Hackers Hijack Bonk.fun Domain, Deploy Wallet-Draining Phishing Prompt
Hackers compromised the domain of Solana-based platform Bonk.fun, enabling them to deploy a wallet-draining phishing attack. Attackers gained access by taking over a team account and used the official site to prompt visitors to sign a fake terms-of-service message, authorizing unauthorized transactions from users’ crypto wallets. The Bonk.fun team warned users to avoid the domain until resolved and clarified only those who interacted with the prompt post-compromise were at risk. Users who previously connected wallets or traded Bonk-related tokens elsewhere are reportedly unaffected. The incident was detected and publicized quickly, helping limit losses, though Bonk.fun has not disclosed the number of affected users or the amount lost. The platform urged caution as they work to resolve the issue.
