The Solana-based token launch platform Bonk.fun suffered a significant security breach on Wednesday, March 12, 2026, when hackers hijacked its domain and deployed a wallet-draining phishing prompt. The platform's operator, known as Tom, alerted the community via his X account (@SolportTom), warning users not to interact with the bonk.fun domain until further notice.
The attack was executed by compromising a team account, which allowed the attackers to force a malicious drainer onto the domain. The prompt asked users to sign a fake terms-of-service (TOS) message, which, if approved, would authorize transactions designed to drain funds from connected crypto wallets. Tom emphasized that only users who signed this bogus TOS message on the compromised site after the breach occurred were affected. Past wallet connections and trades executed through third-party terminals or external platforms like Raydium remained safe.
Browser security systems quickly flagged the site for suspected phishing, and swift community alerts across social media appear to have limited the damage. The Bonk.fun team stated the issue was detected rapidly, though they did not disclose the exact number of affected users or the total dollar value of losses. The platform, which has been operational for roughly eight months and is backed by the BONK and Raydium ecosystems, is working to resolve the situation. "We're doing everything in our power to fix the situation," said Tom, prioritizing users who have trusted the platform.
This incident underscores the persistent vulnerabilities in cryptocurrency frontends and the ongoing threat of phishing attacks, even as the broader ecosystem grows and attracts more institutional participation.
