A fake terms-of-service pop-up. That was the weapon. Not a broken smart contract, not a compromised blockchain — just a dialogue box that looked like routine compliance language and emptied wallets within seconds of a signature.
On Wednesday, March 11, a malicious actor seized control of the Bonk.fun domain, the Solana-based memecoin launchpad. According to SolportTom, an operator connected to the platform, hackers compromised a team account and used it to push a wallet drainer directly onto the site’s front end. Visitors were met with what appeared to be a standard terms-of-service prompt. Anyone who signed it handed the attacker permission to drain their wallet immediately.
The platform confirmed the breach through its official X account. “A malicious actor has compromised the BONKfun domain,” the announcement read. “Do not interact with the website until we have secured everything.”
What the Attack Did — and Did Not — Hit
The scope matters here. SolportTom addressed the spread of misinformation directly: users who connected to Bonk.fun in the past were not affected. Users trading tokens through terminals or third-party interfaces were not affected. The only people exposed were those who signed the fraudulent terms-of-service message on the Bonk.fun domain during the active hijack window.
This was a front-end takeover, not a protocol failure. The underlying smart contracts were never touched. The attack exploited user trust in a familiar interface rather than any vulnerability in the blockchain infrastructure itself.
The team described losses as “minimal,” attributing the limited damage to rapid detection by developers. The exact dollar figure, verified through on-chain analysis, had not been confirmed at the time of reporting.
More Read
A Method That Is Becoming Routine
Domain hijacking of this kind is not new, but it is accelerating. According to Chainalysis, overall crypto scam losses reached approximately $17 billion in 2025. The shift toward attacking user interfaces rather than protocols reflects a deliberate choice by bad actors: security at the smart contract level has improved, so they target the front door instead.
The incident carries echoes of an earlier episode in which an Aave pricing oracle error caused approximately $26 million in wstETH positions across 34 accounts to be wrongfully liquidated. The mechanics differ significantly — one was a data feed error, the other a deliberate hijack — but the outcome for affected users was the same: funds lost through a technical failure outside their direct control.
The breach arrived at a difficult moment for BONK. The token dropped nearly 1% in the 24 hours following the news, after already losing 45% of its value over the past year. The broader memecoin sector posted a 2.5% daily gain during the same period, pushing total memecoin market cap back above $32 billion, with DOGE, PEPE, SHIB, and Memecore all recording gains.
Anyone who visited Bonk.fun in the past 24 hours should treat their session as potentially compromised. The platform’s official X account remains the only confirmed source for an all-clear signal before any user returns to the site.
Disclaimer: The information provided in this article is for educational and informational purposes only and does not constitute financial or investment advice.
Photo by Tima Miroshnichenko on Pexels
This article is a curated summary based on third-party sources. Source: Read the original article
