Bonk.fun has warned users not to use the site after attackers took over its domain and pushed fake prompts that drained their wallets.
The domain of memecoin launchpad Bonk.fun, a Solana-based platform, was hijacked after attackers gained access to team accounts and deployed a wallet exfiltration scheme through the site.
X’s Bonk.fun account warned users early Thursday not to interact with the website while its team worked to secure the domain. “A malicious attacker has compromised the BONKfun domain. Please do not interact with the website until everything is secured,” the project wrote in a post on X.
According to X user Tom, who runs Bonk.fun, the attackers used the compromised access to push fake messages aimed at tricking visitors into signing malicious transactions.
Tom said in a follow-up post that the exploit targets users who signed a fraudulent terms of service prompt that appeared on the site during the breach. Users who had previously connected their wallets to Bonk.fun were not affected, and traders operating Bonk-related tokens through external terminals were also safe.
Related: Trust Wallet adds real-time fraudulent address checking for cryptocurrency users
Some users are reporting losses
Some users reported losses in replies to the warning post. One user claimed that around 50 Solana (SOL) was leaked from his wallet, while another said he lost around 10 SOL. Many more users complained of losses of varying amounts.
Meanwhile, Tom said the incident was quickly contained and the reported losses appear to be limited for now. “We understand that many people are scared, and rightfully so, but we are doing everything we can to resolve the situation,” he added.
Cointelegraph reached out to Tom for comment, but did not receive a response in time for publication.
magazine: Bitcoin could take 7 years to upgrade to post-quantum — BIP-360 co-author
