Hackers hijacked the Bonk.fun website and planted a wallet-draining script that stole funds from some users. The Solana-based launch platform confirmed that a “malicious actor” compromised its domain and warned users not to interact with the site until the issue is resolved.
According to Bonk.fun operator Tom, attackers gained control of a team account connected to the domain or hosting provider. They then injected code that turned the main website into a phishing trap for any wallet that connected after the breach.
The team said this was a web2 infrastructure hack, not a direct exploit of Solana smart contracts or the BONK token itself. That means the attack targeted the website’s front end, where users interact with the app through their wallets.
Fake Terms of Service Prompt Hid Wallet Drainer
Users who visited Bonk.fun during the incident saw what appeared to be a standard terms-of-service or approval prompt. In reality, signing that message gave a malicious contract permission to move tokens out of their wallets.
Tom and other team members stressed that only users who signed the fake approval after the compromise were affected. People who had connected to Bonk.fun before the hack or who traded Bonkfun tokens through external terminals did not face the same risk.
Even so, some losses appear large. One trader claimed on X that they lost roughly 273,000 dollars after connecting their wallet to the compromised site. Bonk.fun did not immediately publish a full estimate of total stolen funds.
What the Team and Community Did Next
Once the team confirmed the hijack, they pushed urgent warnings across social media and told users to avoid the domain completely. Tom said the quick alerts and community sharing helped limit the number of wallets the drainer reached.
Security posts advised affected users to revoke token approvals, move assets to fresh wallets, and monitor transactions for any unusual activity. Experts also urged projects to lock down domain accounts with multi-factor authentication and to implement stronger registrar security to close this “web2 to web3” gap.
The Bonk.fun team is now working with providers to secure control of the domain and investigate how attackers obtained the team credentials. They say restoring trust will require both technical fixes and clear communication with users who lost funds.
READ MORE: Wells Fargo Moves Into Stablecoin Space With WFUSD Filing
