Crypto Warning: Bonk.fun Domain Hack Exposes Solana Traders To Wallet Drain
A Crypto platform confirmed that their foremost area web site had been hacked, which uncovered its customers to a pockets draining exploit.
A No-Fun Crypto Hijack
It is a fact universally acknowledge that, irrespective of the scale of a world geopolitical disaster, hackers will proceed to ravage by means of the crypto market. This time, the sufferer was memecoin issuance platform Bonk.enjoyable. In a March 12 put up on the social community X, Tom (@SolportTom), one among its operators, warned the customers to not work together with the area “till additional discover”, as hackers had injected a crypto pockets drainer on it:
Do not use the https://t.co/4xXs3cMJx0 area till additional discover, hackers have hijacked a workforce account forcing a drainer on the DOMAIN.
URGENT.
— Tom (@SolportTom) March 12, 2026
The official X account of the Solana token launchpad, backed by Raydium and the BONK group, additionally introduced the hack and echoed Tom’s hanging warning:
A malicious actor has compromised the BONKfun area, don’t work together with the web site till we have now secured all the things.
— BONK.enjoyable (@bonkfun) March 12, 2026
Who Is Affected And How
Tom defined that the phishing rip-off arrange a faux “Terms of Services” (TOS) signature immediate which, when signed, allowed the drainer to maneuver the unaware person’s funds. According to Tom, the one customers compromised had been those who interacted with the faux TOS. He clarified that neither beforehand related customers nor merchants of bonk enjoyable tokens on third-party terminals had been affected. He additionally assured that the safety breach was noticed early so “the losses are minimal up to now”:
To reply the considerations I’m seeing:
1. No in the event you related to bonk enjoyable previously you’re not affected
2. No in the event you commerce bonk enjoyable tokens on terminals and so forth you’re not affected
3. The solely individuals affected had been individuals who signed a faux TOS message on the bonkfun area after…
— Tom (@SolportTom) March 12, 2026
This shouldn’t be a Raydium or BONK sensible contract exploit, however the case of a Web2 infrastructure failure that bled immediately into Web3. This kind of area hijacking and phishing drainer scripts work by the attackers taking on the frontend and presenting normal-looking prompts that abuse pockets approvals.
A Pattern Of Exploited Vulnerabilities
In latest years, approval-phishing and “faux UI” assaults have stolen billions of {dollars}: one Chainalysis investigation reported the quantity of $14 billion in on-chain rip-off inflows in 2025, with projections pointing above the $17 billion as extra wallets continued to be recognized.
As rip-off revenues develop and AI‑pushed impersonation scales, crypto safety in 2026 is much less concerning the excellent code and extra about defending all the things round it: from domains to social accounts, workers and customers decision-making. In February final 12 months, attackers hijacked Pump.enjoyable’s X account to push a faux PUMP token, as covered by our sister website NewsBTC. Not too way back, OG trader Sillytuna was drove out of the crypto market after a multimillion-dollar theft that mixed on-line handle poisoning and offline violent actions.
The instances are testing merchants on-line and offline, each inside and out of doors the bloc. As the crypto panorama grows extra advanced, merchants would do nicely to intensify their warning: desire direct contract interplay or trusted aggregators, and use instruments to observe and usually revoke token approvals.
Cover picture from Perplexity, SOLUSDT chart from Tradingview
