Solana-based memecoin launchpad Bonk.fun warned users after attackers hijacked the platform’s domain and deployed a wallet-draining scheme through the website. The team posted an alert on social platform X advising users not to interact with the site while the domain issue is being resolved. According to project representatives, the breach occurred after a malicious actor gained access to a team account linked to the domain.
The attackers reportedly inserted a fraudulent prompt designed to trick visitors into signing a malicious transaction disguised as a routine terms-of-service confirmation. Users who approved the transaction risked losing funds from their connected wallets. The project said previously connected wallets that did not interact with the prompt were not affected, and trading through external terminals involving Bonk-related tokens remained safe.
Several users reported losses following the incident, with some claiming that small amounts of Solana were drained from their wallets. Project representatives stated that the attack was contained relatively quickly and that overall losses appear limited so far. The event highlights ongoing security risks associated with compromised domains and malicious transaction prompts across decentralized applications.
