TL;DR
- Bonk.fun, a Solana-based meme coin platform, was hijacked via a compromised team account
- Attackers deployed a malicious script displaying a fake terms of service message to drain wallets
- Users who signed the fake message report losses of between 10 and 50 SOL
- The Solana protocol itself and smart contracts were not affected — this was an attack against the website's frontend
Domain Hijacking Hits Popular Solana Launchpad
The Bonk.fun website — a launchpad for meme coins built on the Solana blockchain — was hijacked by unknown attackers on the night of March 12, 2026. According to technical analysis reported by CryptoNews, the attackers gained unauthorized access to a domain account associated with the platform's team, likely through phishing, social engineering, or stolen login credentials.
With control over the domain established, the attackers injected a wallet-draining script directly into the website's frontend.
Fake Terms of Service Were the Trap
The malicious script presented visitors with a seemingly routine terms of service message. Users who signed or interacted with this message granted the attackers the permissions needed to drain connected crypto wallets.
The attackers didn't need to hack smart contracts — they only needed to change what the user saw on the screen.
Security experts describe the attack as a classic "web2 infrastructure hacking" or "user interface attack": by altering the visual layer of the website, the attackers bypassed all protocol-level security and turned users' own clicks against them.
Only Those Who Visited the Site After the Hijacking Were Affected
Not all Bonk.fun users were affected. Only those who visited the compromised domain after the attack occurred, and who actively signed the fake terms message, are at risk. Users who had traded through external terminals or pre-connected wallets were not directly exposed, according to the technical review from CryptoNews.
Losses Reported — Total Extent Unknown
Several users have come forward with specific loss reports. One user claims to have lost around 50 SOL, another reports losses of approximately 10 SOL. As of today, the Bonk.fun team has not disclosed the total number of affected users or the overall financial loss. These figures should therefore be considered individual claims and not confirmed totals.
Figures on global phishing-related losses in the crypto industry in 2025, totaling nearly $17 billion as reported by CryptoNews, underscore that this type of frontend attack is a growing threat.
Team Quickly Warned via Social Media
Tom, one of the operators behind Bonk.fun and founder of the associated platform Letsbonk.fun, quickly issued a warning on X advising users to stay away from the Bonk.fun domain until the situation was under control. The official Bonk account on X confirmed the warning.
Attack Hits a Platform in Decline
The security incident came at an already challenging time for Bonk.fun. The platform held a market share of a full 84 percent of Solana's launchpad market in mid-2025 but fell to around 7 percent by the end of the same year — a decline largely attributed to competition from Pump.fun.
It is important to distinguish between the Bonk.fun platform and the BONK token. The BONK cryptocurrency itself, launched on the Solana blockchain in December 2022, is a separate entity and was not directly compromised by this attack. Smart contracts and the Solana protocol itself remained unaffected.
What Should Users Do?
Experts generally advise crypto users never to sign unknown messages or terms prompts from web-based platforms without thorough review. Using wallets with transaction simulation and consciously evaluating what permissions are granted can significantly reduce risk. Until Bonk.fun officially confirms that the domain is secure, users should refrain from visiting the website.
