BonkDAO, the community governance body behind Solana’s flagship memecoin BONK, lost approximately $20 million in tokens after an attacker pushed through a malicious governance proposal. The exploit, reported on July 6, targeted the DAO’s on-chain voting mechanisms on the Realms platform, effectively turning the protocol’s own democratic infrastructure into a weapon against it.
How the attack unfolded
The exploit followed a pattern that’s become disturbingly familiar in decentralized governance. The attacker reportedly used exchange wallets to accumulate a large position in BONK tokens ahead of submitting the malicious proposal. With enough voting power concentrated in their hands, the proposal passed through BonkDAO’s governance framework and authorized the transfer of treasury funds.
BonkDAO has historically managed around 15-16% of the total BONK token supply through its governance structure. That’s a massive honey pot sitting behind what amounts to a majority-rules voting system, and this attack demonstrated exactly why that combination keeps security researchers up at night.
Multiple protocols across Solana and other chains have suffered similar governance manipulation attacks throughout 2025 and into 2026. Flash loan exploits, where an attacker borrows a massive amount of tokens for a single transaction block to swing a vote, have been particularly popular. Whether this specific attack used flash loans or relied on a more patient accumulation strategy through exchange wallets is still under investigation.











