Key Highlights
- BONK.fun users at risk after a team account hijack deployed a wallet drainer.
- Phishing attacks grow smarter, tricking users with fake sites and fake security alerts.
- Market share and revenue drops show how quickly crypto launchpads can lose traction.
BONK.fun, the Solana-based meme coin launchpad formerly known as LetsBONK, faced a critical security breach on Thursday. Attackers hijacked a team account and deployed a wallet drainer on the site, putting users’ funds at immediate risk.
“A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything,” the official handle on X said.
The team urged everyone to stop interacting with the platform until security is fully restored. Operator Tom warned on X, “Do not use the http://bonk.fun domain until further notice, hackers have hijacked a team account forcing a drainer on the DOMAIN.”
The incident primarily affected users who signed a fake Terms of Service message on the compromised domain. Tom clarified, “If you connected to bonk fun in the past you’re not affected. No if you trade bonk fun tokens on terminals etc you’re not affected.”
The breach highlights the persistent vulnerabilities in crypto frontends despite growing institutional adoption.
Background and market context
BONK.fun was launched in April 2025 with support from the BONK community and Raydium. This allowed users to launch tokens without any coding through a unique bonding system. The project initially gained traction quickly, grabbing 84% of Solana’s launchpad market share, leaving Pump.fun in its wake.
However, users began to lose interest as rewards became difficult to obtain and successful token launches were less frequent.
At the end of 2025, BONK.fun’s market share had declined to only 7%, whereas Pump.fun had managed to regain its footing through acquisitions and better scalability. Revenue had declined significantly to $84,000 from $720,000 for Pump.fun. BONK.fun reduced its fees to 0% in early 2026 to regain users’ interest in creating content. This led to a short-lived increase in users.
Rising threats in crypto security
Phishing attacks, similar to the BONK.fun wallet drainer, are also more sophisticated. For example, Aerodrome Finance was targeted by a front-end hack in November 2025. The attackers were able to redirect users to fake websites and trick them into approving malicious wallet transactions. To avoid the phishing attack, users had to use decentralized ENS domains rather than the regular websites.
In another instance, new types of MetaMask scam were recently identified. Scammers use the official security alert and display fake two-factor authentication pages. One of the scams was identified by X user SECUR3. The user lost $50,000 in just 10 seconds after clicking on the fake “MetaMask Urgent Update” link.
These incidents highlight how important it is for users to stay cautious. People should carefully check website addresses, avoid approving prompts on unverified sites, and use tools like Revoke.cash to cancel risky permissions.
Platforms also need to improve DNS and website security to prevent similar attacks. BONK.fun’s team is investigating the breach and has stated that protecting users remains their main focus.
Also Read: Ledger Finds Android Flaw That Could Expose Crypto Wallet Keys
