Bonk.fun Hack Exposes Solana Users to Wallet Drainer Attack

TheNewsCryptoPublicado em 2026-03-12Última atualização em 2026-03-12

Resumo

A security vulnerability on the Bonk.fun platform exposed Solana users to wallet drainer attacks. Malicious scripts were injected into the site, redirecting users to phishing pages that prompted them to approve transactions. These approvals allowed attackers to automatically drain tokens from users' wallets. The platform, which is used for meme token trading, was compromised, and users were deceived through fake reward claims and interface changes. Bonk.fun issued a warning on X, advising users not to interact with the site until it was secured. The developer team acted quickly to remove the malicious scripts and urged users to revoke any suspicious approvals. The incident raised concerns in the crypto community, though the prompt response helped mitigate potential damage.

The security vulnerability on Bonk.fun allowed malicious wallet drainer links to affect users who were not aware of the danger. Additionally, security experts detected the vulnerability after users encountered suspicious approval prompts while interacting with the Bonk.fun platform. The attacker injected malicious scripts to redirect users to phishing sites that demanded approvals from their connected wallets. These approvals allowed the malicious programs to drain the users’ tokens automatically from their wallets to the attacker’s addresses.

The exploit raised several concerns in the Solana ecosystem. The Bonk.fun is a site that interacts with the trading of meme tokens and the Decentralized Finance community. The attackers tried to deceive users by mimicking reward claims and token distribution through malicious interface changes. After the users accepted the request, the drainer would drain the assets from the users’ wallets within a matter of seconds.

The official X post of Bonk.fun said, “A malicious actor has compromised the BONKfun domain. Do not interact with the website until we have secured everything.”

Platform Response and Community Warnings

The developer community reacted quickly after the news became public. And immediately removed the malicious scripts that affected the Bonk.fun interface. The developer team immediately reviewed all integrations and external scripts associated with the interface that attackers might have exploited. The platform operators immediately alerted users to revoke any approvals made by malicious tokens. And to avoid clicking on unknown links shared in crypto-related groups. Blockchain investigators are closely monitoring the attacker’s wallets and all transactions associated with the exploit campaign.

Tom, the operator of Bonk.fun explained the issue on his X post. He expressed his answers saying, “We understand a lot of people are scared and rightly so, but we’re doing everything in our power to fix the situation.”

The crypto market took the incident seriously, as security vulnerabilities are a major concern for investors and affect the overall market sentiment. Meanwhile, market sentiment toward new meme token markets remained cautious. However, analysts argued that the quick response from the developer community could help limit potential damage. The potential damage that might be caused by a security incident involving a decentralized interface. The users of the Bonk interface alerted each other through social media networks, warning them of the phishing approvals that are being made by malicious tokens associated with the interface.

Highlighted Crypto News:

Metaplanet Launches Venture Arm to Expand Bitcoin Ecosystem Amid Market Volatility

TagsBlockchainBONKsecuritySolanaSolana (SOL)

Perguntas relacionadas

QWhat was the security vulnerability on Bonk.fun that affected Solana users?

AThe security vulnerability on Bonk.fun allowed malicious wallet drainer links to be injected, which redirected users to phishing sites. These sites then prompted users for approvals from their connected wallets, enabling malicious programs to automatically drain tokens from their wallets to the attacker's addresses.

QHow did the attackers deceive users on the Bonk.fun platform?

AThe attackers deceived users by mimicking reward claims and token distribution through malicious interface changes. After users accepted the approval requests, the drainer would drain the assets from their wallets within seconds.

QWhat was the official response from Bonk.fun regarding the domain compromise?

AThe official X post of Bonk.fun warned users, stating: 'A malicious actor has compromised the BONKfun domain. Do not interact with the website until we have secured everything.'

QWhat actions did the developer community take after the Bonk.fun exploit was discovered?

AThe developer community quickly removed the malicious scripts affecting the Bonk.fun interface, reviewed all integrations and external scripts for potential exploits, and alerted users to revoke any approvals made by malicious tokens and avoid clicking on unknown links.

QHow did the crypto market and community react to the Bonk.fun security incident?

AThe crypto market took the incident seriously as security vulnerabilities are a major concern for investors, affecting overall market sentiment. Users alerted each other through social media networks about phishing approvals, while analysts noted that the quick response from developers helped limit potential damage.

Leituras Relacionadas

Arbitrum Pretends to Be the Hacker, 'Steals' Back the Money Lost by KelpDAO

Title: Arbitrum Poses as Hacker to Recover Stolen Funds from KelpDAO Last week, KelpDAO suffered a hack resulting in nearly $300 million in losses, marking the largest DeFi security incident this year. Approximately 30,765 ETH (worth over $70 million) remained on an Arbitrum address controlled by the attacker. In an unprecedented move, Arbitrum’s Security Council utilized its emergency authority to upgrade the Inbox bridge contract, adding a function that allowed them to impersonate the hacker’s address and initiate a transfer without access to its private key. The council’s action, approved by 9 of its 12 members, moved the stolen ETH to a frozen address in a single transaction before reverting the contract to its original state. The operation was coordinated with law enforcement, which attributed the attack to North Korea’s Lazarus Group. Community reactions are divided: some praise the recovery of funds, while others question the centralization of power, as the council can upgrade core contracts without governance votes. However, such emergency mechanisms are common among major L2s. Despite the partial recovery, over $292 million was stolen in total, with more than $100 million in bad debt on Aave and remaining funds scattered across other chains. The incident highlights escalating security challenges in DeFi, with state-sponsored hackers employing advanced tactics and L2s responding with elevated countermeasures.

