The BONK.fun platform, used for launching tokens on the Solana network, has warned users about a hack of its domain. Unknown actors gained access to the project’s admin account and placed a malicious script on the website that can withdraw funds from connected wallets.
The project team urged users to immediately stop interacting with the site until the security system is fully restored.
Users Face Risk of Losing Funds
According to the project, attackers gained control over the BONK.fun domain and used it to host a tool for stealing funds. This mechanism automatically initiates transactions after a user connects their wallet.
If a user interacted with the site after the hack, there is a risk of complete loss of funds in their wallet. The project team has not yet specified the exact scale of possible damage. The investigation is ongoing. The timeline for restoring the platform has not yet been announced.
The Incident Increases Pressure on the Platform
The hack occurred against the backdrop of an already noticeable decline in BONK.fun’s share of the token launch market on the Solana network. According to the analytics platform Dune, in mid-2025 the platform controlled about 84% of the market for such services. By the end of the year, its share had dropped to about 7%.
This is due to the rapid growth of the competing platform Pump.fun, which is actively attracting users with new tools and incentive programs.
Competition in the Token Launch Market Intensifies
Pump.fun managed to regain more than 70% of the market for token launch platforms on the Solana network by February 2026. This was facilitated by infrastructure updates, a token buyback program, and the purchase of the analytics service Kolscan.
The gap between the platforms is also evident in revenue. According to Dune Analytics, BONK.fun’s revenue by the end of 2025 had dropped to about $84,000, while Pump.fun was earning about $720,000.
Lowering Fees Did Not Help Win Back Users
At the beginning of 2026, BONK.fun tried to attract users by reducing the fee to zero. However, this step only had a short-term effect.
The platform’s revenue temporarily increased, but soon fell again. During this time, Pump.fun launched new user incentive programs and continued to strengthen its position.
What This Means for Users
The BONK.fun incident once again highlighted the vulnerability of platforms where users connect wallets to launch tokens or participate in new projects.
Such services can become targets for attacks, as they handle funds from a large number of users. Experts remind that when reports of a hack appear, you should immediately stop interacting with the site and revoke permissions for suspicious contracts.
What’s Next?
While the BONK.fun team investigates what happened, users are advised not to connect wallets to the platform.
If the project manages to restore infrastructure security, it will face a more difficult task — regaining user trust amid growing competition in the Solana token launch market.
Read More: Babylon and Ledger Introduce New Bitcoin Storage Format
