Solana Platform Bonk.fun Compromised in Domain Hijack Once the attacker obtained access, malicious code was deployed to the bonk.fun frontend. Visitors were greeted with what looked like a routine “Terms of Service” update prompt — a digital handshake that turned out to be anything but routine.
Security researchers and community observers quickly flagged the behavior as phishing. Browsers soon began warning users that the domain could be malicious.
“A malicious actor has compromised the BONKfun domain,” the project posted. “Do not interact with the website until we have secured everything.”
![]()
Image source: X FAQ What happened to Bonk.fun? Bonk.fun suffered a domain hijack March 11, 2026, allowing attackers to inject a wallet drainer into the site’s frontend. How did the Bonk.fun hack work? Visitors were tricked into signing a fake Terms of Service message that granted attackers approval to drain tokens from connected Solana wallets. How many users were affected by the Bonk.fun exploit? Onchain analysis suggests about 35 wallets were compromised, with roughly $23,000 in crypto drained. Is the BONK token or Solana blockchain affected? No, the incident involved a website domain takeover and phishing script, not a vulnerability in Solana, BONK, or Raydium smart contracts. 
