Bonk's treasury has been emptied: governance attack cashes out 4 million.

CN
2 hours ago

Ten days ago, an anonymous address that was previously insignificant suddenly became a major player in Bonk governance: according to public materials, this address first spent approximately $4.4 million to purchase BONK in large quantities, quickly rising to become a key stakeholder with voting rights, and then pushed a governance proposal favorable to itself to pass, requesting the treasury to transfer tokens to its address. After the proposal was implemented, the Bonk treasury transferred approximately 4.426 trillion BONK to this address, worth about $21.2 million at the time, which constituted a core strike deemed a governance attack. According to AiCoin data, since the incident occurred, the price of BONK has fallen from about $0.0000047 to about $0.0000034 over the course of ten days, a decline of about 28%, with panic over the emptied treasury and market expectations of subsequent sell-offs overlapping. Now on July 17, 2026, about three hours before the relevant news was announced, this attacking address transferred approximately 1.186 trillion BONK back to Binance, worth about $4.11 million at the time, with the on-chain behavior clearly shifting from "seizing governance and emptying the treasury" to "cashing out in batches." Market opinions suggest that this address still holds about 3.24 trillion BONK, worth about $11 million at current prices, and this portion of undisposed tokens implies that the governance attack has entered a phase of batch selling, while the uncertainty of selling pressure still looms over Bonk and its holders.

Flash Attack in Ten Days: $4.4 Million Buying Votes to Unlock $21.2 Million in Treasury

Tracing back the on-chain timeline, the real starting point of the story is not the emptying of the treasury, but the unusually concentrated buy orders about ten days ago. An anonymous address without any public identity label suddenly spent about $4.4 million to buy BONK in a short time. According to a single source, this scale pointed clearly to a specific target: to obtain enough voting rights to influence the direction of governance proposals. In a structure where tokens are highly linked to governance rights, holding tokens equates to having a voice, and this attacker completed a rapid infiltration of the Bonk DAO through "buying votes," transitioning from an ordinary holder to a key minority capable of leading the agenda.

The subsequent script unfolded almost along a textbook path of governance attacks. The attacker initiated and pushed a governance proposal that was extremely favorable to itself, and under the suppression of a voting majority, it passed smoothly, transforming the "community resolution" into a legal packaging that authorized the Bonk treasury to transfer a large amount of assets to its address. Shortly after the proposal was passed, the treasury transferred approximately 4.426 trillion BONK to this anonymous address as per the resolution, worth about $21.2 million at the time, resulting in a nearly fivefold paper profit from the "buying vote cost" of ten days. This governance attack that used millions to unlock tens of millions from the treasury clearly exposed the leverage gap in token voting systems under extreme conditions, and became a systemic risk signal that all DAOs relying on token governance cannot avoid.

Post-Emptying Batch Exodus: First Cashing Out Over $4 Million

After the treasury was secured, this anonymous address did not crash the market in one go; instead, it divided the 4.426 trillion BONK into multiple transactions, gradually transferring them toward exchanges over ten days. Some tokens were confirmed to have been sold on the market, with reports summarizing this first batch of cashing out as "over $4 million," indicating that the attacker was not just paper-rich but was rhythmically turning the governance attack into real cash flow. The latest transaction occurred on July 17, 2026, according to on-chain analyst EmberCN, this address transferred about 1.186 trillion BONK to Binance about three hours before the news release, with a nominal value of approximately $4.11 million, becoming the most notable exit action so far.

The problem is that this is just the "first layer" of selling pressure. Public opinion statistics show that the attacker’s address still holds about 3.24 trillion BONK, worth approximately $11 million at current prices, with no clear disposal path displayed on-chain. With the price having fallen from about $0.0000047 to $0.0000034, a decline of about 28% within ten days, the market naturally began to amplify imaginations of the future flow of these 3.24 trillion tokens: once they continue to be sold in batches at the current pace, short-term prices and sentiment could again be impacted, and if the address chooses to watch from the sidelines or attempts to negotiate with the project party, the Bonk community would need to endure this "Damocles' sword hanging over the chain" for a longer time.

How Governance Attacks Exploit DAO Vulnerabilities and Bypass Defenses

In most scripts of governance attacks, the real weapon is not the vulnerability but the "rules." The attacker first concentrically bought a large number of tokens in a short time, pushing themselves to a position that could sway voting outcomes, then meticulously designed a proposal that seemed compliant but was highly beneficial to themselves; as long as it passed through the process "normally," the treasury would actively send money to the attacker’s address on-chain. The Bonk incident is almost a textbook example: about ten days ago, the anonymous address used about $4.4 million to buy BONK, directly targeting the threshold for governance voting to pass, and then pushed the proposal to authorize the treasury to transfer about 4.426 trillion BONK to its address, worth about $21.2 million at that time, without triggering any contractual anomalies, yet completing a "legal emptying" of the treasury at an institutional level.

