Hackers Hijack Bonk.fun Domain With Wallet-Draining Phishing

Bonk.fun, the Solana-based token launch platform, had its domain seized by hackers on Wednesday after attackers compromised a team account and pushed a wallet-draining phishing prompt directly through the site — prompting an urgent warning to users to stay off the platform entirely until the team regains control.

What Happened to the Bonk.fun Domain?

How did attackers drain wallets through Bonk.fun?

A team operator identified as Tom broke the news on X, confirming that a compromised team account gave attackers the foothold they needed. From there, they pushed a malicious prompt through the Bonk.fun domain asking visitors to sign what appeared to be a routine terms-of-service agreement. It wasn't. That signature, if approved, handed over transaction authorization — enough to wipe a connected wallet clean.

"Do not use the bonk.fun domain until further notice," Tom wrote Wednesday. "Hackers have hijacked a team account, forcing a drainer on the domain." Visitors who tried accessing the site later that night hit browser security warnings flagging it as a suspected phishing page — something independently confirmed by reporters at the time.

The only people affected were people who signed a fake TOS message on the bonkfun domain after the incident.

Why Wallet-Draining Phishing Attacks Hit Crypto Hard

This is the part that doesn't get enough attention. Wallet-draining phishing attacks work precisely because they exploit trusted interfaces — a domain you've visited before, a prompt that looks like standard onboarding. You're not clicking a suspicious link in an email. You're on a site you know, signing something that looks familiar. By the time you realize the signature was malicious, the funds are gone.

Bonk.fun said the team detected the attack quickly and that warnings spread across social media fast enough to limit the damage. Tom added that users who had previously connected wallets to the site — without signing the fake TOS prompt — are not at risk. The same goes for anyone who traded tokens from the platform through external terminals rather than the bonk.fun domain itself.

How Many Users Were Hit — and How Much Was Lost?

That's the question Bonk.fun hasn't answered yet. The team did not disclose how many users may have signed the malicious transaction or provide any estimate of total funds drained. "We understand a lot of people are scared and rightly so," Tom said in a follow-up post. "We're doing everything in our power to fix the situation."

The platform has been running for about eight months and operates as part of the broader BONK ecosystem built on Solana, where tokens are automatically burned with each transaction on the platform. A representative had not responded to requests for comment as of Wednesday evening.

The incident arrives alongside a separate, unrelated scam that's been circulating — physical letters impersonating hardware wallet makers Trezor and Ledger, complete with holograms, forged executive signatures, and QR codes pointing to malicious sites. Cybersecurity researcher Dmitry Smilyanets flagged those letters on X, noting their unsettling production quality. Different attack vector, same target: your seed phrase and your funds.