BONK.fun has been hacked! Wallet stealer launched, user funds are directly at risk

Solana Meme Coin Launch Platform BONK.fun Issues Urgent Warning on X, Confirming Malicious Actor Has Hacked Its Domain and Deployed Wallet Drainer Software on the Platform, Urging All Users to Immediately Cease Any Interaction with the Website. The Incident Originated from an Internal Team Account Being Compromised, Allowing the Attacker to Directly Execute Wallet Draining Operations on the Platform Using the Stolen Account. The Platform Is Still Under Active Investigation and Has Not Provided a Specific Recovery Timeline.

Event Summary: From Account Leak to Wallet Drainer Deployment

The core vulnerability in this security incident was the compromise of an internal BONK.fun team member’s account. The attacker did not breach the platform’s external systems but exploited the legitimate credentials of a stolen account to deploy wallet draining software directly on BONK.fun’s launch platform. This “insider breach” approach is difficult to detect with standard external threat detection mechanisms before it occurs.

Wallet Drainers are malicious programs common in Web3 attacks, designed to automatically drain users’ on-chain assets when they interact with infected platforms (such as authorizing transactions or connecting wallets). Users who interacted with BONK.fun during the incident face the immediate risk of complete wallet fund depletion, and due to the irreversible nature of blockchain transactions, losses are nearly impossible to recover through conventional means.

BONK.fun announced on X immediately after discovering the breach, urging all users “to refrain from any interaction with the site until safety is confirmed,” and stated that a full investigation is underway.

Market Context: Security Crisis and Market Share Collapse Under Double Pressure

This security incident occurs amid BONK.fun’s significant loss of market share. Data from Dune Analytics shows that BONK.fun’s share of the Solana launch platform market plummeted from a peak of 84% in mid-2025 to about 7% by the end of 2025, almost entirely ceding dominance to competitor Pump.fun.

Financially, by the end of 2025, BONK.fun’s monthly revenue had fallen to approximately $84,000, while Pump.fun’s monthly revenue reached $720,000. Facing this competitive pressure, BONK.fun adopted an aggressive strategy at the start of 2026, reducing fees to 0%, which temporarily boosted revenue. However, Pump.fun responded with targeted new user incentives, quickly eroding BONK.fun’s advantage.

Pump.fun’s resurgence was driven by actions such as token buybacks, platform upgrades, and acquisitions like the influence-tracking tool Kolscan, allowing it to regain over 70% of the Solana launch platform market share by February 2026.

Broader Security Lessons: Multiple Risks in Token Launch Platforms

The BONK.fun incident highlights a critical weakness in token launch platform security: a single internal account’s credential leak can directly pose immediate financial threats to all active users. Without multi-factor authentication, multi-signature execution, or operational review processes, an intruded account can threaten user funds across the entire platform.

This event has further damaged trust in the Solana meme coin ecosystem and may accelerate user attrition from BONK.fun. Even if the technical issues are resolved, rebuilding user confidence typically requires a longer recovery period.

Frequently Asked Questions

Q: What should I do if I connected my wallet during the BONK.fun breach?
Immediately take the following steps: first, revoke all permissions granted to BONK.fun for your wallet (using tools like Revoke.cash); second, if you signed any suspicious transactions, transfer remaining assets to a new, unlinked wallet address; third, follow official channels (BONK.fun’s official X account) for the latest security updates. Do not access the site again until safety is confirmed.

Q: Why did BONK.fun’s market share drop from 84% to 7%?
After mid-2025’s peak, BONK.fun faced multiple challenges: Pump.fun continuously iterated on features and launched new user incentives; BONK.fun failed to maintain a sustained competitive edge in innovation and user experience; meanwhile, Pump.fun’s acquisition of Kolscan and other influence-tracking tools created a closed-loop ecosystem that attracted creators and early users more effectively, leading to its market share rebound.

Q: Are security risks in token launch platforms a common industry problem?
Yes, many such platforms underinvest in infrastructure and security protocols, especially during rapid growth phases. A single account leak enabling wallet drainer deployment reflects a lack of multi-signature protections and least-privilege principles in critical operations. This incident should serve as a catalyst for the industry to systematically review account security and operational review processes.