TL;DR
- Domain Hijack: Attackers seized Bonk.fun’s domain and replaced normal site interactions with a fake terms-of-service prompt that drained wallets once signed.
- User Impact: Losses remain unconfirmed, though one trader reported $273,000 stolen; the team says only users who approved the fraudulent message were affected and describes overall losses as minimal.
- Market Context: The breach hit during a cautious period for Solana and meme tokens, adding pressure as phishing attacks grow more sophisticated across the crypto sector.
Bonk.fun’s team moved quickly on Thursday to warn users after attackers seized control of the Solana-based launchpad’s domain and used it to push a malicious wallet-draining prompt. The breach targeted the website’s front end rather than its contracts, creating a dangerous window in which visitors were met with a fake terms-of-service message that, once signed, allowed funds to be emptied almost instantly. With reports of losses still unconfirmed and on-chain checks ongoing, the platform urged users to avoid the site entirely until the domain is secured.
A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything.
— BONK.fun (@bonkfun) March 12, 2026
Front-End Hijack Exposes Users to Drainer Script
Both community reports and statements from Bonk.fun describe a coordinated domain takeover that replaced normal site interactions with a phishing flow disguised as routine compliance checks. Unsuspecting users who connected a wallet and approved the prompt granted permissions that enabled attackers to sweep assets within seconds. One trader reported losing $273,000 during the incident, though the team has characterized overall losses as minimal so far. The exact number of victims remains unclear, and verification efforts were still developing at the time of the warning.
Bonk.Fun’s Team Says Only Signed Prompts Were Affected
Do not use the https://t.co/4xXs3cMJx0 domain until further notice, hackers have hijacked a team account forcing a drainer on the DOMAIN.
URGENT.
— Tom (@SolportTom) March 12, 2026
Tom, the operator behind Bonk.fun, emphasized that users who had previously connected to BonkFun without signing the fake message were not impacted. He also noted that traders interacting with bonk fun tokens through terminals were unaffected. According to Tom, the drainer only activated when users approved the fraudulent terms-of-service request. He added that the team detected the breach quickly and moved to alert the community as fast as possible.
Market Sentiment Reacts as Solana Sector Faces Pressure
The timing of the compromise added strain to an already cautious market. While broader meme tokens were described as ticking higher earlier in the day, BONK slipped modestly as the warning circulated. Solana itself is down 5.47% over the past week, and Bitcoin trades at $70,023 after a 3.59% weekly decline. Even though the exploit did not involve smart contracts, the headline risk weighed on sentiment.
Growing Sophistication of Crypto Phishing Attacks
The incident reflects a broader rise in phishing schemes across the crypto sector. Recent security reports highlight how malicious actors now use generative AI to craft convincing websites, emails, and chatbots. In 2025 alone, phishing attacks cost victims more than $17 billion, underscoring how front-end compromises remain one of the hardest threats for traders to detect.
