Cyberattack on Bonk.fun
On Wednesday, the token launch platform Bonk.fun, built on the Solana blockchain, fell victim to a cyberattack that saw its domain compromised. The incident has raised serious concerns among users, prompting the platform’s team to issue urgent warnings against engaging with the site.
Details of the Attack
A spokesperson known as Tom revealed on social media platform X that attackers had infiltrated one of Bonk.fun’s team accounts, which allowed them to distribute a deceptive message via the site. This malignant prompt urged users to accept a fraudulent terms-of-service agreement that would effectively permit access to their cryptocurrency wallets, potentially leading to significant financial losses.
Tom emphasized the seriousness of the situation, advising, “Do not use the bonk.fun domain until further notice. Hackers have hijacked a team account, forcing a drainer on the domain.”
Users attempting to visit Bonk.fun later in the day encountered security alerts from their browsers, highlighting potential phishing activities. Decrypt verified these warnings, indicating that the site had been flagged for suspicious behavior.
Impact on Users
The attack primarily impacted those who engaged with the malicious terms-of-service message after the account breach. Fortunately, the Bonk.fun team clarified that users who had merely connected their wallets to the platform prior to the incident or traded tokens through external services remained unaffected.
“The only people affected were those who signed a fake TOS message on the bonkfun domain after the incident,”
Tom stated in a subsequent update.
Response from Bonk.fun Team
Following the breach, the team worked swiftly to disseminate information across social media channels, aiming to minimize potential losses. Tom acknowledged the anxiety circulating among users, assuring them, “We’re doing everything in our power to fix the situation.”
At the moment, Bonk.fun has not released details about how many users might have been compromised or the total amount of funds potentially at risk. The platform has been operational for about eight months and is an integral part of the larger Bonk ecosystem on the Solana blockchain. As of now, no representative from Bonk.fun has responded to inquiries from Decrypt regarding further details of the attack.
