Solana-based memecoin launchpad Bonk.fun experienced a security breach earlier Wednesday, when unauthorized individuals gained control of its official website.
"A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything," the platform announced via its official X account.
X user Tom (SolportTom), known as the operator behind Bonk, warned earlier that hackers have "hijacked a team account forcing a drainer on the domain." Tom wrote that only users who signed a fake terms-of-service message on Bonk's website were affected.
The Bonk operator added that the losses from the hack were minimal, as the team spotted the security breach soon after it occurred.
"We understand a lot of people are scared and rightly so but we’re doing everything in our power to fix the situation," Tom wrote. As of 1:15 a.m. ET, there have been no further updates.
The platform, originally known as LetsBonk.fun, emerged as a key player in Solana's memecoin ecosystem by offering instant token deployment, real-time trading via bonding curves, and automatic liquidity provision. It uses a portion of fees to support buybacks and burns of the BONK token.
It places a major emphasis on its community and accessibility for non-technical users. "Our main priority will always be the users who have trusted us to use the platform over the last 8 months," Tom said on X.
Phishing attacks in crypto have become increasingly sophisticated and prevalent, driven by advancements in AI, the rise of wallet drainers, and tactics like domain hijacking, impersonation, and social engineering that exploit user trust rather than technical vulnerabilities.
According to Chainalysis, overall crypto scam losses reached around $17 billion in 2025, noting that major scam operations are becoming more industrialized.