Svmuu News BONKfun team announced on platform X that its official website was maliciously attacked via social engineering on March 11. The attacker hijacked the BONKfun domain through the domain service provider and transferred it to an external registrar. The team confirmed that this incident was not caused by a breach of BONK or BONKfun's internal systems, codebase, or team accounts.
Following the incident, the team immediately took action: shutting down the website, coordinating with wallet service providers to flag the domain as malicious, and containing the impact on users. Thanks to @phantom, @solflare, @MetaMask, @_SEAL_Org, and other security partners for quickly spreading warnings.
This attack resulted in approximately $30,000 in losses for customers. The team will compensate affected users at 110% to cover potential opportunity costs.
Control over the BONKfun domain and its registration was fully restored around 5 PM ET on March 18. Core wallet provider functionality was restored on the evening of March 19, and the website is now securely back online. Currently, some antivirus software still flags the main domain as risky, and the team is actively addressing this.
For users unable to access the official website due to antivirus software, a backup domain is also available, offering the same functionality as the main site.