BONKfun Recovers from Domain Hijacking Attack with Reimbursement Plan

A recent domain hijacking attack on crypto platform BONKfun highlights the persistence of social engineering threats in the decentralized finance (DeFi) space.

The breach occurred on March 11, when a malicious actor manipulated BONKfun's domain service provider through social engineering. This allowed the attacker to transfer the domain to an external registrar without authorization, effectively cutting off the team from quick recovery options.

Over the course of one week, users suffered approximately $30,000 in losses due to the wallet drainer deployed on the hijacked site. However, the team quickly responded by disabling the site and coordinating with major wallet providers to flag the domain as malicious.

BONKfun has since recovered the domain and relaunched the site, promising to reimburse affected users at 110% of their losses to account for opportunity costs incurred during the downtime period. This approach reflects the team's commitment to accountability after the attack.