The domain of Solana-based memecoin launchpad Bonk.fun was briefly hijacked after attackers gained access to a team account and deployed a malicious scheme designed to drain users’ crypto wallets.
The project’s official account on X issued an early warning on Thursday, urging users to avoid interacting with the website while the team worked to regain control and secure the platform.
A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything.
— BONK.fun (@bonkfun) March 12, 2026
“A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything,”
the team said in a post.
Bonk.fun warns users after domain compromise
According to Tom, an operator behind Bonk.fun, the attackers used the compromised access to push a fake message on the site intended to trick visitors into approving a malicious transaction. The message reportedly appeared as a legitimate prompt, making it easier to deceive unsuspecting users.
The exploit involved a fraudulent terms-of-service prompt displayed during the breach. Users who approved the prompt unknowingly signed a transaction that allowed the attackers to drain funds from their wallets.
Tom clarified that users who had previously connected their wallets to the platform before the incident were not affected. Similarly, traders interacting with Bonk-related tokens through external trading terminals remained safe. The project launched Bonk Arena last year, marking a significant step forward in the project’s expanding ecosystem.
Some users report SOL losses
Despite the quick response, several users reported losing funds during the attack. In replies to the warning posts, one user claimed approximately 50 Solana (SOL) had been drained from their wallet, while another reported losing around 10 SOL. Others shared similar experiences, though the full scale of losses remains unclear.
Tom said the incident was quickly contained and that reported damages appear relatively limited so far. He also reassured the community that the team is actively working to resolve the issue and prevent further harm.
“We understand a lot of people are scared and rightly so, but we’re doing everything in our power to fix the situation,”
he said.
Security experts say users who suspect they interacted with the compromised site should act quickly to protect their assets. One key step is to revoke any permissions previously granted to the platform’s smart contracts using tools such as Revoke.cash, which allows users to review and cancel active wallet approvals.
Users who signed the malicious prompt are also advised to transfer any remaining assets to a new wallet as soon as possible and discontinue using the potentially compromised one.
Bonk.fun has not yet confirmed when the website will be fully restored, but the team continues to urge users to avoid interacting with the domain until it is declared safe.
Enjoyed this piece? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
