Bonk.fun Domain Hijacked in Wallet-Drainer Attack on Solana Launchpad
Bonk.fun, the Solana-based memecoin launchpad, was hit by a domain hijack on March 12 after attackers compromised a team account and deployed a wallet-draining script disguised as a routine terms-of-service prompt. The platform warned users to stay off the site entirely while recovery efforts were underway. At least one trader reported losses of $273,000 after connecting their wallet during the active attack window.
What Actually Happened
This was not a smart contract exploit. No protocol logic was broken. The attackers found a weaker target: a team member’s account, which gave them enough access to manipulate the front-end domain directly. Once inside, they pushed a fake TOS confirmation pop-up to every visitor. Sign it, and the drainer had permission to empty your wallet within seconds. Browser warnings flagged the site for suspected phishing, but by then the damage window was already open.
Platform operator Tom, posting from the handle @SolportTom, was direct about the scope. Users who had previously connected wallets to Bonk.fun were not at risk. Neither were traders using third-party terminals to interact with Bonk.fun tokens. The only affected group: people who signed that fraudulent prompt during the hijack window. Rapid detection and immediate community alerts kept total losses to what the team described as “minimal,” though no verified on-chain figure has been published. The $273,000 figure cited by Crypto.news remains the most significant individual loss reported so far.
A Platform Already Under Pressure
The timing is brutal. Bonk.fun launched in April 2025 under the name LetsBONK and briefly dominated Solana’s launchpad sector, capturing 84% market share by mid-2025. That dominance collapsed. By end of 2025, its share had fallen to roughly 7%, with monthly revenue around $84,000 compared to Pump.fun’s $720,000 over the same period. Pump.fun ran buyback programs, acquired infrastructure, and took back more than 70% of the market by February 2026. Bonk.fun had just eliminated creator fees entirely in a bid to recapture users. That produced a brief January bounce. Then this.
The $BONK token dropped nearly 1% in the immediate aftermath, a relatively muted reaction given the headline, though it occurred while the broader memecoin sector posted a 2.5% daily gain and the total meme market cap climbed back above $32 billion. Solana itself was trading at $86.88, up 2.73% on the day, as institutional momentum around Solana ETFs continued to build in the background. The contrast is sharp: ecosystem-level metrics looking healthy while one of its cultural flagship projects deals with an active security crisis.
The Bigger Pattern
Domain hijacking and front-end manipulation are not novel. They are industrialized. Chainalysis tracked approximately $17 billion in crypto scam losses across 2025, and the shift toward interface-level attacks reflects a rational adversarial logic: why crack a smart contract audited by three firms when you can compromise one person’s account credentials and own the domain?
The attack vector exploits something protocol security cannot fix: human trust in a familiar URL. Users see a site they know, a pop-up that looks routine, and they sign. That is the entire exploit. The blockchain did exactly what it was told.
Sentiment is a security surface. Every time a community trusts a platform enough to skip verification, that trust becomes a liability. Bonk.fun is now rebuilding on both fronts simultaneously. That is a hard position. How teams handle the recovery narrative matters as much as the technical fix, and right now, the narrative is wide open.
