Bonk.fun Domain Hijacked in Wallet Drainer Attack on Solana Users
Solana-based memecoin launchpad Bonk.fun warned users to avoid its website after attackers hijacked the platform’s domain and deployed a wallet-draining scheme. The exploit targeted users through a fraudulent terms-of-service prompt designed to steal cryptocurrency.
The Bonk.fun account on X issued an urgent warning early Thursday, advising users not to interact with the website while the team worked to regain control. “A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything,” the project wrote in a post on X.
Tom, an operator behind Bonk.fun, explained that attackers gained access to a team account and used the compromised credentials to push a fake message. The malicious prompt was designed to trick visitors into signing a transaction that would drain funds from their wallets.
According to Tom’s follow-up posts, the exploit specifically targeted users who signed the fraudulent terms-of-service prompt that appeared on the site during the breach. Users who had previously connected wallets to Bonk.fun before the attack were not affected by the incident.
Additionally, traders who were interacting with Bonk-related tokens through external terminals remained safe from the wallet-draining attack. The exploit only affected users who visited the compromised website and signed the malicious prompt during the breach window.
Several users reported losses in replies to the warning posts on social media. One user claimed that approximately 50 Solana SOL had been drained from their wallet during the attack. Another user reported losing about 10 SOL to the wallet drainer.
Multiple other users came forward claiming varying amounts of losses, though the full extent of the damage remains unclear. Tom stated that the incident was contained quickly and that reported losses appear limited so far based on initial reports.
“We understand a lot of people are scared and rightly so but we’re doing everything in our power to fix the situation,” Tom added in his communications with affected users. The team has been working to secure the domain and prevent further unauthorized access.
Cointelegraph reached out to Tom for additional comment but had not received a response by the time of publication. The incident highlights ongoing security challenges facing cryptocurrency platforms and the importance of domain security.
Domain hijacking attacks have become an increasingly common vector for cryptocurrency theft. These attacks allow malicious actors to intercept traffic to legitimate websites and deploy phishing schemes or wallet drainers without needing to compromise the platform’s underlying infrastructure.
The Bonk.fun incident follows a pattern of similar attacks targeting cryptocurrency platforms through domain compromises. In such attacks, hackers typically gain access through compromised registrar accounts or social engineering tactics aimed at domain service providers.
Wallet drainers have emerged as one of the most prevalent threats in the cryptocurrency ecosystem. These malicious tools are designed to prompt users to sign transactions that grant attackers permission to transfer funds from connected wallets, often disguising the request as a routine authorization.
The speed of the Bonk.fun team’s response may have helped limit the overall damage from the attack. Quick warnings through social media channels allowed many users to avoid interacting with the compromised website before falling victim to the wallet drainer.
As the situation develops, users are advised to remain cautious when connecting wallets to any platform and to carefully review all transaction prompts before signing. Domain security remains a critical vulnerability point for cryptocurrency platforms, requiring robust authentication measures and monitoring systems.
The incident serves as a reminder that even legitimate cryptocurrency platforms can become vectors for attacks when their domains are compromised. Users should verify the authenticity of websites through multiple channels before interacting with any prompts or signing transactions.
More Reads:
DOJ Investigating Whether Iran Used Binance to Evade US Sanctions
Stani Kulechov Calls for DAO Evolution Following Governance Disputes
Discover more from Dipprofit
Subscribe to get the latest posts sent to your email.
