Bonk.fun warned users not to use its site after attackers hijacked the domain and pushed a fake wallet-draining prompt.
The domain of Solana-based platform memecoin launchpad Bonk.fun has been hijacked after attackers gained access to a team account and deployed a wallet-draining scheme through the site.
The Bonk.fun account on X warned users early Thursday not to interact with the website while the team worked to secure the domain. “A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything,” the project wrote in a post on X.
X user Tom, who is an operator behind Bonk.fun, said the attackers used the compromised access to push a fake message designed to trick visitors into signing a malicious transaction.
In a follow-up post, Tom said the exploit targeted users who signed a fraudulent terms-of-service prompt that appeared on the site during the breach. Users who had previously connected wallets to Bonk.fun were not affected, and traders interacting with Bonk-related tokens through external terminals were also safe.
Related: Trust Wallet adds real-time scam address checks for crypto users
Some users report losses
Some users reported losses in replies to the warning posts. One user claimed roughly 50 Solana (SOL) had been drained from their wallet, while another said they lost about 10 SOL. More users claimed varying amounts of losses.
Meanwhile, Tom said the incident was contained quickly and that reported losses appear limited so far. “We understand a lot of people are scared and rightly so but we’re doing everything in our power to fix the situation,” he added.
Cointelegraph reached out to Tom for comment but had not received a response by publication.
Magazine: Bitcoin may take 7 years to upgrade to post-quantum — BIP-360 co-author
