Users warned not to interact with the compromised Bonk.fun site after a malicious prompt drained crypto wallets.
Bonk.fun warns users after hackers deploy wallet drainer on its website
Photo Credit: Unsplash/Jefferson Santos
The website of Solana-based token launch platform Bonk.fun was hijacked by hackers who deployed a malicious wallet drainer designed to steal cryptocurrency from users. The platform warned the users not to interact with the website after the breach was discovered. As per the reports, after the attackers gained access to the domain, they managed to insert a fraudulent prompt that tricked users into signing a transaction that could drain funds from connected wallets. This incident shows the growing security risks that decentralised platforms and cryptocurrency users face.
The hackers managed to compromise a team-associated account linked to the Bonk.fun platform first. The attackers, having access to the account, were able to alter the website and display a fake “Terms of Service” message. Users unaware of the repercussions approved a malicious transaction that allowed the attackers to withdraw funds from their accounts. Later, the Bonk.fun team urged users to avoid visiting the site until the platform's security is fully restored.
In a post on X, the project operator Tom confirmed that the platform security is breached and said, “Do not use the bonk.fun domain until further notice”. Even though the platform said that the impact appeared limited because the breach was caught relatively quickly, many users reported losses after interacting with the compromised site.
A user reported that their wallet had been depleted of approximately 50 Solana SOL, or $86.12 (roughly Rs. 8,000), while another claimed to have lost roughly 10 SOL. A greater number of users reported different losses.
This incident comes at a time when phishing and social engineering attacks continue to target cryptocurrency users. Recently, security researchers warned about the “ClickFix” scam, in which hackers posed as meeting participants during fake Zoom calls to trick crypto executives into installing malicious software. By gaining access to wallets, private keys, or sensitive credentials, these attacks seek to compromise cryptocurrency platforms or steal digital assets.
Such incidents highlight the importance of verifying wallet approvals and avoiding suspicious prompts when interacting with decentralised applications. Before signing transactions with cryptocurrency wallets, users are frequently urged to carefully review the transaction permissions. A growing decentralised ecosystem calls for more attacks, targeting users and platforms, therefore increasing the need for stronger security practices across the industry.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.