The one thing that remains constant in the crypto market, irrespective of whether it’s booming or not, is hacks. Thursday, hackers grabbed Bonk.fun’s domain, the Raydium- and $BONK-backed Solana token launchpad, and planted a wallet drainer there.
Operator Tom announced the hack to the community through his X account @SolportTom. “Do not use the http://bonk.fun domain until further notice, hackers have hijacked a team account forcing a drainer on the DOMAIN,” he said. Bonk’s official X handle confirmed the same.
The breach underscores persistent vulnerabilities in crypto frontends, even as institutional participation booms and ecosystems become bigger.
Phishing attacks like this one, which trick users into signing malicious prompts on hijacked domains, have plagued crypto. In 2025, these scams hit record highs, with fraudulent inflows nearing $17 billion amid a 1,400% surge in AI-powered impersonations and “pig butchering” schemes.
Damage from Bonk.fun hack supposedly stays minimal so far. Tom said that past connections to bonk.fun remain safe, as do trades executed through third-party terminals. Only those who signed a bogus terms-of-service message on the compromised site after the breach were hit and swift community alerts appear to have limited the damage.
“We’re doing everything in our power to fix the situation,” the operator said, prioritizing users who have trusted the platform for the past eight months. The operator did not disclose the exact amount of dollar losses, but emphasized that the incident was caught quickly.
$BONK’s X.
Source