Users report losses as hackers plant crypto-draining malware in BonkFun's official domain

Malicious actors seized BonkFun’s official domain on Wednesday and installed a crypto-draining malware, resulting in the loss of funds. It is still unclear how many victims have suffered from the phishing attack and how much has been lost. 

The BonkFun hackers planted a crypto-draining script on the BonkFun domain, disguised as a standard interaction mimicking compliance requests, and began draining funds from unsuspecting users.

Upon visiting the website, oblivious users are presented with fake compliance requests that, once signed, grant attackers access to their wallets and empty them in seconds.

BonkFun’s domain attacked as crypto-related phishing scams gain steam

BonkFun cautioned users not to interact with the website or access their accounts using the launchpad’s domain until the team had secured the domain. The platform has not yet confirmed how many users were affected by the hack or the value of the crypto assets the hackers drained from unsuspecting victims.

Tom, the launchpad’s operator, advised that users who had previously connected to BonkFun will not be affected. He also added that those who trade bonk fun tokens on terminals will also not be affected.

According to Tom, the crypto drainer only affected users who signed a fake terms-of-service message on the launchpad’s domain. The operator mentioned that the team quickly noticed the hack and that the message spread quickly, noting that the losses are minimal.

“We understand a lot of people are scared and rightly so but we’re doing everything in our power to fix the situation,” Tom said. “Our main priority will always be the users who have trusted us to use the platform over the last 8 months.” 

Phishing attacks in the crypto sector have grown significantly in recent years. Security reports indicate that the scams are now more sophisticated, using AI to impersonate victims and engage in pig butchering schemes.

Malicious actors now use generative AI to curate fake investment websites, generate fake phishing emails, and create realistic chatbots that take advantage of oblivious victims surfing the internet. 

In 2025 alone, phishing attacks cost victims more than $17 billion, a 1,400% surge from the previous year. In November, the phishing attacks resulted in over $5.8 million in losses, down from $28 million recorded in October 2025. 

The occurrence comes at a difficult time, as the crypto market faces significant uncertainties. Solana is down 5.47% over the last seven days, despite a 1.5% surge over the last 24 hours. Bitcoin is down 3.59% over the last week and currently trades at $70,023.

The smartest crypto minds already read our newsletter. Want in? Join them.