Bonkfun, a community-governed token launchpad built on Solana and backed by Raydium and BONK, has warned users to avoid its website after attackers compromised an admin account and deployed a cryptocurrency drainer on its domain.
The breach represents a significant operational security failure for the platform, which serves as a launch venue for new Solana-based tokens. The hijacked domain now hosts malicious code designed to extract funds from users attempting to access the legitimate service. The incident underscores persistent vulnerabilities in decentralized finance infrastructure, where admin key compromise remains a critical attack vector despite advances in blockchain security practices.
Bonkfun did not immediately disclose the total value of funds at risk or confirm whether any user assets were successfully drained. The platform advised users to avoid the compromised domain entirely until further notice. This incident follows a pattern of high-profile platform compromises throughout 2026, raising questions about credential management and operational security standards across Solana's growing ecosystem.