The Bonk.fun platform, one of the leading memecoin launchpads in the Solana ecosystem, fell victim to a hacker attack on Wednesday. Unknown perpetrators took control of the official website domain, exposing users to real financial losses. It turned out that the attack method was classic phishing, only executed with a precision worthy of Legolas.
Bonk.fun – a player the community cares about
A malicious entity has taken over the BONKfun domain – do not interact with the site until we have everything secured
– informed the platform team via the official account on X.
Details of the attack were revealed by SolportTom, the operator behind the project. Hackers managed to take over the account of one of the team members and force the implementation of the so-called domain drainer – a malicious mechanism that steals funds from wallets. According to Tom, only users who signed a false message regarding acceptance of the website’s regulations were at risk. Sound familiar? This is classic phishing, but executed with surgical precision.
The good news is that the team detected the breach relatively quickly, which Tom assured kept losses to a minimum.
We understand that many people are scared, and rightly so, but we are doing everything we can to rectify the situation
– wrote the operator. There were no further updates as of 7:15 a.m. (1:15 a.m. EST).
The platform, originally operating under the name LetsBonk.fun, has built a strong position in the world of Solana-based memecoins. It offers lightning-fast token deployment, real-time trading based on tie curves, and automatic liquidity provision. Part of the generated fees goes to the purchase and burning of BONK tokens, which makes it part of the broader ecosystem of this project.
The creators put particular emphasis on the accessibility of the platform for people without technical background and loyalty to their user base.
Our main priority will always be the users who have trusted us over the last 8 months
– Tom emphasized.
Phishing is evolving. The industry hasn’t caught up yet.
According to Chainalysis data, total losses resulting from cryptocurrency fraud reached approximately USD 17 billion in 2025. Worse still, major criminal operations are becoming more organized and industrialized.
The Web3 industry is talking loudly about decentralization and security. Attacks like the one on Bonk.fun are a brutal reminder that the weakest link in the system is often not the protocol – but the person and the domain he administers.
