Hackers plant crypto drainer in BonkFun Solana memecoin launchpad domain

Share:
March 12, 2026: BonkFun launchpad domain was hijacked and a crypto‑draining malware injected fake compliance/terms‑of‑service prompts; wallets that signed the prompt were drained, team says losses are minimal and only users who signed were affected. Operator Tom warned users not to access the domain, confirmed previously connected accounts and token trades on terminals were not impacted, and the team is securing the domain. Incident underscores rising crypto phishing and security risk (2025 phishing losses > $17B, +1,400% y/y; Nov losses $5.8M), raising DeFi/launchpad exposure and potential market impact (Solana -5.47% 7d; Bitcoin $70,023, -3.59% 7d).
Malicious actors seized BonkFun’s official domain on Wednesday and installed a crypto-draining malware, resulting in the loss of funds. It is still unclear how many victims have suffered from the phishing attack and how much has been lost.
The BonkFun hackers planted a crypto-draining script on the BonkFun domain, disguised as a standard interaction mimicking compliance requests, and began draining funds from unsuspecting users.
Upon visiting the website, oblivious users are presented with fake compliance requests that, once signed, grant attackers access to their wallets and empty them in seconds.
BonkFun’s domain attacked as crypto-related phishing scams gain steam
BonkFun cautioned users not to interact with the website or access their accounts using the launchpad’s domain until the team had secured the domain. The platform has not yet confirmed how many users were affected by the hack or the value of the crypto assets the hackers drained from unsuspecting victims.
Do not use the https://t.co/4xXs3cMJx0 domain until further notice, hackers have hijacked a team account forcing a drainer on the DOMAIN.
URGENT.
— Tom (@SolportTom) March 12, 2026
Tom, the launchpad’s operator, advised that users who had previously connected to BonkFun will not be affected. He also added that those who trade bonk fun tokens on terminals will also not be affected.
According to Tom, the crypto drainer only affected users who signed a fake terms-of-service message on the launchpad’s domain. The operator mentioned that the team quickly noticed the hack and that the message spread quickly, noting that the losses are minimal.
“We understand a lot of people are scared and rightly so but we’re doing everything in our power to fix the situation,” Tom said. “Our main priority will always be the users who have trusted us to use the platform over the last 8 months.”
Phishing attacks in the crypto sector have grown significantly in recent years. Security reports indicate that the scams are now more sophisticated, using AI to impersonate victims and engage in pig butchering schemes.
Malicious actors now use generative AI to curate fake investment websites, generate fake phishing emails, and create realistic chatbots that take advantage of oblivious victims surfing the internet.
In 2025 alone, phishing attacks cost victims more than $17 billion, a 1,400% surge from the previous year. In November, the phishing attacks resulted in over $5.8 million in losses, down from $28 million recorded in October 2025.
The occurrence comes at a difficult time, as the crypto market faces significant uncertainties. Solana is down 5.47% over the last seven days, despite a 1.5% surge over the last 24 hours. Bitcoin is down 3.59% over the last week and currently trades at $70,023.
There’s a middle ground between leaving money in the bank and rolling the dice in crypto. Start with this free video on decentralized finance.

