Bonk.fun Domain Hijack Deploys Wallet Drainer on Solana Launchpad

Published: 2026-03-14 20:52:38 |

Bonk.fun, a Solana-based meme-coin launchpad tied to the BONK ecosystem, suffered a domain hijack that redirected users to a cloned site hosting a wallet-draining script. The attacker injected malicious code that presented a fake “Terms of Service” signature prompt; visitors who signed the prompt exposed wallet approvals and risked immediate fund drains. Operators (including BONK.fun staff and community figures) warned users not to interact with the domain until it was secured. Early detection limited exposure: users who were merely connected previously or who used third‑party trading terminals were reportedly not affected. No confirmed loss figures were available at the time of reporting. The incident continues a pattern of Web2 frontend compromises — via DNS, domain record changes, or expired domains — bleeding into Web3 and enabling approval-phishing and fake-UI attacks. For traders: avoid connecting wallets to compromised launchpads, verify domains and contract addresses, prefer direct contract interactions or trusted aggregators, revoke suspicious token approvals, check on-chain transaction history, and move assets to safe wallets when in doubt.

Bearish

The domain hijack and wallet-draining script pose direct, immediate risk to user funds within the BONK ecosystem and reduce trust in the Bonk.fun launchpad. For the native token(s) associated with the launchpad and meme-coin ecosystem, this typically depresses demand short-term as users pull funds, revoke approvals, and avoid interacting with affected platforms. Even without confirmed loss figures, the reputational damage and increased caution among traders and liquidity providers are likely to lower trading volumes and selling pressure on BONK-related tokens in the short term. Long-term impact depends on the platform’s remediation speed, transparency, and whether stolen funds or systemic vulnerabilities are found; quick containment and clear remediation could limit longer-term damage, while repeated breaches would sustain negative sentiment. Therefore the immediate price implication for the mentioned token ecosystem is bearish.