The true structural vulnerability lies in the fact that Bonk and many DAOs bind "voting rights" and "treasury keys" almost indiscriminately to the same token, and that the high concentration of tokens in the market does not automatically trigger additional defenses. Under such a design, as long as someone is willing to pay enough token costs, they can directly rewrite the direction of the treasury through a round of governance voting. Similar risks are not isolated; Beanstalk Farms had previously faced an attacker obtaining funds through governance processes, indicating that this model has repeatedly appeared in the industry. As long as tokens can be rapidly concentrated in a single address in the open market, and governance lacks multiple thresholds, cooling-off periods, or dedicated treasury risk control modules, the simple binding of "token = vote = treasury control" will continue to be a high-risk structure targeted by governance attacks.

Long-term Aftermath Facing the Bonk Community and Holders

The treasury was emptied all at once, and the attacker has already transferred massive BONK amounts to exchanges multiple times within ten days, according to AiCoin data, during which BONK's price fell by about 28%. This combination of shocks almost directly tore apart the brand assets that Bonk had built on community enthusiasm and narratives. For old holders, the reality that "the community treasury can be taken by a vote at any time" will be etched in memory; for potential new participants, the fact that the attacker still holds about 3.24 trillion, worth about $11 million at current prices and has yet to fully dispose of their tokens, constitutes a persistent uncertainty hanging over the market. This long-term expectation of selling pressure does not need to be fully realized to sufficiently suppress sentiment and weaken Bonk's allure as a popular meme in the Solana ecosystem.

Following the dual blows of price declines and governance failures, the behaviors of holders are likely to diverge significantly: some may choose to leave and observe, reducing their risk exposure to similar community projects; others, even if they continue to participate, are more likely to heighten their vigilance in future governance votes, maintaining a natural skepticism toward any proposals involving treasury access or large authorizations. This tightening of risk appetite will make it more difficult to translate the slogan of "co-building the community" into concrete actions, with participation rates and long-term lock-up intentions likely weakening. If Bonk wants to repair the rift, it will likely need to introduce higher thresholds for proposals and voting, cooling-off periods, or safety modules in governance rules, limit the scale of single authorizations in treasury management, and proactively include alerts for governance attack and concentrated voting risks in disclosures aimed at ordinary holders. Currently, no clear response plans from the Bonk project or DAO have been publicly disclosed, which also means that whether these repair directions can truly be implemented will determine whether Bonk has the opportunity to rebuild credibility and narratives under the shadow of this governance attack.

Governance Ambush Warning from Bonk to the Entire Industry

The Bonk treasury was leveraged by an anonymous address at a cost of about $4.4 million to unlock approximately $21.2 million in assets, and completed cashing out over $4 million in ten days with the latest transaction on July 17 transferring about 1.186 trillion BONK (around $4.11 million) to Binance. This is no longer just an incident of a single meme project, but a governance ambush sample for the entire chain, or even the entire industry: as long as tokens are highly concentrated, voting thresholds are lax, and treasury authorization lacks protection, any DAO could potentially be "bought for voice" in a short time by large amounts of capital and have their treasury legally emptied through proposals. In facing similar projects, what readers really need to look for is not just the stories and market conditions, but several clear governance safety signals—whether holdings and voting rights are overly concentrated in a few addresses, whether major proposals set sufficiently high quorum and passage thresholds, whether treasury transactions are broken down into multi-level authorizations with added cooling-off periods or safety modules, and whether ordinary community holders can understand and counterbalance potential "self-serving" proposals within a limited timeframe. Governance attacks have precedent in the DeFi space, as evidenced by Beanstalk Farms, and now Bonk has once again materialized this risk, while the attacker still holds approximately 3.24 trillion BONK (around $11 million) after completing their latest transaction to exchanges. The direction of this event depends on their subsequent on-chain selling, whether Bonk DAO can truly implement governance repairs, and whether community trust can be rebuilt; these uncertain observational variables will long determine whether this attack is recorded as an incidental event or written into the industry’s structural warning cases.

Join our community, let’s discuss together and become stronger!
AiCoin exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To
APP

X

Telegram

Facebook

Reddit

CopyLink