The official website of the Solana memecoin launchpad, Bonk Fun, has been hacked. A malicious actor took control of the domain on Wednesday March 11, deploying a wallet drainer disguised as a standard interaction.
The platform team has issued an urgent warning: do not interact with the site until further notice. Users who connect their wallet and sign the current prompts risk immediate theft of their assets.
As news of the BONK meme coin spreads, it has fallen almost 1% in the last 24 hours, following a disastrous year in which the Solana meme coin lost -45% of its value.
This is bad timing for a platform hack, as the meme coin sector saw a +2.5% daily rise, bringing the total market cap above $32 billion, with tokens like DOGE, PEPE, Memecore, and SHIB all showing green candles.
How did the malicious actor breach the Bonk Fun front-end?
The attack vector exploits user trust rather than the blockchain infrastructure itself. According to user X SolportTom, the platform operator, hackers hijacked a team account to force a drainer on the domain. This is not a smart contract failure; This is a frontal takeover.
Visitors to the site are currently greeted with a fake terms of service message. This pop-up, which mimics standard compliance requests, is the triggering mechanism.
If you sign this request, the protocol authorizes the attacker to empty your wallet, and this will happen within seconds.
“A malicious actor has compromised the BONKfun domain,” the platform announced via its official X account. “Do not interact with the website until we have everything secured.”
How much has been drained and who is affected
The Bonk.fun team did not confirm the amount of losses caused by the hack, but said the losses were “minimal”, attributing the low damage to the developers’ quick detection.
Only users who interacted with the fraudulent Terms of Service prompt during the active hack window were affected. However, the exact dollar amount verified by on-chain analysis remains pending.
AAVE ORACLE GLITCH TRIGGERS $26M IN INDUSTRIAL CLAIMS
A pricing oracle error on Aave caused approximately $26 million of wstETH positions across 34 accounts to be unfairly liquidated after the system reported an incorrect exchange rate, with affected users to be compensated. pic.twitter.com/qMbsAhQnnl
– Coinbureau (@coinbureau) March 11, 2026
AAVE ORACLE GLITCH TRIGGERS $26M IN INDUSTRIAL CLAIMSThis incident reflects broader risks in the sector, as an Aave oracle issue triggered liquidations earlier this year due to interface and data anomalies.
While the mechanisms differ, the result for user funds is the same: an unexpected loss due to a technical compromise.
Phishing attacks like this are becoming industrialized. According to Chainalysis, overall losses from crypto scams reached around $17 billion in 2025.
The move toward domain hijacking indicates that attackers are bypassing protocol security to directly target the user interface.
EXPLORE: Best Crypto Presales to Buy in 2026
What Bonk.fun Users Should Do Right Now
If you have visited Bonk.fun in the last 24 hours, assume that your session security has been compromised. Frontal attacks often bypass standard defenses, like the recent discovery by Ledger researchers of an Android flawtheft of wallet starting phrases demonstrates.
Follow these steps immediately:
- Disconnect your wallet: Remove Bonk.fun from your list of connected sites in your wallet settings.
- Revoke approvals: Use a tool like Revoke.cash to revoke all recent permissions granted to Bonk.fun contracts.
- Check your history: Verify that no unauthorized transfers have taken place.
“We understand that many people are afraid and rightly so, but we are doing everything in our power to remedy the situation,” SolportTom wrote.
Users must now sit back and wait for an official “green light” from the Bonk.fun X account before returning to the site.
If the site remains compromised for another 24 hours, the migration of users to competing launchpads like Pump.fun will likely accelerate, and Bonk.fun may struggle to recover what’s left of its user base.
If the team resolves the DNS hijacking quickly and repays “minimal” losses, trust could stabilize, but the pressure is now on operators to prove the domain is safe.
DISCOVER: The 16 Best Meme Coins to Buy in March 2025
The article Bonk Fun Website Hijacked: Live Exploit Drains User Funds appeared first on Cryptonews.
