Bonk.fun warned users not to use its site after attackers hijacked the domain and launched a fake wallet request.
Solana-based platform memecoin launchpad’s domain Bonk.fun was stolen after attackers gained access to the team’s account and planted a plan to empty the wallet through the site.
The Bonk.fun account on X warned users not to interact with the website on Thursday while a team worked to secure the domain. “A malicious actor has hacked the BONKfun domain, please do not interact with the website until we secure everything,” the project wrote in a post on X.
User X Tom, the operator behind Bonk.fun, said the attackers used compromised access to push a fake message to trick visitors into signing up for a malicious transaction.
In a follow-up message, Tom said the exploit targeted users who signed a fraudulent terms of service request that appeared on the site during the breach. Users who had previously connected wallets to Bonk.fun were not affected, and merchants who interacted with Bonk-related tokens via external terminals were also safe.
related to: Trust Wallet adds real-time fraud address checks for crypto users
Some users report loss
Some users have reported losses in response to warning messages. One user claimed that around 50 Solana (SOL) were drained from their wallet, while another said they lost around 10 SOL. A large number of users have claimed losses of varying amounts.
Meanwhile, Tom said the incident was quickly contained and the reported casualties are still limited. “We understand that many people are afraid, and rightly so, but we are doing everything we can to rectify the situation,” he said.
Cointelegraph reached out to Tom for comment, but did not receive a response from the publication.
Magazine: Bitcoin May Take 7 Years to Upgrade to Post-Quantum – Co-author of BIP-360
