Bonk.fun Domain Seized by Hackers Who Deployed Wallet-Draining Malware

TLDR

• Hackers took control of Bonk.fun’s domain and deployed wallet-draining malware on the platform
• Users affected were those who approved a fraudulent terms-of-service prompt following the compromise
• Previously established connections and transactions through external terminals remained unaffected
• Originally branded as LetsBONK, the service went live in April 2025
• By late 2025, Bonk.fun’s market dominance plummeted from 84% to a mere 7%

On March 12, Bonk.fun—a Solana-powered meme coin launchpad supported by Raydium and the BONK token—issued an urgent alert advising users to steer clear of its website after cybercriminals hijacked a team member’s account and embedded wallet-draining malware into the domain.

Tom, the platform’s operator posting from the handle @SolportTom, disclosed the security incident on X and instructed users to avoid accessing the site pending resolution. The official Bonk X account echoed this warning.

According to Tom, the attack exclusively impacted users who approved a deceptive terms-of-service authorization on the compromised platform following the breach. Historical site connections and transactions executed via third-party trading interfaces remained secure.

An investigation into the incident is currently ongoing. While the team hasn’t revealed the total financial damage, Tom indicated that swift detection and rapid community notification helped contain the losses.

Launched in April 2025 through a collaboration between the BONK community and Raydium, Bonk.fun enables users to create tokens on Solana without any programming knowledge, utilizing dynamic logarithmic bonding curves. The platform previously operated under the name LetsBONK.

Bonk.fun’s Dramatic Market Share Collapse

In the months following its debut, the platform surpassed Pump.fun to capture 84% of Solana’s launchpad sector by mid-2025. This commanding position proved temporary.

By year-end 2025, Bonk.fun’s market control had crashed to merely 7%, based on analytics from Dune. Monthly revenue tumbled to approximately $84,000, while Pump.fun generated over $720,000 during the equivalent timeframe.

The downturn resulted from unsustainable reward systems and a deceleration in successful token deployments. Pump.fun countered by initiating substantial buyback programs, acquiring Kolscan, and enhancing its infrastructure capacity.

In early 2026, Bonk.fun eliminated creator fees entirely in an attempt to recapture users. This strategy produced a brief revenue surge toward the end of January 2026.

Platform Lost Traction Prior to Security Breach

The rebound was short-lived. Pump.fun introduced fresh incentive programs and recaptured more than 70% of the market by February 2026.

This breach fits within a wider trend affecting the cryptocurrency sector. Phishing operations that manipulate users into authorizing malicious transactions on compromised domains have been escalating. Throughout 2025, fraudulent proceeds from such schemes approached $17 billion.

The Bonk.fun team continues to advise all users against accessing the website until they can verify the platform’s security has been fully restored.

At the time of publication, no specific loss amount from the hack has been publicly disclosed.

The post Bonk.fun Domain Seized by Hackers Who Deployed Wallet-Draining Malware appeared first on Blockonomi.