Bonk DAO lost roughly $20 million in BONK this week, but not through a smart-contract exploit. This time, the attack played out entirely inside the DAO’s own governance system.

The attacker accumulated voting power by buying up BONK, reportedly through exchange-linked wallets that BonkDAO says it traced, and used that influence to pass a treasury transfer proposal. Only a handful of wallets took part in the vote, and with turnout so low, it was enough to approve a single transfer moving about 4.42 to 4.43 trillion BONK, around $20 million, straight out of the treasury account.

What set this apart was the mechanism: it wasn’t a bug in the code, but a weakness in governance design. A simple majority of active voters could commit major funds without tougher protections like high quorum thresholds, execution delays, or added approval steps.

BONK’s price fell roughly 8% to 10% after news broke, but the fallout is about confidence in DAO-run treasuries more broadly. If a single participant can buy their way to enough votes, low turnout makes the governance process itself the vulnerability.

The structural question now is whether DAOs rethink how treasury votes are safeguarded, or whether thin participation keeps their reserves exposed.