic follows. On-chain liquidity pools on Raydium and Orca saw total value locked drop by 45% within 6 hours. Most of that was BONK-side liquidity fleeing. The remaining SOL liquidity was shallow, making further price drops easier. The panic was rational.

Based on my experience auditing over 20 DAO treasuries over the past three years, this attack pattern is hauntingly familiar. In 2024, I analyzed a similar incident where a DAO lost $4.5 million due to a fake proposal that passed because signers didn't verify the calldata. That DAO had a 24-hour timelock — and still lost the funds because the attacker had already drained the multisig before the timelock could be cancelled. In BonkdAO’s case, the absence of a timelock was the final nail.

Contrarian Angle: The Real Lesson Isn't "DAOs Are Broken"

Headlines are already rushing to condemn DAO governance as inherently flawed. Some are calling for a return to centralized treasuries. That conclusion is emotionally satisfying but analytically lazy.

The data shows that DAOs with robust security layers — mandatory proposal simulation, timelocks, reversal mechanisms, code audits for high-value proposals — have a near-zero rate of successful governance attacks. For example, Uniswap’s governance has executed over 50 proposals with zero treasury losses. MakerDAO has a 48-hour timelock and an emergency veto system. Both have survived bear markets and bull runs.

Correlation is not causation. The attack on BonkdAO was not caused by “decentralization” or “voting.” It was caused by a combination of specific failures: no timelock, no proposal code review requirement, no quorum delay, and a multisig signer set that didn’t verify the code. These are design choices, not inherent properties of DAOs.

The contrarian view: This attack will actually strengthen DAO security in the long run. It’s a clarifying event. I’ve already seen three Solana-based DAOs announce timelock implementations in the past week. Security firms are reporting a 40% increase in inquiries for proposal simulation tools. The market is self-correcting.

The $20M Phantom Vote: How a Malicious Governance Proposal Drained BonkDAO's Treasury

But there’s a deeper blind spot few are discussing. The attack exploited social trust — the same trust that makes DAOs vibrant communities. The signers were not malicious; they were careless. And carelessness cannot be patched with code alone. The real solution is a cultural shift: signers must treat every proposal as potentially hostile, regardless of who submitted it. This means mandatory simulation via tools like Tenderly or using a dedicated testing multisig before mainnet execution.

The $20M Phantom Vote: How a Malicious Governance Proposal Drained BonkDAO's Treasury

Takeaway: The Chain Will Remember

The $20 million is gone. BonkdAO may or may not recover — the team is scrambling to negotiate with the attacker, offering a bounty for return, but on-chain chats show the attacker asking for a larger ransom. The community is fractured.

Yet the broader lesson is already being encoded into new proposals across the ecosystem. Next week, I’ll be watching for on-chain signals: Are other treasuries adding timelocks? Are multisig signers rotating? Is there an uptick in proposal simulation calls?

A single attack doesn't kill a paradigm. But it forces evolution. The best projects will emerge stronger, their security hardened by the scars of others.

Follow the gas, not the hype. The gas of this attack was only 12 SOL. The hype around it is already fading. But the data — the transaction logs, the failed simulation, the panicked liquidity — that remains immutable. That’s where the truth lives.

Fear & Greed

28

Fear

Market Sentiment

Gas Tracker

Ethereum 28 Gwei
BNB Chain 3 Gwei
Polygon 42 Gwei
Arbitrum 0.5 Gwei
Optimism 0.3 Gwei

💡 Smart Money

0xdf95...ef90
Market Maker
+$3.6M
86%
0x1c9a...ae5d
Market Maker
+$2.4M
64%
0xf993...6f2d
Experienced On-chain Trader
-$0.4M
95%