The official website for the Solana memecoin launchpad Bonk Fun has been hijacked after a malicious actor gained control of its domain on Wednesday (March 11). The attacker reportedly deployed a wallet-draining script disguised as a routine user interaction.
The platform’s team quickly issued an urgent warning, telling users not to interact with the website until further notice. Anyone who connects their wallet and signs the current prompts risks having their assets stolen almost instantly.
Meanwhile, the BONK meme coin has slipped nearly 1% over the past 24 hours as news of the incident spreads. The decline comes during an already difficult year for the token, which has lost roughly 45% of its value so far.
The timing is particularly unfortunate. The broader memecoin market has been enjoying a strong day, climbing around 2.5% and pushing total sector market capitalization back above $32 billion. Major meme tokens such as Dogecoin, Pepe (cryptocurrency), Memecore, and Shiba Inu (cryptocurrency) have all posted gains.
Bonk Fun now joins a growing list of Solana-based platforms targeted by attackers. As reports of the breach surfaced, the BONK token dipped about 1.5%.
How the Attack Happened
Unlike many crypto hacks, this incident didn’t involve a failure in the blockchain or smart contracts. Instead, the attacker targeted the platform’s front-end, exploiting user trust rather than the underlying infrastructure.
According to X user SolportTom, who operates the platform, hackers managed to hijack a team account and use it to push a malicious wallet drainer onto the site.
Visitors currently see a fake terms-of-service pop-up that appears to be a standard compliance prompt. However, signing this request grants the attacker permission to access and empty the connected wallet within seconds.
“A malicious actor has compromised the BONKfun domain,” the team wrote in a post on its official X account. “Please do not interact with the website until everything is secured.”
How Much Was Stolen?
So far, the Bonk.fun team has not confirmed the total amount lost. However, developers say the damage appears to be “minimal”, largely because the issue was detected quickly.
Only users who interacted with the fake prompt during the period when the site was compromised were affected. The exact amount of stolen funds is still being verified through on-chain analysis.
The situation highlights a growing risk across the crypto industry. Earlier this year, a glitch involving Aave price oracles triggered unexpected liquidations due to interface and data irregularities. While the mechanics were different, the result was similar: users lost funds because of a technical issue.
Front-End Attacks Are Increasing
Phishing-style attacks like this are becoming more sophisticated and widespread. According to Chainalysis, crypto-related scams totaled around $17 billion in losses during 2025.
Rather than attacking blockchain protocols directly, many hackers are now targeting user interfaces and domains, which are often easier to compromise and rely heavily on user trust.
What Bonk.fun Users Should Do Now
Anyone who visited Bonk.fun in the past 24 hours should assume their session may have been compromised.
Front-end attacks can bypass traditional security measures, similar to the Android vulnerability recently identified by researchers at Ledger, which could potentially expose wallet seed phrases.
Users are advised to take the following steps immediately:
Disconnect your wallet: Remove Bonk.fun from your wallet’s list of connected sites.
Revoke permissions: Use a tool such as Revoke.cash to cancel any approvals granted to Bonk.fun-related contracts.
Check your transaction history: Look for any transfers you didn’t authorize.
“We understand a lot of people are scared—and that’s understandable—but we’re doing everything we can to fix the situation,” SolportTom said.
For now, users should wait for an official “all-clear” announcement from the Bonk.fun X account before visiting the website again.
If the domain remains compromised for another 24 hours, users may start migrating to rival launchpads such as Pump.fun. That could make it difficult for Bonk.fun to recover its remaining user base.
However, if the team manages to secure the domain quickly and compensate affected users, confidence in the platform may stabilize. For now, the pressure is on Bonk.fun’s operators to prove the website is safe again.
