Solana Launchpad Bonk.fun Hit by Domain Hijack and Wallet-Draining Attack
Bonk.fun, a popular launchpad for Solana meme tokens, was briefly taken over by an attacker who redirected the site to a malicious page that attempted to drain connected wallets. The project confirmed the domain takeover this weekend and users reported suspicious behavior after visiting the site; as of reporting the domain remains compromised. The incident affected projects in the BONK and SOL ecosystems and underscores that front-end infrastructure — like domains and DNS — remains a critical centralization point for otherwise decentralized protocols.
The immediate risk is token loss for users who connected wallets or approved transactions on the hijacked page. Teams and traders should avoid interacting with the compromised domain and monitor official channels for a confirmed recovery and post-incident audit. This event is a reminder to treat front-end links cautiously, and it may prompt projects to adopt stronger domain protections and more robust out-of-band verification for token launches.