Users of the Solana-based memecoin launchpad Bonk.fun were urged to avoid the platform’s website after attackers compromised its domain and deployed a malicious wallet-draining script designed to siphon funds from connected wallets.
The project confirmed the breach in a statement on social media, warning that the platform’s domain had fallen under the control of a malicious actor.
According to the team, the breach began when an attacker gained control of a team-associated account, which allowed the intruder to alter the website’s interface and inject a deceptive prompt that appeared as a standard terms-of-service confirmation.
In reality, the prompt was linked to a wallet-draining program intended to trick visitors into signing a transaction that would grant the attacker permission to move assets from their wallets.
Tom, an operator associated with the project, also warned users that the hijacked account had been used to place the drainer directly on the domain.
“Do not use the bonk.fun domain until further notice, hackers have hijacked a team account forcing a drainer on the domain,” Tom wrote on X.
He clarified that the attack did not affect users who had previously interacted with the platform before the compromise.
“No if you connected to bonk fun in the past you’re not affected,” Tom said in a follow-up message, adding that traders accessing Bonk.fun tokens through third-party trading terminals were also unaffected.
Damages were limited
According to Tom, only visitors who signed the fake terms-of-service message during the window when the compromised interface was active were exposed to the wallet-draining script.
The team said it quickly identified the incident and issued warnings across social media channels, which helped contain the damage.
Still, at least some users appear to have suffered losses. One trader claimed on X that they lost their entire wallet after connecting to the site.
“I just got drained for $273,000 on Bonk.fun,” the user wrote, saying their wallet was left “bone dry” after interacting with the compromised interface.
Bonk.fun has not disclosed the total value of funds affected so far.
“We’re doing everything in our power to fix the situation,” he said, noting that protecting the platform’s users remains the team’s main priority.
A persistent threat
Due to their popularity, token launchpads and other major crypto projects have repeatedly become targets for attackers.
A similar technique was used in a previous incident involving the decentralised finance protocol Curve Finance, where attackers hijacked the project’s domain name system and redirected users to a malicious clone designed to drain connected wallets.
Pump.fun, a rival Solana-based memecoin launchpad competing with Bonk.fun, was targeted last year after attackers hijacked its X account to promote fraudulent meme tokens.
https://invezz.com/news/2026/03/12/bonk-fun-users-at-risk-after-hackers-hijack-domain-to-deploy-wallet-drainer/
