Bonk.fun issues urgent alert after domain takeover leads to wallet-draining scam
Following a domain hijacking incident, Bonk.fun has issued warnings advising users to avoid the platform as attackers deployed malicious wallet-draining prompts.
Attackers successfully hijacked the domain belonging to Bonk.fun, a Solana-based memecoin launchpad platform, after obtaining unauthorized access to a team member's account, subsequently implementing a sophisticated wallet-draining operation through the compromised website.
In the early hours of Thursday, the official Bonk.fun X account issued an urgent warning advising users to refrain from any interaction with the website as the development team worked diligently to regain control and secure the domain. "A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything," the project wrote in a post on X.
According to X user Tom, who serves as an operator for Bonk.fun, the malicious actors leveraged their unauthorized access to display a deceptive message aimed at deceiving site visitors into approving and signing a harmful transaction.
Tom provided additional clarification in a subsequent post, explaining that the security breach specifically impacted users who authenticated a counterfeit terms-of-service notification that was displayed on the platform during the time of the attack. Those who had connected their wallets to Bonk.fun prior to the incident remained unaffected by the exploit, and individuals trading Bonk-related tokens via external trading terminals were similarly protected from the attack.
Some users report losses
Multiple users have come forward reporting financial losses in response to the cautionary posts. A single user stated that approximately 50 Solana (SOL) had been extracted from their wallet, whereas another individual reported losing around 10 SOL. Additional users have claimed experiencing losses of different amounts.
On the other hand, Tom indicated that the security incident was successfully contained within a short timeframe and that the documented losses appear to be relatively limited at this stage. "We understand a lot of people are scared and rightly so but we're doing everything in our power to fix the situation," he added.
Cointelegraph reached out to Tom for comment but had not received a response by publication.