The domain for the Solana memecoin launchpad Bonk.fun was hijacked by attackers who used it to deploy a wallet-draining scheme. The team warned users on X not to interact with the website, stating a malicious actor had compromised the domain. Some users reported losses, with claims of drained funds amounting to tens of Solana tokens.
Attackers gained access to a team account and hijacked the domain of the Solana-based platform Bonk.fun. They used this access to push a fake wallet-draining prompt designed to trick visitors.
The Bonk.fun account on X warned users early Thursday not to interact with the website. “A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything,” the project wrote in a post.
An operator behind the platform, Tom, stated the attackers used the compromised access to push a fake message. This message tricked visitors into signing a malicious transaction.
Tom explained the exploit specifically targeted users who signed a fraudulent terms-of-service prompt. Users with previously connected wallets or those trading through external terminals were reportedly unaffected.
Some users reported losses in replies to the warning posts. One user claimed roughly 50 Solana was drained, while another said they lost about 10 SOL.
Tom said the incident was contained quickly and that reported losses appear limited so far. “We understand a lot of people are scared and rightly so but we’re doing everything in our power to fix the situation,” he added.
