TLDR
- BONK DAO lost about $20M through a malicious governance proposal.
- The attacker spent about $4.4M to gain voting power.
- Proposal BIP #76 transferred 4.42T BONK to the attacker’s wallet.
- Only seven wallets voted on the BONK DAO proposal.
- David Schwartz said “code is law” may not block fraud claims.
Ripple CTO Emeritus David Schwartz said the $20 million BONK DAO treasury drain could be treated as corporate fraud, even though the attacker used the project’s onchain governance system to approve the transfer.
The attack centered on a malicious governance proposal that moved about 4.42 trillion BONK tokens from the DAO treasury to a wallet controlled by the attacker. The transfer followed a low-turnout vote in which the attacker used a temporary voting majority to pass the proposal.
BONK, a Solana-based memecoin, fell about 7% after the incident. BONK DAO has described the event as a malicious governance proposal and said it is working with exchanges, bridges, and the Solana Foundation.
BONK DAO Loses $20M Through Governance Vote
The attack began when an anonymous wallet submitted proposal BIP #76, which included an instruction to transfer the treasury’s BONK tokens to the attacker’s wallet. The proposal needed yes votes equal to 1% of BONK’s supply to pass.
The attacker spent about $4.4 million buying BONK through exchanges including Binance and Bybit, according to onchain analysis cited in reports. Some reports also said the attacker used DeFi lending platforms to increase voting power.
Only seven wallets voted on the proposal, while more than 18,000 members did not participate. The turnout was about 2.9%, allowing the attacker’s wallet to pass the proposal with nearly all yes votes.
The vote cleared quorum by a narrow margin, with 882.38 billion BONK in favor against a threshold of 879.95 billion. After the proposal passed, the treasury transfer executed automatically.
Schwartz Says Code Does Not End Legal Risk
David Schwartz said the incident should not be dismissed as a legal use of onchain rules. He argued that DAO participants may still have duties when managing shared assets.
Schwartz characterized the drain as corporate fraud because DAO participants can act as fiduciaries when controlling common treasury funds. His view was that a valid code execution does not remove legal responsibility if shared assets are knowingly misused.
He also said state courts do not generally accept a “code is law” defense when assets are misappropriated. That position challenges the argument that the attacker merely followed the rules of the smart contract.
The issue remains legally complex because every step of the transaction occurred through the project’s governance process. However, BONK DAO and analytics firms have treated the event as an attack, and law enforcement involvement has been reported.
Attacker Moves Funds After Treasury Drain
After the proposal passed, about $20 million in BONK moved from the DAO treasury to the attacker-controlled wallet. Reports said about $188,000 was later sent to an exchange, likely for cash-out activity.
The remaining amount was moved to a multisig wallet, according to Chainalysis. A multisig wallet requires more than one approval before funds can move.
The attacker also sold the BONK used to gain voting control. Reports said about $5.3 million worth of the purchased BONK was sold after the treasury transfer.
That sequence left the attacker with control of the drained treasury tokens while removing much of the voting stake used to pass the proposal. The case has increased scrutiny of DAOs that rely on token voting without stronger safety checks.
BONK Attack Raises DAO Governance Concerns
The BONK DAO incident has reopened debate over token-weighted governance. A treasury can become vulnerable when a temporary token buyer can cheaply acquire enough voting power to pass a damaging proposal.
The attack also exposed risks tied to low turnout. A small group of voting wallets can control major decisions if quorum is low and safeguards are weak.
Common protections include time-locks, higher quorum thresholds, emergency veto rights, proposal review periods, and limits on treasury transfers. BONK DAO’s transfer executed without enough delay to prevent the drain.







