An official vote to withdraw funds from the treasury of a decentralized organization does not exempt participants from criminal and civil liability. That is the conclusion reached by Ripple CTO Emeritus David Schwartz while commenting on the $20 million loss suffered by BonkDAO.
The expert explained in detail why, from a legal standpoint, this incident is classified as corporate fraud, and why the concept of “code is law” is not recognized by state courts when it comes to the distribution of shared assets.
How the $20 million BonkDAO exploit became possible
Earlier, the decentralized treasury of the BONK meme coin on the Solana blockchain lost 4.42 trillion tokens through an official proposal, BIP #76, on the Realms platform. What happened was not a hacker attack: no smart contracts were broken, and the attacker used the token-weighted voting mechanism built into the system.
The scheme was carried out in several steps:
- The manipulator spent about $4.4 million on Binance and Bybit, buying around 1% of the total BONK token supply.
- A malicious proposal, BIP #76, was launched on Realms, instructing the transfer of 4.42 trillion BONK tokens from the treasury to an external address.
- Out of 18,500 wallets eligible to vote, only seven participated in the process.
- By depositing the tokens 25 hours before the voting pool closed, one wallet secured 99.9% of the entire voting power. The quorum was reached, and 5% of the asset’s total circulating supply was transferred to the manipulator’s wallet.
Why voting in a DAO is a legal trap, David Schwartz breaks down
Schwartz rejected claims by decentralization advocates that the transaction was legitimate simply because it followed the rules of the smart contract.
He explained that this precedent qualifies as corporate fraud because the absence of DAO registration as a legal entity, such as an LLC, automatically makes the structure equivalent to a general partnership under common law.
In this format, all participants bear joint and several liability, and everyone who voted in favor of the malicious proposal violated their fiduciary duty to the other holders. Schwartz also separately emphasized that courts evaluate only economic damage, and there are no “meme coin exceptions” in law.
At the moment, BonkDAO representatives have officially notified law enforcement agencies about the theft. The project team, together with the Solana Foundation and centralized exchanges, is conducting analytical work to track and block the withdrawn assets.
Legal experts note that this precedent marks the end of the era of legal nihilism in DeFi. In this case, the blockchain did not serve as a protective shield for the attacker, but as a transparent tool for recording the offense.






Be the first to comment