BONK treasury attackers throw another 400 billion, panic escalates?

CN
3 hours ago

The "black hand" that hollowed out the BONK treasury has moved again today. On July 18, according to on-chain analyst Yu Jin's monitoring, the address of the attacker that had previously maliciously transferred about $21.2 million worth of BONK through a governance proposal has transferred another 400 billion BONK to Coinbase, estimated at about $1.19 million based on the price at that time. When this large on-chain transfer was discovered, it had only been about 20 minutes since it actually occurred. Since the early hours of today when this address first transferred BONK to the exchange, multiple media outlets reported that the price of BONK has dropped by about 7% again, with the already fragile sentiment being repeatedly impacted — each new deposit record is interpreted by the market as a countdown to a new round of selling pressure. In the absence of a clear remedy path from the officials and with the scale of the attacker's remaining chips being opaque, this continuous transfer of treasury assets to centralized exchanges like Coinbase is evolving from an "already occurred governance attack" into an indelible core risk variable in the BONK narrative.

4.4 million leveraged to 21.2 million: Governance vote reversed

Looking back at the starting point of the entire incident, it all almost began with a "seemingly normal increase." According to public information, about 10 days before launching the governance attack, the attacker concentratedly bought large amounts of BONK in the secondary market, totaling about $4.4 million. The large influx of buying at that time did not trigger much alarm, but quickly translated into overwhelming voting power at the governance level — these new chips were precisely used in the subsequent key proposal, rather than for long-term community building.

After obtaining votes sufficient to sway the outcome, the attacker initiated and pushed a malicious governance proposal, forcing it through the vote, which directly transferred approximately $21.2 million worth of BONK from the project treasury to an address under its control. Afterwards, this address is widely regarded as the core executor of this round of "treasury hollowing." For BONK, what is truly fatal is not just this loss of $21.2 million, but the gaps in the system exposed by the process itself: the voting threshold clearly allows a single large holder to buy votes and gain power in a very short time, the transfer out of the treasury lacks sufficient multi-layer protections and buffer mechanisms, and once governance is maliciously controlled, the entire treasury has almost no substantial defensive space.

Another 400 billion injected: Attacker's selling pressure continues

After the governance was breached, this address that was previously used to "buy votes" did not fall silent. Later on July 18, on-chain analyst Yu Jin detected that it had initiated an astounding transfer again: approximately 400 billion BONK from the same attacking address to a Coinbase-related address, valued at about $1.19 million at that time. This action occurred about 20 minutes before it was publicly reported, the outgoing address was completely consistent with the address that received treasury funds earlier, clearly marking this fund as a subsequent operation on the same governance attack chain.

From a behavioral pattern perspective, this is not an isolated adjustment, but a continuation of continuously depositing and liquidating stolen BONK to centralized trading platforms. The briefing also directly considers this transfer as part of the attacker’s continued selling and cashing out treasury assets. Since the early hours of today when this address first transferred BONK to the exchange, the BONK price has dropped by about 7% again, and Coinbase is gradually being seen in public information as one of the main exchange platforms for the attacker. Given that the scale of the attacker’s remaining holdings and next steps remain unclear, the deposit records of this address on Coinbase are becoming the most critical observation window for the market tracking its movements and potential selling rhythm.

Price drops another 7%: Trust test for the BONK community

The most direct feedback at the price level has already appeared. According to multiple media reports, since the governance attacker hollowed out the treasury and first transferred BONK to the trading platform in the early hours of today, the price has once again fallen by about 7% on the previously pressured basis. As the shadows of the earlier treasury transfer and intensified selling pressure have not yet dissipated, the attacker’s address continues to send chips to platforms like Coinbase, turning this "downward curve" into a collective vote on trust, rather than just a simple short-term fluctuation.

What is truly shaken is the confidence of BONK holders in the entire governance and commitment system: Is the treasury still safe? Can future voting results still represent the will of the majority? Can the project party withstand the test of similar incidents repeating in long-term commitments? In current public information, there has been no authoritative explanation regarding the specific path to recover the transferred assets and repair the governance mechanism; this uncertainty itself will be magnified — especially for Meme projects that rely heavily on community consensus and narrative, a governance attack that has been exploited cannot be simply "erased" with a single technical upgrade, and the repair of community sentiment may lag far behind the pace of price rebound.

Voting exploited: Governance risks of Meme projects exposed

In this incident, what was pried open was not a contract with obvious vulnerabilities, but a whole set of governance processes that appeared "compliant." About 10 days before the proposal was launched, the attacker concentratedly bought approximately $4.4 million worth of BONK in the secondary market, according to public information, and the purpose of this step was to reach the governance voting threshold to obtain enough votes to sway the outcome. The subsequent malicious proposal did not have any signs of "overreach" in the process: initiated according to the rules, voted according to the rules, executed according to the rules, and ultimately completed the transfer of around $21.2 million worth of BONK from the treasury to its controlled address, with the entire path being defined by multiple parties as a typical "governance attack," rather than a technical intrusion in the traditional sense.

This chain exposed the structural risks of Meme projects in a scenario where token distribution is highly concentrated and regular governance participants are limited: as long as someone is willing to throw down enough chips at once, they can "buy voice" in a very short time, achieving substantive hollowing out with programmatically correct results. For other Meme projects that also rely on token voting to manage their treasury and have relatively loose voting rules, governance is no longer a nice decoration in the white paper, but a key module that needs to be seriously implemented as a potential attack surface for risk control, otherwise, even if no changes are made to the contract, the treasury could be legally emptied during what seems like a normal voting cycle.

Is the sell-off unfinished? What to focus on next

From a short-term risk perspective, the biggest unknown remains how much BONK this governance attacker still holds, what the cost range is, and whether they will continue to periodically inject chips into platforms like Coinbase. Current public information has not disclosed their remaining holdings and cost details; the only clear anchor points are the multiple exposed addresses and the transaction records of deposits to exchanges. Therefore, if there are any large transfers in the future, especially if they flow to centralized platforms, it will directly change the market's judgment about whether the "selling pressure has been cleared." Two additional clues that need to be closely monitored are: first, whether the subsequent transfer paths from the attacker’s address show new aggregated addresses or "washing" patterns; second, whether the BONK community initiates discussions around treasury permissions, voting thresholds, etc., and whether major exchanges further strengthen monitoring and labeling actions on related addresses — if any transfers close to the size of this one or new governance proposals emerge in the future, they will be core signals for judging whether the situation escalates. For investors, this incident also reminds everyone that when assessing Meme projects, the treasury management mechanism and voting rule design must be included in the risk list, equally important as price fluctuations and topic popularity; only then can there be an opportunity to identify the structural risks that need to be avoided before the next similar governance attack.

Join our community to discuss together and grow stronger together!
Exclusive Hyperliquid benefits for AiCoin: https://app.hyperliquid.xyz/join/AICOIN88
Exclusive Aster benefits for AiCoin: https://www.asterdex.com/zh-CN/referral/9C50e2
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To
APP

X

Telegram

Facebook

Reddit

CopyLink