The BONK.Fun platform has suffered a hack, sparking fresh concerns within the Solana ecosystem. Attackers gained control of the launchpad's domain and injected malicious scripts into the website, potentially endangering user funds. The incident occurred on Thursday, with malicious actors hijacking a team account associated with the platform and using the site to send out malicious notifications. The project team issued an urgent warning, urging users not to interact with the domain until security checks were complete.
This launchpad, built on Solana and known for allowing token creation without programming, temporarily became a risk point for wallet connections after the intrusion. Team members issued alerts to the community via official social channels, and the security team began investigating the breach. The incident demonstrates that even with expanding blockchain infrastructure, front-end attacks remain a threat to crypto platforms.
BONK.Fun Attack Details
The BONK.Fun hack originated when attackers gained control of a team account and used it to place a wallet drainer on the platform's domain. After the website was compromised, visitors were shown a fake terms of service message that appeared legitimate. Anyone who approved this notification unknowingly authorized a transaction that could remove funds from their connected crypto wallets.
This attack was carried out by tricking users into signing wallet requests, rather than breaching any blockchain security systems. The platform's official X account warned the community that "a malicious actor has compromised the BONKfun domain" and asked users not to interact with the website until security measures were restored. Tom, an operator associated with the project, also posted a warning on X.
He wrote that users should not use the domain until further notice, as hackers had hijacked a team account and forcibly injected a drainer on the domain. The team later explained that the incident only affected users who signed the fake terms of service message after the compromise. Wallets previously connected to the platform or tokens traded on external terminals were not affected.
BONK.Fun's Position in the Solana Launchpad Market
Prior to the attack, the BONK.Fun platform was rapidly growing within the Solana ecosystem. Launched in April 2025, BONK.Fun has received support from the BONK community and Raydium. The platform allows users to create and launch tokens through a bonding-based system without requiring programming knowledge.
Reasons for Decline in User Activity and Market Share Before the Breach
In the months leading up to the BONK.Fun attack, interest in the platform began to wane. Many users stated that,