The official web site for the Solana memecoin launchpad, Bonk Enjoyable, has been hijacked. A malicious actor seized management of the area on Wednesday (March 11), deploying a pockets drainer disguised as a normal interplay.
The platform’s workforce has issued an pressing warning: don’t work together with the web site till additional discover. Customers who join their wallets and signal the present prompts face rapid theft of their belongings.
A malicious actor has compromised the BONKfun area, don’t work together with the web site till now we have secured all the pieces.
— BONK.enjoyable (@bonkfun) March 12, 2026
As information of the BONK meme coin spreads, it has dropped practically 1% over the previous 24 hours, following a disastrous 12 months during which the Solana meme coin misplaced -45% of its worth.
It’s a unhealthy time for a platform hack, because the meme coin sector has loved a +2.5% every day pump, taking the whole market cap again above $32Bn, with tokens like DOGE, PEPE, Memecore, and SHIB all posting inexperienced candles.
How Did the Malicious Actor Breach the Bonk Enjoyable Entrance-Finish?
The assault vector exploits person belief somewhat than the blockchain infrastructure itself. Based on X person SolportTom, the platform’s operator, hackers hijacked a workforce account to pressure a drainer onto the area. This isn’t a sensible contract failure; it’s a front-end takeover.
Guests to the positioning are at the moment greeted with a faux terms-of-service message. This pop-up, which mimics customary compliance requests, is the set off mechanism.
To reply the considerations I’m seeing:
1. No in case you related to bonk enjoyable prior to now you’re not affected
2. No in case you commerce bonk enjoyable tokens on terminals and so on you’re not affected
3. The one individuals affected had been individuals who signed a faux TOS message on the bonkfun area after…— Tom (@SolportTom) March 12, 2026
Should you signal this request, the protocol grants the attacker permission to empty your pockets, and it’ll occur inside seconds.
“A malicious actor has compromised the BONKfun area,” the platform introduced through its official X account. “Don’t work together with the web site till now we have secured all the pieces.”
How A lot Has Been Drained and Who Is Affected
The Bonk.enjoyable workforce hasn’t confirmed how a lot was misplaced to the hack, however has acknowledged that losses are “minimal,” attributing the low harm to the builders’ speedy detection.
Solely customers who interacted with the fraudulent terms-of-service immediate through the energetic hijack window had been affected. Nevertheless, the precise greenback determine verified by on-chain evaluation stays pending.
AAVE ORACLE GLITCH TRIGGERS $26M IN WRONGFUL LIQUIDATIONS
A pricing oracle error on Aave brought on about $26million in wstETH positions throughout 34 accounts to be unfairly liquidated after the system reported an incorrect alternate price, with affected customers set to be compensated. pic.twitter.com/qMbsAhQnnl— Coin Bureau (@coinbureau) March 11, 2026
This incident mirrors broader dangers within the sector, as an Aave oracle glitch triggered liquidations earlier this 12 months resulting from interface and knowledge anomalies.
Whereas the mechanics differ, the outcome for person funds is equivalent: an sudden loss resulting from a technical compromise.
Phishing assaults like this have gotten industrialized. Based on Chainalysis, general crypto rip-off losses reached roughly $17Bn in 2025.
The shift towards area hijacking signifies attackers are bypassing protocol safety to focus on the person interface instantly.
EXPLORE: Greatest Crypto Presales to Purchase in 2026
What Bonk.enjoyable Customers Must Do Proper Now
When you have visited Bonk.enjoyable within the final 24 hours, assume your session safety was compromised. Entrance-end assaults usually bypass customary defenses, because the current discovery by Ledger researchers of an Android flaw enabling pockets seed phrase theft demonstrates.
Take these steps instantly:
- Disconnect your pockets: Take away Bonk.enjoyable out of your related websites listing in your pockets settings.
- Revoke approvals: Use a software like Revoke.money to revoke any current permissions granted to Bonk.enjoyable contracts.
- Test your historical past: Confirm that no unauthorized transfers have occurred.
“We perceive lots of people are scared and rightly so, however we’re doing all the pieces in our energy to repair the state of affairs,” SolportTom wrote.
Customers ought to now sit tight and look forward to an official “all-clear” from the Bonk.enjoyable X account earlier than returning to the positioning.
If the positioning stays compromised for one more 24 hours, person migration to rival launchpads like Pump.enjoyable will seemingly speed up, and Bonk.enjoyable could wrestle to regain no matter was left of its userbase.
If the workforce resolves the DNS hijack shortly and refunds the “minimal” losses, confidence could stabilize, however the strain is now on the operators to show the area is secure.
DISCOVER: The 16 Greatest Meme Cash to Purchase in March 2025
The publish Bonk Enjoyable Web site Hijacked: Reside Exploit Is Draining Person Funds appeared first on Cryptonews.