BONK.fun has restored its website following last week’s domain hijack. They confirm that the incident stemmed from a third-party provider breach and resulted in approximately $30,000 in user losses.
In an update shared on 20 March, the team said the attack was caused by a social engineering exploit targeting its domain service provider, which led to the domain being transferred to an external registrar.
The provider has since accepted responsibility for the incident.
The team added that there was no compromise of BONK. fun’s internal systems, codebase, or team accounts. They framed the attack as an external infrastructure breach rather than a protocol-level failure.
BONK phishing attack traced to domain takeover
The breach allowed attackers to take control of the BONK.fun website and deploy a phishing interface that prompted users to sign malicious transactions.
Earlier reports linked the attack to a fake terms-of-service signature request, which enabled unauthorized wallet access.
Blockchain analytics platform Bubblemaps had initially estimated losses at around $23,000, but the BONK.fun team has now revised that figure to $30,000.
In response, the team said it will reimburse affected users at 110% of their losses, covering both direct losses and opportunity costs.
Recovery delayed by registrar transfer
BONK.fun said the unauthorized domain transfer significantly slowed its ability to respond, as the domain was temporarily beyond its reach.
The domain was eventually restored on 18 March, with full functionality — including wallet integrations — returning by 19 March.
Wallet providers, including Phantom, MetaMask, and Solflare, were among those that helped flag the compromised domain.
Site relaunches, but warnings remain
Although BONK.fun is now back online, the team noted that some antivirus providers still flag its primary domain.
As a workaround, users experiencing access issues have been directed to an alternative domain, which mirrors the platform’s functionality.
BONK price shows continued weakness
Market reaction to the incident has remained muted, with BONK’s price continuing a broader downtrend.
At the time of writing, the token was trading near $0.0000059, reflecting ongoing weakness since early March highs.
The chart shows limited recovery momentum following the exploit, suggesting that sentiment remains cautious despite the platform’s relaunch.
Final Summary
BONK.fun has relaunched after a domain-level breach, confirming $30K in losses and offering full reimbursement to affected users.
The incident highlights how third-party infrastructure, not smart contracts, remains a key vulnerability in crypto platforms.
