Pai 🌲|7月 07, 2026 09:40
Spent 4M to steal 20M
The contract wasn’t hacked.
The BONK treasury theft was actually approved through a DAO proposal vote.
The attacker spent 4M to buy votes, pushed a malicious proposal into a legitimate resolution, and then took 20M.
The Achilles' heel of token-weighted voting: if you’ve got money, you can legally steal.
The proposal’s approval threshold wasn’t high, so spending 4M for a 20M return was totally worth it.
DAO governance isn’t automatically secure just because it’s written into a contract.
Voting power = token holdings — this design itself is a loophole that can be priced.
BTC is holding steady at 63K, the market isn’t moving much.
The attack surface in crypto has long gone beyond the contract layer; the governance layer is just as fragile.
Wondering if more DAOs will get hit this way next.
If the return outweighs the cost, someone will definitely do it.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink