BONK.fun suffered a serious security breach on Thursday after attackers compromised its domain and deployed a wallet drainer. Users’ funds were at an immediate risk. The team issued severe warnings through social media platforms.
The official account of BONK.fun on X confirmed that a hacker has accessed their domain. The team advised users to avoid interacting with the site until security is enabled in an effort to prevent further damage.
Tom, an operator at BONK.fun, provided further information on X. According to Tom, the attackers took control of a team account. They proceeded to add a wallet drainer on the BONK.fun domain. He repeated that users must avoid the site until further notice.
The attack seems to have targeted users who accepted a fake Terms of Service message on the compromised domain. Tom assured users that existing wallet connections were not affected. He also added that users who trade BONK.fun tokens on external terminals were not affected.
The incident highlights that frontends of crypto sites are still vulnerable. The attacker’s approach is to target the domains instead of the smart contracts.
These approaches are based on tricking users into approving malicious transactions. Even popular projects are vulnerable to these attacks.
BONK.fun was introduced in April 2025 by the BONK community and Raydium. It allowed users to create tokens without coding. The project utilized a bonding approach to launch tokens.
BONK.fun had a significant market share of 84% of Solana’s launchpad market at its peak. The project outperformed Pump.fun during that time. The project’s rapid growth generated a lot of buzz within the Solana ecosystem. Activity levels were high in the early months.
However, interest gradually declined as it became more difficult to attain rewards. The frequency of successful launches decreased. By the end of 2025, BONK.fun’s market share had dropped to 7%. Pump.fun started to gain strength during this time.
Revenue figures reflected the shift. BONK.fun earned $84,000. Pump.fun earned $720,000. The data indicate a change has occurred in the two platforms’ performance, and competition intensified.
Also Read: Scam Sniffer Warns Fake Influencers Are Stealing Crypto Funds
In early 2026, BONK.fun decided to lower its fees to 0%. The decision is intended to increase the number of creators using the platform. The platform started to gain more users. However, this boost is for a short time.
The attack is the latest in a series of frontend attacks in the crypto ecosystem. Recently, in November 2025, Aerodrome Finance was also a victim of a similar attack.
Hackers used the attack vector of redirecting users to false websites. Victims of the attack authorized harmful transactions in their wallets.
New scams involving MetaMask have also come to light. Scammers have been using false security notifications and two-factor authentication pages. X user SECUR3 fell victim to a scam after clicking on a false “MetaMask Urgent Update” notification. He lost $50,000 within seconds.
Source: X
The team behind platform stated that it is investigating the breach. The team also stated that protecting users remains its main focus. Further updates on the breach are expected once the domain is secured.
Also Read: Pudgy Penguins Holds $0.007 Support as Momentum Builds
