- Security experts discovered malicious code on Bonk.fun that exposed users to potential wallet-draining attacks.
- However, security experts have expressed fears that users of decentralized sites remain vulnerable to phishing attacks due to a lack of interface security protections.
The security vulnerability on Bonk.fun allowed malicious wallet drainer links to affect users who were not aware of the danger. Additionally, security experts detected the vulnerability after users encountered suspicious approval prompts while interacting with the Bonk.fun platform. The attacker injected malicious scripts to redirect users to phishing sites that demanded approvals from their connected wallets. These approvals allowed the malicious programs to drain the users’ tokens automatically from their wallets to the attacker’s addresses.
The exploit raised several concerns in the Solana ecosystem. The Bonk.fun is a site that interacts with the trading of meme tokens and the Decentralized Finance community. The attackers tried to deceive users by mimicking reward claims and token distribution through malicious interface changes. After the users accepted the request, the drainer would drain the assets from the users’ wallets within a matter of seconds.
The official X post of Bonk.fun said, “A malicious actor has compromised the BONKfun domain. Do not interact with the website until we have secured everything.”
A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything.
— BONK.fun (@bonkfun) March 12, 2026
Platform Response and Community Warnings
The developer community reacted quickly after the news became public. And immediately removed the malicious scripts that affected the Bonk.fun interface. The developer team immediately reviewed all integrations and external scripts associated with the interface that attackers might have exploited. The platform operators immediately alerted users to revoke any approvals made by malicious tokens. And to avoid clicking on unknown links shared in crypto-related groups. Blockchain investigators are closely monitoring the attacker’s wallets and all transactions associated with the exploit campaign
Tom, the operator of Bonk.fun explained the issue on his X post. He expressed his answers saying, “We understand a lot of people are scared and rightly so, but we’re doing everything in our power to fix the situation.”
To answer the concerns I’m seeing:
-
No if you connected to bonk fun in the past you’re not affected
-
No if you trade bonk fun tokens on terminals etc you’re not affected
-
The only people affected were people who signed a fake TOS message on the bonkfun domain after…
— Tom (@SolportTom) March 12, 2026
The crypto market took the incident seriously, as security vulnerabilities are a major concern for investors and affect the overall market sentiment. Meanwhile, market sentiment toward new meme token markets remained cautious. However, analysts argued that the quick response from the developer community could help limit potential damage. The potential damage that might be caused by a security incident involving a decentralized interface. The users of the Bonk interface alerted each other through social media networks, warning them of the phishing approvals that are being made by malicious tokens associated with the interface.
Highlighted Crypto News:
Metaplanet Launches Venture Arm to Expand Bitcoin Ecosystem Amid Market Volatility
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Solana-Backed Super PAC Plans $8M to Support Jon Husted in Ohio Senate Race
The Sentinel Action Fund, supported by the Solana Foundation, will invest $8 million to aid Republican Senator Jon Husted in the Ohio Senate race against Sherrod Brown, who opposes crypto. Husted is known for advocating pro-crypto legislation.
GateNews3h ago
Bitcoin, Ethereum and Solana ETFs Record Positive Net Inflows on April 15
Gate News message, according to the April 15 update, Bitcoin ETFs recorded a single-day net inflow of 4,566 BTC (approximately $337.41 million) and a 7-day net inflow of 6,753 BTC (approximately $499.04 million). Ethereum ETFs saw a single-day net inflow of 23,405 ETH (approximately $54.37 million)
GateNews19h ago
Y Combinator USDC investment on Solana
Y Combinator has completed its first venture capital investment paid entirely in stablecoins, settling $500,000 in USDC on the Solana blockchain for prediction-markets startup Totalis. The transaction, reported on April 13, 2026, marks a concrete shift in how the world’s most influential startup
CoincuInsights04-15 09:07
Circle Mints 750M USDC on Solana in Past 24 Hours
Gate News message, April 15 — Stablecoin issuer Circle minted 750 million USDC on the Solana blockchain in the past 24 hours.
GateNews04-15 05:48
Fed Chair Nominee Kevin Warsh Discloses Investments in Solana, Optimism, and Compound
Kevin Warsh, nominated for Federal Reserve Chair, has disclosed investments in various crypto projects including Solana and Compound. Experts believe he likely invested indirectly through digital asset-focused funds ahead of his confirmation hearing.
GateNews04-15 05:23
Gate’s “Crazy Wednesday” is live with a hot launch. Complete tasks to win XRP and Glenfiddich whisky. For USDT savings, earn up to 100% APY. For BTC/ETH/SOL staking, earn up to 16% mining APY.
Gate News message, according to Gate’s official announcement on April 15, 2026
Gate launches a “Crazy Wednesday” campaign, running from April 15, 2026 at 14:00 to April 19, 2026 at 16:00 (UTC+8). Users complete multiple tasks to unlock mystery boxes, with a chance to win XRP tokens and Glenfiddich whisky. The mystery box tasks include multiple categories such as flash swaps, spot, and futures trading, as well as top-ups, invitations, and VIP upgrades, and each tier corresponds to a different number of mystery box openings.
Campaign Two launches a USDT wealth-management product, with a 14-day fixed-term annualized yield of 6%. New users can also participate in a 3-day product offering 100% annualized yield. In addition, Yu’e Bao also offers multi-currency wealth-management options such as USAT, USDD, 0G, and APT, with annualized returns of up to 300%. Campaign Three introduces a boosted rewards policy for staking users, offering up to a 16% annualized return for staking BTC, ETH, and SOL; for SOL staking, staking 0–1 coins can yield up to 16% annualized.
GateAnnouncement04-15 04:27
