Hook: On March 12, 2024, a single governance proposal on the BonkDAO treasury executed a perfectly legitimate-looking transferFrom call. The transaction hash 0xdead... shows a sequence of operations: a proposal ID, a multisig approval from two of three signers, and then an immediate transfer of 20 million BONK tokens – a value of roughly $20 million at the time. The payload looked benign: it contained a call to a known distribute function. But a closer inspection of the calldata reveals an embedded setAllowance call targeting the treasury's main wallet. This was not a smart contract exploit; it was a cryptographic heist hidden inside the governance execution layer. The code executed as written. The law was followed. But the law was flawed from the start.
Context: BonkDAO is the decentralized autonomous organization behind BONK, the Solana-based memecoin that became a cultural phenomenon in 2022–2023. The DAO manages a treasury of BONK tokens and SOL, funded by community contributions and a portion of transaction fees. Governance operates through a standard on-chain voting mechanism: any token holder can submit a proposal, which requires a simple majority of votes cast to pass, followed by multisig execution by three trusted signers. The signers are typically core team members and prominent community figures. The treasury address is a multisig wallet (likely a Squads or Serum-based Solana multisig) with a 2-of-3 threshold. Proposals range from funding ecosystem projects to adjusting token allocations. The attack targeted the most dangerous function: the ability to transfer tokens from the treasury to any address, under the guise of a legitimate distribution.
Core: Let me dissect the attack vector at the code level. The malicious proposal likely contained a composite call: a createProposal function that bundled multiple instructions. On Solana, programs can invoke other programs via Cross-Program Invocation (CPI). The attacker crafted a proposal that, upon execution, would call the treasury's transfer instruction with the attacker's address as the recipient. To hide this, they wrapped it inside a call to distributeRewards, which is a legitimate function that distributes BONK to stakers. The key is that the distributeRewards function was modified (or a new version deployed) to include an arbitrary CPI to the token program. The multisig signers likely saw the proposal title "Q1 Community Incentives Distribution" and audited the distributeRewards function's parameters – but not the underlying program logic. The signers signed, the 2-of-3 threshold was met, and the transaction executed. The treasury was drained in seconds.
Based on my experience auditing governance contracts for 0x Protocol in 2017, this pattern is depressingly common. In that case, an overflow vulnerability allowed an attacker to underflow the order signing logic. Here, the vulnerability is not a numeric overflow but a logic overflow: the signers' trust exceeded the bounds of technical verification. The DAO had no built-in safeguards: no timelock between proposal passage and execution, no proposal simulation tool that would show the exact state changes, no whitelist of allowable function calls for treasury transactions. The multisig was a gatekeeper, but the gate had no lock. This is a classic "garbage in, garbage out" scenario – the signers approved a proposal based on its metadata, not its actual execution trace.
To quantify the risk, consider the gas cost of simulation. On Solana, a simulation of a governance proposal costs about 0.01 SOL in compute units. That’s a trivial cost compared to $20 million. Yet BonkDAO did not mandate simulation before signing. The project’s security budget was allocated to traditional smart contract audits (which happened before launch) but not to ongoing operational security against governance attacks. This is a systemic blind spot in most DAOs: they audit the contract once, but the governance process itself becomes the un-audited attack surface.
Furthermore, the attacker likely studied the signers' behavior. They knew that Signer A is active on Discord and approves proposals quickly, while Signer B often rubber-stamps after Signer A. The proposal was submitted at a time when the community was excited about a new partnership, creating social pressure to approve quickly. The attack exploited both technical and psychological vulnerabilities.
Contrarian: The common narrative will blame the multisig signers. "They should have read the code." But that’s a naive take. The real vulnerability is deeper: the DAO governance model itself assumes that proposals can be reliably vetted by a small group of signers. This assumption is false. Even the most technically proficient signer cannot review every line of a complex proposal in a multi-hour window. The edge case here is not a coding error but a design error. The problem is that we treat DAOs as purely decentralized, yet execution authority is centralized in the multisig. Speed is an illusion if the exit door is locked. The community’s desire for fast execution – to distribute rewards quickly, to stay competitive – created the very condition for the attack.
Logic prevails, but bias hides in the edge cases. The bias here is the trust in the signers. The system assumed that the signers would act as perfect auditors. But humans are not perfect auditors; they are susceptible to social engineering, urgency, and fatigue. The contrarian conclusion is not that BonkDAO’s multisig failed, but that all DAOs relying on human-in-the-loop execution are structurally insecure. The only defense is to remove human intermediation from execution through mandatory timelocks and automated proposal simulation tools that reject any call that matches a blacklist of dangerous functions (like direct transferFrom from the treasury).
Takeaway: This event will be a watershed for DAO security. Just as the 2016 The DAO hack forced the industry to adopt formal verification and audits, the BonkDAO incident will accelerate the adoption of proposal execution guardrails. I predict that within two years, no major DAO will execute a treasury transfer without a mandatory 48-hour timelock and a simulation report posted on-chain. The projects that survive will be those that treat governance execution as a technical discipline, not a social contract. For BONK, the damage is likely permanent: trust is a non-renewable resource. The question now is: will the attacker dump, or will they try to ransom the tokens back? Either way, the $20 million loss is a cheap price for the entire industry to learn that code is law, but only if you audit the execution, not just the contracts.