Loading market data...

BonkDAO Loses $20 Million in Apathy Attack Exploiting Low Voter Turnout

BonkDAO Loses $20 Million in Apathy Attack Exploiting Low Voter Turnout

BonkDAO, the decentralized autonomous organization behind the Solana-based meme token BONK, has lost $20 million in what security researchers are calling an apathy attack. The exploit took advantage of low voter participation in governance proposals, allowing a malicious actor to pass a proposal that drained the treasury. The incident underscores a growing vulnerability in DAO governance that also threatens other major protocols like Compound.

How the attack worked

Governance in DAOs relies on token holders voting on proposals. But when turnout is low, a relatively small number of votes can decide the outcome. In this case, the attacker accumulated enough voting power to pass a proposal that transferred $20 million worth of assets out of the BonkDAO treasury. The low voter engagement meant that legitimate token holders did not notice or oppose the malicious proposal in time. The attacker likely submitted the proposal during a period of low activity, when few community members were monitoring the governance forum.

Compound's parallel vulnerability

Compound, a leading lending protocol, has also faced governance risks from apathy. In a previous incident, a proposal to send 5% of COMP tokens to a wallet controlled by the so-called Golden Boys group passed with minimal opposition. While that proposal was later blocked by a community fork, it highlighted how low voter turnout can lead to governance attacks. Compound's governance system has since been updated to require higher quorum thresholds, but the underlying risk remains for many DAOs that rely on active participation.

What BonkDAO is doing now

BonkDAO has paused its governance system and is working with security firms to recover the funds. The team has also proposed new measures to increase voter participation, including staking rewards for voting and time-locks on large proposals. However, the $20 million loss represents a significant portion of the DAO's treasury, and the community is divided on how to proceed. Some members are calling for a full audit of the governance process, while others argue that the attack was an inevitable consequence of low engagement.

The attack has reignited debate about the security of DAO governance. While smart contract exploits are well-known, apathy attacks are a newer threat that targets the human element of decentralized decision-making. For DAOs with low participation, the cost of inaction can be millions. The question now is whether BonkDAO can recover its funds and whether other DAOs will take steps to prevent similar attacks before they happen.