PANews丨APP全面升级
PANews丨APP全面升级|7月 07, 2026 01:45
BonkDAO Treasury Thief: "I bought my way in!" According to @EmberCN's analysis, $20M worth of BONK was drained from the BonkDAO treasury. The entire process followed governance procedures legally—no hacking, no contract vulnerabilities. The attacker's cost? Just $4M. Here's how it went down: Step 1: Submit a proposal Six days ago, the attacker submitted a proposal on the governance platform to transfer all BONK in the treasury to a wallet they controlled. The proposal was publicly posted but went unnoticed. Step 2: Buy votes To pass the proposal, at least 1% of tokens needed to vote in favor. The attacker withdrew 8.822 trillion BONK (around $4M) from an exchange and used it all to vote. Only 7 addresses participated in the voting, with the attacker controlling 99.878% of the voting power. Step 3: Automatic execution Once the proposal met the approval criteria, the contract automatically transferred 4.426 trillion BONK to the attacker's wallet. No manual review, no delays—the rules were hardcoded, and the process ran as written. Currently, the BonkDAO team has identified the exchange wallet the attacker used to purchase votes and is working with the exchange, cross-chain bridges, and the Solana Foundation to track the funds. $4M to buy votes, $20M stolen— This was a robbery carried out entirely within the rules!
+6
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads