A significant security breach has hit the Solana ecosystem. On July 6, an attacker exploited BonkDAO's governance model to drain its treasury of approximately $20 million in BONK tokens.

The attack method was straightforward. The assailant spent roughly $4 million to accumulate enough BONK tokens to control a majority vote on the Solana Realms governance platform. They then passed a proposal that authorized the transfer of treasury funds, effectively stealing the assets.

The stolen tokens were quickly moved. In response, the South Korean exchange Upbit temporarily suspended BONK deposits and withdrawals to block one exit route.

BonkDAO controlled a significant portion of the total BONK supply, making its treasury a prime target. The incident caused the BONK token price to drop by over 9 percent.

The BonkDAO team says it has identified the wallets involved and is collaborating with law enforcement and exchanges to trace and recover the funds.

The exploit highlights a recurring vulnerability in decentralized autonomous organizations (DAOs) using simple token-weighted governance. Security measures like timelocks, multi-signature requirements, or higher quorum thresholds could have prevented such an attack. Reports indicate BonkDAO lacked robust safeguards.

For investors, the treasury loss reduces resources for project development and signals that the project's governance infrastructure was not secure, raising concerns about long-term resilience.