攻击者利用 BONK DAO 的链上治理系统通过一项提案,自动从项目金库中抽走约 2000 万美元的 BONK 代币。
通过花费大约 440 万美元购买略高于 1% 的 BONK 供应量,攻击者达到了法定人数门槛,实际上成为低投票率投票中的唯一决定性选民,该投票以 99.9% 的“赞成”票通过。
这一事件凸显出,当可以廉价购买临时投票多数时,基于代币的治理可能会让财政部变得脆弱,重新引发关于此类行为是盗窃还是仅仅是利用有缺陷的规则的争论。
几年前,链上治理被视为社区自我运营的未来。但对 memecoin BONK 的数百万美元攻击表明,将财政部置于任何人都可以购买的公众投票的支配之下,其代价是高昂的。
BONK DAO 周一晚间被盗走 2000 万美元,这是为期一周的计划的高潮,在该计划中,一名机会主义攻击者花费约 440 万美元购买了该项目的 bonk 代币,以强制通过投票。每一步都是合法的交易——比如购买、投票、支付——他们一起进行了盗窃。
BONK 是一种基于 Solana 的模因币,BONK DAO 是管理它的去中心化自治组织,在这种结构中,代币持有者对提案进行投票,而不是由公司做出决策。任何持有足够代币的人都可以提出更改,如果投票通过,则可以在链上自动执行。
该设计是这次袭击中使用的特定武器。数据显示,袭击发生后,BONK 价格在过去 24 小时内下跌了 7%。
根据 Chainaanalysis,这一序列始于 6 月 30 日,当时一个匿名钱包提交了一份提案,将财政部的资产转移到其控制的钱包中。要通过该提案,需要获得相当于 BONK 供应量、法定人数或最低参与人数 1% 的赞成票才能生效。
Lookonchain 的数据显示,7 月 4 日至 5 日期间,一个单独的钱包花费了约 440 万美元在 Bybit 和 Binance 交易所购买了 BONK,并通过一个账户通过 DeFi 借贷平台借入了更多资金。
该提案名为“BIP #76 - Sowellian BonkDAO”,仅 7 个钱包投票就获得通过,超过 18,000 名成员没有投票,投票率为 2.9%。
它以微弱的优势清除了法定人数,8,823.8 亿 BONK 超过了 8,799.5 亿的门槛,几乎正是攻击者花了几天时间筹集的股份。
99.9% 的“是”结果实际上是一个选民同意自己的观点。它的书面宣传读起来不太像一项治理动议,而更像是一种吹嘘,承诺“从灰烬中重建,将持有的资产货币化,止血”,其中一行指出“所有 YES 选民都有资格获得代币”。
在它的下面是唯一一条应该引起注意的指令——将 4.43 万亿 BONK 转移到攻击者的钱包中。
到 7 月 6 日,选民的支持率已经足够了。它投入全部股份支持该提案,该提案随后获得通过,不久之后,大约 2000 万美元的 BONK 自动从金库转移到攻击者的钱包中。
Chainaanalysis 表示,九小时后,大约 188,000 美元被发送到交易所,可能会兑现,而剩余的 1,900 万美元被发送到多重签名钱包,该钱包需要多次批准才能转移资金。
就在资金耗尽一个多小时后,攻击者开始出售为攻击而购买的 BONK,出售了价值约 530 万美元的资金。它保留了国库代币,但没有为夺取这些代币而筹集的股份。
BONK DAO 此后证实了此次攻击,并将其描述为一项恶意治理提案,导致其财务损失估计达 2000 万美元。该公司表示,已在投票前确定了用于购买代币的交易所钱包,并正在与交易所、桥梁和 Solana 基金会合作来应对后果。
这次袭击再次引发了关于这种行为是否属于盗窃或合理使用规则的争论。
由于每一步都是有效的交易,一些链上观察人士认为,攻击者只是利用了薄弱的治理设计,而不是闯入。BONK DAO 和分析公司将其视为攻击,执法部门的参与反映了这一点。
不管怎样,机制就是教训。一个可以被临时投票多数派耗尽的国库,其安全性取决于购买多数派的成本,而在这里,成本远低于奖励。
An attacker used BONK DAO’s onchain governance system to pass a proposal that automatically drained about $20 million in BONK tokens from the project’s treasury.
The incident underscores how token-based governance can leave treasuries vulnerable when a temporary voting majority can be cheaply bought, reigniting debate over whether such actions are theft or merely exploitation of flawed rules.
Onchain governance was heralded a few years ago as the future of how communities run themselves. But a multimillion-dollar attack on the memecoin BONK shows the cost of putting a treasury at the mercy of a public vote anyone can buy their way into.
BONK DAO was drained of $20 million late Monday, the culmination of a week-long scheme in which an opportunistic attacker spent about $4.4 million buying up the project's bonk tokens to force through a vote. Every step was a legitimate transaction — such as the buying, the vote, the payout — and together they carried out a theft.
BONK is a Solana-based memecoin, and BONK DAO is the decentralized autonomous organization that governs it, a structure where token holders vote on proposals rather than a company making decisions. Anyone holding enough tokens can propose a change and, if a vote passes, have it executed automatically onchain.
That design was the specific weapon used in this attack. BONK prices are down 7% in the past 24 hours, data shows, in the aftermath of the attack.
The sequence began on June 30, when an anonymous wallet submitted a proposal to transfer the treasury's holdings to a wallet it controlled, per Chainalysis. To pass, the proposal needed yes votes equal to 1% of BONK's supply, the quorum, or minimum participation, required for it to take effect.
Over July 4 and 5, a separate wallet acquired exactly that much, spending about $4.4 million to buy BONK on the exchanges Bybit and Binance and, by one account, borrowing more through DeFi lending platforms, according to Lookonchain.
Titled "BIP #76 - Sowellian BonkDAO," the proposal passed with just seven wallets voting, against more than 18,000 members who did not, a turnout of 2.9%.
It cleared quorum by the narrowest margin, 882.38 billion BONK in favor against an 879.95 billion threshold, almost exactly the stake the attacker had spent days assembling.
The 99.9% "yes" result was effectively a single voter agreeing with itself. Its written pitch reads less like a governance motion and more like a boast, promising to "rebuild from the ashes, monetize holdings, stop the bleeding," with a line noting that "all YES voters are eligible to receive tokens."
Beneath it sat the only instruction that should have turned heads – a transfer of 4.43 trillion BONK to the attacker's wallet.
Nine hours later, roughly $188,000 was sent to an exchange, likely to cash out, while the remaining $19 million was sent to a multisig wallet, which requires multiple approvals to move funds, Chainalysis said.
Just over an hour after the drain, the attacker began selling the BONK it had bought for the attack, offloading about $5.3 million worth. It kept the treasury tokens but not the stake it had assembled to seize them.
BONK DAO has since confirmed the attack, describing it as a malicious governance proposal that drained an estimated $20 million from its treasury. It said it had identified the exchange wallets used to buy tokens ahead of the vote and was working with exchanges, bridges and the Solana Foundation to manage the fallout.
The attack has revived an old argument about whether this kind of thing is theft or a fair use of the rules.
Because every step was a valid transaction, some onchain observers argued the attacker simply exploited a weak governance design rather than breaking in. BONK DAO and the analytics firms treat it as an attack, and the involvement of law enforcement reflects that.
Either way, the mechanism is the lesson. A treasury that can be drained by whoever assembles a temporary voting majority is only as secure as the cost of buying that majority, and here that cost was far less than the prize.