Bonk.fun Domain Hacked To Push Crypto Wallet Drainer
Bonk.fun has warned users against using the site after attackers hijacked the domain and pushed a fake wallet withdrawal request.
Solana-based platform memecoin launchpad Bonk.fun has been hacked after attackers managed to gain access to group accounts and deploy a wallet removal mechanism inside the site.
The Bonk.fun account on X warned users early Thursday not to interact with the website while the team works to secure the domain. “A malicious actor has compromised BONKfun's domain, do not connect to the website until we secure everything,” the project wrote in a post on X.
X user Tom, the operator behind Bonk.fun, used the compromised access to push a fake message designed to get the attackers to sign up for a malicious transaction.
In a follow-up post, Tom said they took advantage of users who had signed a fraudulent terms of service that appeared on the site at the time of the breach. Users who previously connected wallets to Bonk.fun were not affected, and merchants connecting to Bonk-connected tokens through external terminals were also safe.
Related: Trust Wallet adds real-time fraud address checks for crypto users
Some users report loss
Some users have reported losses in responses to warning posts. One user reported that approximately 50 Solana (SOL) were withdrawn from their wallet, while another reported that they lost approximately 10 SOL. Additional users have claimed damages of varying amounts.
Meanwhile, Tom said the incident was quickly contained and the reported losses appear to be limited so far. “We understand that many people are afraid, and rightly so, but we are doing everything we can to rectify the situation,” he added.
Cointelegraph reached out to Tom for comment but did not receive a response by press time.
Magazine: Bitcoin May Take 7 Years to Upgrade to Post-Quantum – BIP-360 Co-Author