marsbitHá 3m

Arbitrum Pretends to Be the Hacker, 'Steals' Back the Money Lost by KelpDAO

marsbitHá 3m

iQiyi Is Too Impatient

The article "iQiyi Is Too Impatient" discusses the controversy surrounding the Chinese streaming platform IQiyi's recent announcement of an "AI Actor Library" during its 2026 World Conference. IQiyi claimed over 100 actors, including well-known names like Zhang Ruoyun and Yu Hewei, had joined the initiative. CEO Gong Yu suggested AI could enable actors to "star in 14 dramas a year instead of 4" and that "live-action filming might become a world cultural heritage." The announcement quickly sparked backlash. Multiple actors named in the list issued urgent statements denying they had signed any AI-related authorization agreements. This forced IQiyi to clarify that inclusion in the library only indicated a willingness to *consider* AI projects, with separate negotiations required for any specific role. The incident, which trended on social media with hashtags like "IQiyi is crazy," is presented as a sign of the company's growing desperation. Facing intense competition from short-video platforms like Douyin and Kuaishou, as well as Bilibili and Xiaohongshu, IQiyi's financial performance has weakened, with revenues declining for two consecutive years. The author argues that IQiyi is "too impatient" to tell a compelling AI story to reassure the market, especially as it pursues a listing on the Hong Kong stock exchange. The piece concludes by outlining three key "AI questions" IQiyi must answer: defining its role as a tool provider versus a content creator, balancing the "coldness" of AI with the human element audiences desire, and properly managing the interests of platforms, actors, and viewers. The core dilemma is that while AI can reduce costs and increase efficiency, it risks creating homogenized, formulaic content and devaluing human performers.

marsbitHá 56m

iQiyi Is Too Impatient

marsbitHá 56m

Jensen Huang Publicly Challenges Google and Amazon, Is the Chip Business Entirely Sustained by Anthropic?

In a candid interview, Nvidia CEO Jensen Huang challenged competitors like Google and Amazon, admitted past strategic errors, and criticized U.S. export controls on AI chips. He framed Nvidia’s role as turning “electricity in, tokens out,” emphasizing the complexity and value of AI inference. Huang dismissed rival custom chips like Google’s TPU and Amazon’s Trainium as inflexible and niche, claiming their growth relies heavily on clients like Anthropic. He also acknowledged missing early investment opportunities in OpenAI and Anthropic. On China, Huang warned that export restrictions risk pushing the country toward self-sufficiency and could cost U.S. leadership in AI. Finally, he explained Nvidia’s acquisition of Groq as a move to serve premium, low-latency token markets. Throughout, Huang emphasized ecosystem trust and Nvidia’s central role in global AI infrastructure.

marsbitHá 1h

Jensen Huang Publicly Challenges Google and Amazon, Is the Chip Business Entirely Sustained by Anthropic?

marsbitHá 1h

ARK's SpaceX IPO Investment Guide: $1.75 Trillion Valuation, 95x Price-to-Sales Ratio, Where Is the Money Going?

ARK Invest, a major investor in SpaceX, provides an analysis following SpaceX's confidential IPO filing on April 1, 2026, targeting a $1.75 trillion valuation and up to $75 billion in funding for a Nasdaq listing around June 2026. This would be the largest IPO in history. The valuation implies a price-to-sales ratio of ~95x based on ~$18.5B in projected 2025 revenue. ARK argues this reflects future potential, not current reality. Key drivers include Starlink, with over 10M users and $20B+ in 2026 revenue, launch services which have reduced costs by ~95% since 2008, and the strategic merger with xAI in February 2026, enabling vertically integrated AI and orbital computing. ARK’s investment thesis is based on SpaceX's proven execution of ambitious goals, like reusable rockets and global satellite internet. The firm notes that significant value creation often occurs pre-IPO, and its Venture Fund offers exposure to SpaceX’s earlier private stages. Post-IPO, the fund will manage the position per standard lock-up and rebalancing processes, maintaining flexibility to reinvest in other private innovations. The analysis is based on public estimates and ARK research; the S-1 filing is not yet public. This is not investment advice.

marsbitHá 1h

ARK's SpaceX IPO Investment Guide: $1.75 Trillion Valuation, 95x Price-to-Sales Ratio, Where Is the Money Going?

marsbitHá 1h

Stablecoin Hype Overblown? Moody’s Says Banks Aren’t In Danger

The article discusses the legislative stalemate in the US over the Digital Asset Market Clarity Act of 2025 (CLARITY Act), which aims to regulate crypto assets. A key point of contention is whether stablecoins should be allowed to pay interest, with crypto companies opposing a ban and banks supporting it. Moody's analyst Abhi Srivastava states that, for now, stablecoins do not pose a significant threat to traditional banks due to existing efficient payment systems and the current prohibition on yield-bearing stablecoins. This limits their appeal for pulling deposits from banks at scale. However, with the stablecoin market cap exceeding $300 billion and growth in tokenized assets, banks could face future pressure from deposit outflows. The crypto industry warns that failure to pass the bill could lead to stricter regulatory crackdowns. Negotiations continue with little progress, despite both sides desiring a resolution.

bitcoinistHá 2h

Stablecoin Hype Overblown? Moody’s Says Banks Aren’t In Danger

bitcoinistHá 2h

Trading

Spot
Futuros
活动图片

Categorias popularesright-arrow

Etiquetas Popularesright-arrow