The Bonk.fun platform, a prominent application within the Solana ecosystem, has issued an urgent security alert following a sophisticated cyberattack. On March 12, 2026, developers confirmed that malicious actors successfully hijacked administrative accounts to compromise the project's official domain. This breach has resulted in the injection of malicious software designed to drain digital assets from users' connected wallets.
Security Breach and Drainer Injection
According to a public statement issued by a team member identified as Tom on the X social media platform, the attackers managed to bypass security protocols to gain control over the internal systems. Once access was secured, the hackers integrated a "coin-stealing" program directly into the website's interface. This type of script typically triggers a malicious transaction request when a user attempts to connect a wallet or interact with a smart contract, leading to the total loss of SOL, BONK, and other SPL tokens.
- The hijacking occurred via compromised team accounts.
- The domain bonk.fun is currently considered unsafe for interaction.
- The injected script is a specialized drainer targeting Solana-based assets.
Emergency Protocols and User Safety
The development team has urged all community members to avoid the bonk.fun domain entirely until an official "all-clear" is provided. Users who have recently visited the site are advised to check their wallet permissions and revoke any suspicious approvals using security tools like Solflare or Phantom dashboard settings.
"Users should not use the bonk.fun domain temporarily, as hackers have hijacked team accounts and forcibly injected a coin-stealing program onto the domain,"
The team is currently working to regain full control of the web infrastructure and investigate the extent of the unauthorized access. No specific timeline for the restoration of services has been provided as the technical audit continues.
As the situation develops, this incident serves as a critical reminder of the persistent risks associated with domain hijacking and front-end vulnerabilities in the decentralized finance (DeFi) space. Investors are encouraged to follow official social media channels for real-time updates and to exercise extreme caution when interacting with web3 applications following reported security breaches.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.