The one thing that remains constant in the crypto market, whether it’s booming or not, is hacks. On Thursday, hackers took over the domain of Bonk.fun, the Solana token launchpad backed by Raydium and BONK, and installed a wallet drain there.
Operator Tom announced the hack to the community via his X account @SolportTom. “Do not use the domain until further notice, hackers hacked into a team account resulting in a loss of the DOMAIN,” he said. Bonk’s official X handle confirmed the same.
This breach highlights the continued vulnerabilities of cryptographic interfaces, even as institutional participation booms and ecosystems expand.
Phishing attacks like this, which trick users into signing malicious prompts on hacked domains, have plagued crypto. By 2025, these scams have reached record levels, with fraudulent entries approaching $17 billion, amid a 1,400% increase in AI-based identity theft and “pig butchery” schemes.
The damage caused by the Bonk.fun hack remains apparently minimal so far. Tom said that connections made to bonk.fun remain secure, as do transactions executed through third-party terminals. Only those who signed a fake terms of service message on the compromised site after the breach were affected, and early community alerts appear to have limited the damage.
“We are doing everything in our power to remedy the situation,” the operator said, prioritizing users who have trusted the platform over the past eight months. The operator did not disclose the exact dollar amount of losses, but stressed that the incident was quickly detected.
