The wallet behind BonkDAO's $20 million governance attack has parked most of the stolen $BONK in a multisig controlled by a newly created shadow DAO, Chainalysis said in a post on its official X account Tuesday. The blockchain analytics firm calls the structure "$BONK 2.0."

The multisig is governed by three parties: the malicious voter wallet, the exploiter wallet that received the drained treasury, and a third wallet with financial ties to the voter, according to Chainalysis's thread. The Defiant previously reported the initial drain of BonkDAO's treasury.

Attack Timeline

Chainalysis traced the scheme back to June 30, when an anonymous wallet first proposed draining BonkDAO's treasury. Passing the vote required 1% of $BONK's total supply in "yes" votes, which a separate wallet acquired on July 4 and 5 by buying $8 million worth on an exchange and borrowing the rest through DeFi.

That wallet cast the deciding vote on July 6, draining the roughly $20 million treasury into an exploiter wallet. Nine hours later, the exploiter sent $188,000 to an exchange, likely to cash out, and moved the remaining $19 million into the new multisig, where Chainalysis says the funds still sit.

Selling Into the Heist

Roughly an hour after the drain, the same voter wallet began liquidating $5.3 million of the $BONK it had bought and borrowed to secure voting power, according to Chainalysis. The firm said the wallet's intentions for the remaining $19.5 million may not become clear for days.