BonkDAO, the governing body behind the Solana-based Bonk memecoin, suffered a massive exploit of $20 million on Monday. Cyber criminals deployed a malicious governance proposal to violate the platform’s security, giving them direct access to treasury funds. This is the second exploit attack that hit the DeFi sector in the last few hours. Earlier on Monday DeFi vault platform Summer Finance also lost $6 million in a flash loan attack.
The exploit was confirmed on Monday by the official X handle that goes by the username @bonk_inu.
“During the investigation, BonkDAO identified the exchange wallets used to purchase Bonk ahead of the proposal. BonkDAO is currently actively working with exchanges, bridges and Solana Foundation to best manage the situation,” the post said.
While the Bonk team is working with various exchanges, Solana, and law enforcement agencies to try to recover funds and identify the culprits, the DeFi community has opened floodgates of discussions on the attack style on social media.
The attackers are suspected to have submitted a proposal to the BonkDAO seeking an ecosystem development grant. Regular community members may have seen this as a standard request looking for a minor funding.
The exploiter, however, had infected the smart contract of that grant proposal with a malicious function. Once the request was approved, the attacker triggered an immediate unauthorized transfer of $20 million worth of Bonk tokens from the main treasury into their wallets.
At the time of writing, the Bonk memecoin was trading at $0.054 as per CoinMarketCap.
The BonkDAO is yet to provide a detailed break-down of the incident.
The DeFi industry has already reportedly lost over $840 million to exploits so far.
Just a few hours ago, Summer Finance suffered a smart contract exploit resulting in a loss of funds worth at least $6 million. A smart contract was manipulated by the attacker to execute a flash loan attack on the DeFi protocol.
Last month, a previously exploited Radiant Protocol announced the end of its operations after losing $50 million.
These back-to-back DeFi hack incidents have now highlighted the dire need for developers to address potential security lapses as a basic risk mitigation move.



