BONK.fun relaunches after domain hijack, confirms $30K in losses

ambcryptoPublished on 2026-03-20Last updated on 2026-03-20

Abstract

BONK.fun has restored its website following a domain hijack incident that resulted in approximately $30,000 in user losses. The breach, caused by a social engineering attack targeting its domain service provider, led to an unauthorized domain transfer. The attackers did not compromise BONK.fun’s internal systems or codebase. A phishing interface was deployed, tricking users into signing malicious transactions. The team will reimburse affected users at 110% of their losses. Full functionality was restored by March 19, though some antivirus providers still flag the domain. BONK’s price remains weak, trading near $0.0000059. The incident underscores vulnerabilities in third-party infrastructure rather than protocol-level flaws.

BONK.fun has restored its website following last week’s domain hijack. They confirm that the incident stemmed from a third-party provider breach and resulted in approximately $30,000 in user losses.

In an update shared on 20 March, the team said the attack was caused by a social engineering exploit targeting its domain service provider, which led to the domain being transferred to an external registrar.

The provider has since accepted responsibility for the incident.

The team added that there was no compromise of BONK. fun’s internal systems, codebase, or team accounts. They framed the attack as an external infrastructure breach rather than a protocol-level failure.

BONK phishing attack traced to domain takeover

The breach allowed attackers to take control of the BONK.fun website and deploy a phishing interface that prompted users to sign malicious transactions.

Earlier reports linked the attack to a fake terms-of-service signature request, which enabled unauthorized wallet access.

Blockchain analytics platform Bubblemaps had initially estimated losses at around $23,000, but the BONK.fun team has now revised that figure to $30,000.

In response, the team said it will reimburse affected users at 110% of their losses, covering both direct losses and opportunity costs.

Recovery delayed by registrar transfer

BONK.fun said the unauthorized domain transfer significantly slowed its ability to respond, as the domain was temporarily beyond its reach.

The domain was eventually restored on 18 March, with full functionality — including wallet integrations — returning by 19 March.

Wallet providers, including Phantom, MetaMask, and Solflare, were among those that helped flag the compromised domain.

Site relaunches, but warnings remain

Although BONK.fun is now back online, the team noted that some antivirus providers still flag its primary domain.

As a workaround, users experiencing access issues have been directed to an alternative domain, which mirrors the platform’s functionality.

BONK price shows continued weakness

Market reaction to the incident has remained muted, with BONK’s price continuing a broader downtrend.

At the time of writing, the token was trading near $0.0000059, reflecting ongoing weakness since early March highs.

Source: TradingView

The chart shows limited recovery momentum following the exploit, suggesting that sentiment remains cautious despite the platform’s relaunch.

Final Summary

BONK.fun has relaunched after a domain-level breach, confirming $30K in losses and offering full reimbursement to affected users.

The incident highlights how third-party infrastructure, not smart contracts, remains a key vulnerability in crypto platforms.

Related Questions

QWhat was the cause of the BONK.fun domain hijack and how much were the user losses?

AThe domain hijack was caused by a social engineering exploit targeting BONK.fun's domain service provider, which led to the domain being transferred to an external registrar. The incident resulted in approximately $30,000 in user losses.

QDid the attack compromise any of BONK.fun's internal systems or codebase?

ANo, the team confirmed there was no compromise of BONK.fun's internal systems, codebase, or team accounts. They framed the attack as an external infrastructure breach.

QHow did the attackers exploit the hijacked domain, and what was the initial loss estimate?

AThe attackers deployed a phishing interface on the hijacked website that prompted users to sign malicious transactions. Blockchain analytics platform Bubblemaps initially estimated losses at around $23,000, which was later revised to $30,000 by the BONK.fun team.

QWhat compensation is BONK.fun providing to affected users and why was the recovery delayed?

ABONK.fun will reimburse affected users at 110% of their losses, covering both direct losses and opportunity costs. The recovery was delayed because the unauthorized domain transfer temporarily put the domain beyond the team's reach, slowing their response.

QWhat is the current status of the BONK.fun website and the BONK token's market performance?

AThe BONK.fun website has been restored with full functionality, though some antivirus providers still flag the primary domain, leading the team to provide an alternative domain for access. The BONK token continues to show weakness, trading near $0.0000059 with limited recovery momentum.

