The official domain
for bonk.fun has been hijacked.
The official domain of the Solana ecosystem project, **bonk.fun**, has been **hijacked** following the **compromise of team account credentials**. The attacker injected **malicious signature requests** into the web interface, inducing users to authorize transactions through a fraudulent **Terms of Service (TOS)** prompt to drain wallet assets.
AUTOSEC.DEV
- Exploit Date: March 12, 2026
- Target: bonk.fun official domain and frontend website
- Target Overview: bonk.fun is a token issuance and trading interaction platform within the Solana ecosystem with high community engagement.
- Total Loss: None (Reported as of now)
- Attack Vector: Domain Hijacking
Incident Review and Technical Details
1. Attack Path
- Credential Breach: The attacker successfully compromised the bonk.fun team's internal administrative accounts, gaining control over domain settings or frontend code modification permissions.
- Malicious Frontend Deployment: After seizing control of the official domain, the attacker injected a malicious Asset Drainer script into the site's interface.
- Inducing Malicious Signatures: Users visiting the website were prompted to sign a message disguised as a "Terms of Service (TOS)" agreement. Once a user confirmed this signature in their wallet, their asset permissions were transferred to the attacker, resulting in the draining of funds.
2. Scope of Impact
- Affected Users: Specifically limited to users who visited the domain during the hijack period and interacted with the malicious TOS signature prompt.
- Safe Users: Users who had previously connected their wallets but did not perform any actions during the incident, as well as those trading tokens via third-party terminals or Telegram bots, remain unaffected.
3. Official Determination
As the attack occurred at the frontend presentation layer, the backend smart contracts themselves were not breached. The protocol's core logic, tokens, and liquidity pools remain secure.
4. Investigation Progress
The project team has issued an emergency notification, strictly advising users to avoid the domain until an official recovery announcement is made. Efforts are currently underway to regain full control of the frontend and administrative access.
AUTOSEC.DEV Solution: Building a 360-Degree Defense
To counter hybrid attacks involving "Web2 Breach + Web3 Monetization," AUTOSEC.DEV provides comprehensive protection from code to personnel:
- Team OPSEC (Operations Security) Audit & Hardening: We provide enterprise-grade security training and configuration for core Web3 team members. We assist teams in deploying security hardware and risk detection software to increase the difficulty of social engineering attacks, while auditing password management protocols and device security policies.
- End-to-End Incident Response (IR): In an emergency, every second of confusion amplifies the loss. AUTOSEC.DEV provides standardized SOPs (Standard Operating Procedures) and rapid response services tailored to specific business needs to help projects mitigate losses quickly.
Service Content
- AUTOSEC.DEV - Security Awareness Training
- AUTOSEC.DEV - Incident Response Service
- AUTOSEC.DEV - Security Strategy & Planning