Bonk.fun, a Solana-based meme-coin launchpad, suffered a domain hijack. The attackers gained access to the site’s domain or hosting provider account and injected malicious code into the webpage. Rather than targeting smart contracts or blockchain vulnerabilities, the attack targeted centralized web infrastructure.
Bubblemaps, an on-chain analytics firm, identified roughly 35 wallets connected to the attack. The total loss was about $23,000 (approximately KRW 34.47 million). Some users claimed losses in the hundreds of thousands of dollars, but those figures have not been independently verified.
Security researchers and the community issued warnings once they recognized the phishing nature of the messaging, and Bonk.fun’s team told users to stop using the site. The team has since regained domain control and is conducting security checks. They emphasized that the incident did not involve the Solana network or related protocol vulnerabilities, and that the Raydium infrastructure and the BONK token were unaffected.
Leave a Reply