The Bonk.fun team has warned users to avoid their website following a security breach where hackers used a compromised account to deploy a malicious wallet-draining prompt. While browser security systems have since flagged the domain for phishing, the team reports that quick detection likely limited the overall financial impact on the community.

On Wednesday, the Solana-based token launch platform Bonk.fun fell victim to a domain hijacking. The incident began when attackers gained control of a team member's account, allowing them to manipulate the site's interface directly. This unauthorized access was used to present visitors with fraudulent messages intended to compromise their digital assets.

An operator for the platform, identified as Tom, confirmed the breach in a public statement. He explained that the hackers used their access to push a phishing prompt through the legitimate bonk.fun domain. This method is particularly dangerous because it appears on the official site, potentially tricking even cautious users who trust the primary web address.

The specific mechanism used in the attack involved a fake terms of service agreement. Users who visited the site were asked to sign this message, which was actually a malicious script designed to authorize transactions. Once a user signed the prompt, the attackers gained the ability to drain the contents of any connected cryptocurrency wallets.

Following the initial breach, several browser security systems began flagging the website to prevent further access. The Bonk.fun team has been working to manage the fallout and has stated that the swift response to the hijacked account likely prevented more widespread losses. They continue to urge all users to refrain from interacting with the domain until further notice.

Phishing remains a significant and persistent threat within the cryptocurrency ecosystem. These attacks frequently rely on deceptive wallet-signing prompts that grant attackers direct access to private funds if a user inadvertently approves a request. This incident serves as a reminder of the risks associated with signing on-chain messages and the importance of verifying site security.

Source: Hackers Hijack Bonk.fun Domain To Deploy Wallet-Draining Phishing Prompt