Related Reads

Ethereum Activity Soars: Active Addresses Set New Record

Ethereum has set a new all-time high in its 30-day moving average of active addresses, indicating a significant surge in user activity on the network. This increase occurred in February 2026, a period during which Bitcoin experienced a downturn—breaking the conventional pattern where address activity typically cools during bear markets. Despite this record engagement, the U.S. Ethereum spot ETFs have recently seen two consecutive days of net outflows, totaling over $191 million. Meanwhile, Ethereum’s price remains steady at approximately $2,100.

bitcoinist41m ago

Ethereum Activity Soars: Active Addresses Set New Record

bitcoinist41m ago

Gemini, Winklevoss Twins Hit With Class-Action Lawsuit Over Post-IPO Strategy Pivot, Stock Decline

Shareholders have filed a class action lawsuit in New York against crypto exchange Gemini, its co-founders the Winklevoss twins, and other executives. The suit alleges the company misled investors during its September 2025 IPO by presenting a growth strategy focused on expanding its user base and international presence. The complaint claims that just months after the IPO, Gemini abruptly pivoted its business model to prioritize prediction markets, announced a 25% workforce reduction, and exited key international markets in the UK, EU, and Australia. This "Gemini 2.0" strategy, announced in February 2026, allegedly caused the company's stock price to drop over 8%. The stock fell a further 12.9% following the departure of three senior executives and has declined more than 80% from its all-time high. The plaintiffs seek damages for significant losses suffered due to these alleged misleading statements and omissions.

bitcoinist2h ago

Gemini, Winklevoss Twins Hit With Class-Action Lawsuit Over Post-IPO Strategy Pivot, Stock Decline

bitcoinist2h ago

Bitcoin stalls at $70K – Why THESE signals cloud BTC’s market direction

Bitcoin's price has stalled around the $70,000 mark after a 5.44% monthly gain, with recent trading confined to the $69,000–$71,000 range. Mixed signals cloud the market direction. On one hand, exchange outflows and negative netflows from major platforms like Binance suggest accumulation, supporting the rally from $65,000 to $74,000. On the other, spot Bitcoin ETFs saw significant outflows of over $305 million from March 18–20, dampened bullish sentiment, and a low accumulation trend score of 0.094 indicate larger entities are distributing BTC. Additionally, the binary CDD metric signals that long-term holders may be preparing to sell, potentially leading to a sharp correction. While short-term gains are possible, the mixed signals advise caution for sustained upward momentum.

ambcrypto2h ago

Bitcoin stalls at $70K – Why THESE signals cloud BTC’s market direction

ambcrypto2h ago

XRP Ledger Gets AI Agent Payments Through Virtuals And t54

Virtuals Protocol and t54 have integrated "agent commerce" into the XRP Ledger, enabling AI agents to autonomously transact using XRP and RLUSD. The system combines Virtuals' Agent Commerce Protocol (ACP) for commercial workflows—including escrowed jobs, evaluator-based verification, and programmable settlement—with t54's x402 facilitator, which handles payment verification and settlement without traditional API keys or custodial wallets. This infrastructure allows AI agents to programmatically pay for services via standard web requests, leveraging the HTTP 402 payment standard. The collaboration, supported by RippleX, aims to create a native financial environment for autonomous agents, addressing needs like verifiable identity and real-time risk assessment.

bitcoinist3h ago

XRP Ledger Gets AI Agent Payments Through Virtuals And t54

bitcoinist3h ago

The Migration of Settlement Power: B18 and the Institutional Starting Point of On-Chain Banking

The article "The Migration of Settlement Power: B18 and the Institutional Starting Point of On-Chain Banking" discusses how traditional finance relies on settlement—not just transactions—to determine ownership of funds. While transactions are instantaneous, settlement requires time, counterparties, and system confirmation, during which users do not fully control their funds. In contrast, early DeFi (decentralized finance) focused on trading and liquidity while avoiding the fundamental question of who defines settlement in the absence of banks. B18, built on Coinbase’s on-chain infrastructure and operating on Base, aims to address this gap by transforming blockchain into a system that handles time, accounting, clearing order, and finality—functions traditionally managed by banks. B18 is not a typical DeFi protocol but an attempt to decouple banking from institutions and encode it into executable rules. Its capital structure reflects this ambition, with support from Paradigm and Wintermute Ventures at the protocol level, GSR Capital for market liquidity, FuturePay for real-world payment integration, and Base Ecosystem Fund builders who design the rules for fund recording, profit recognition, and liquidation conditions. Together, these layers form a new on-chain financial order where code, not institutions, governs settlement—shifting the power dynamics of finance. B18 represents the starting point of this migration. (Note: This is a submitted article and does not represent the views of ChainCatcher or constitute investment advice.)

marsbit4h ago

The Migration of Settlement Power: B18 and the Institutional Starting Point of On-Chain Banking

marsbit4h ago

Trading

Spot
Futures
活动图片

Hot Categoriesright-arrow

Hot Tagsright-arrow