Bonk.fun users report drained wallets after hackers hijack platform domain

The team behind the Solana-based memecoin launch platform Bonk.fun warned users to avoid its website after hackers reportedly compromised the domain and deployed a malicious wallet drainer, with at least one trader claiming losses of $273,000 after connecting their wallet.

Bonk.fun domain hack triggers wallet drainer

In a statement posted on social media, the Bonk.fun account said a “malicious actor” had taken control of the platform’s domain and urged users not to interact with the website until the issue is resolved.

“A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything,” the platform said.

Tom, an operator associated with Bonk.fun, also warned that hackers had hijacked a team account and placed a crypto drainer directly on the site’s domain. The attacker allegedly used the compromised domain to prompt users to sign a fraudulent approval message disguised as a terms-of-service request.

According to Tom, only users who signed the fake message after the compromise were affected.

“If you connected to Bonk.fun in the past you’re not affected,” Tom wrote, adding that users trading Bonk.fun tokens through external trading terminals were also safe.

He said the team quickly detected the incident and spread warnings across social media, which helped limit losses.

Despite the response, some users reported significant losses. One user claimed on X that they lost their entire wallet after connecting to the site.

“I just got drained for $273,000 on Bonk.fun,” the user wrote, adding that their wallet was left “bone dry” after connecting.

The team said it is working to secure the domain and investigate the incident, stressing that protecting users remains its top priority.

The attack highlights a recurring security risk in the crypto sector, where compromised websites are often used to trick users into signing malicious transactions that grant attackers access to their funds.