Audit log

Every state-changing event for BONK.fun: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-25 18:08:24Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,118,945

   sig

   3sjvbRzAZCC8…265HV7odcopyexplorer ↗

   hash

   DXmiKftRCoRR…CM12s8r2copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (19463 B) ▸

   {"actor":"system:backfill","investigation_id":"4e806f2b-5b8e-47a3-b0ec-336c97b71675","kind":"publish","page_slug":"bonk-fun","published_at":"2026-05-25T18:08:24.370Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"BONK.fun","sections":[{"content":"BONK.fun, formally branded LetsBonk.fun, is a permissionless meme coin launchpad built on the Solana blockchain. It launched on April 25, 2025, as a collaboration between the BONK community and the Raydium decentralized exchange protocol. The platform allows any user to create and deploy a Solana-based token without coding knowledge; it handles smart contract deployment and liquidity provisioning automatically. Each trade on the platform triggers a buyback-and-burn of the BONK token, embedding a deflationary mechanic into platform activity. A companion product, BonkBot, offers Telegram-native trading functionality with sniper tools and one-click execution for tokens listed on the launchpad. At its July 2025 peak, BONK.fun accounted for approximately 82% of Solana bonding-curve token launches, briefly surpassing Pump.fun as the dominant Solana launchpad. By late 2025, Pump.fun had recaptured market leadership; BONK.fun's share declined to roughly 7% by year-end 2025 before a revenue surge exceeding 600% was reported in early January 2026.","heading":"Platform Overview","severity":"low","sources":[{"credibility":2,"name":"LetsBONK.fun Complete Guide: Solana's New Leading Memecoin Launchpad Platform — CoinGecko","type":"research","url":"https://www.coingecko.com/learn/letsbonk-fun-solana-memecoin-launchpad-guide"},{"credibility":2,"name":"Solana Launchpad letsBONK.fun Sees 600% Revenue Surge in Early 2026 — KuCoin","type":"news_article","url":"https://www.kucoin.com/blog/en-solana-launchpad-letsbonk-fun-sees-600-revenue-surge-in-early-2026"},{"credibility":3,"name":"What is Bonkfun? 2025 Guide to Solana's Meme Token Launchpad — Soladex","type":"other","url":"https://www.soladex.io/project/bonk-fun"}]},{"content":"On March 11, 2026, a malicious actor executed a social engineering attack against BONK.fun's domain registrar, causing the domain to be transferred to an external registrar without authorization. The attackers used this control to replace the platform's legitimate frontend with a malicious version. The compromised frontend presented active users with a pop-up modal styled as a routine terms-of-service update. Users who clicked through and confirmed the prompt signed a transaction that granted the attacker-controlled address full spend permissions over their connected wallets — a technique consistent with the 'approval crasher' drainer pattern, which fabricates consent prompts to harvest unlimited token-transfer approvals. Solana smart contracts and the underlying protocol were not affected; the exploit was entirely a Web2 / frontend infrastructure failure. Platform operator Tom, identified on X as @SolportTom, issued a public warning on March 12 stating: 'Do not use the bonk.fun domain until further notice, hackers have hijacked a team account forcing a drainer on the DOMAIN.' A separate official platform post on X confirmed: 'A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything.' The team stated that only users who signed the fraudulent TOS message after the compromise were affected; users who had previously connected wallets or who traded solely through third-party terminals such as Jupiter or Raydium were not at direct risk.","heading":"March 2026 Domain Hijack and Wallet Drainer Incident","severity":"critical","sources":[{"credibility":1,"name":"Bonk.fun hacked: Domain hijacked, crypto drainer planted — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/03/12/bonk-fun-hacked-domain-hijacked-crypto-drainer-planted"},{"credibility":2,"name":"BONK.fun Team Account Breach Deploys Wallet Drainer on Solana Launchpad — BeInCrypto","type":"news_article","url":"https://beincrypto.com/bonkfun-hacked-wallet-drainer-solana/"},{"credibility":2,"name":"Bonk.fun warns hackers hijacked domain in wallet-drainer attack — CryptoNews.net","type":"news_article","url":"https://cryptonews.net/news/security/32545423/"},{"credibility":1,"name":"Bonk.fun's official website hijacked, draining user funds upon interaction — The Block","type":"news_article","url":"https://www.theblock.co/post/393345/bonk-fun-hijacked"},{"credibility":2,"name":"Bonk.fun Hack: Domain Breach Triggers Wallet Drainer Warning on Solana Memecoin Platform — Live Bitcoin News","type":"news_article","url":"https://www.livebitcoinnews.com/bonk-fun-hack-domain-breach-triggers-wallet-drainer-warning-on-solana-memecoin-platform/"}]},{"content":"The BONK.fun team confirmed total losses of approximately $30,000 stemming from the March 11–12, 2026 incident. At least one victim, identified online as 'dopamine,' reported a single-wallet loss of approximately $273,000; that figure has not been independently verified on-chain in available sources and may reflect an outlier or a pre-existing wallet state. The team described overall losses as minimal given the brief window of active exposure. No attacker wallet addresses have been publicly disclosed in available sources. The platform worked with wallet providers Phantom, Solflare, and MetaMask to circulate warnings and flag the malicious domain during the active incident window.","heading":"Confirmed Losses and Victim Reports","severity":"high","sources":[{"credibility":2,"name":"Bonk.fun users report drained wallets after hackers hijack platform domain — Crypto.news","type":"news_article","url":"https://crypto.news/bonk-fun-users-report-drained-wallets-after-hack/"},{"credibility":2,"name":"Bonk.fun Domain Hijacked, but Losses Limited to Fake TOS Signers — GNCrypto News","type":"news_article","url":"https://www.gncrypto.news/news/bonk-fun-domain-hijacked-wallet-drainer-fake-tos/"},{"credibility":2,"name":"BONK.fun relaunches after domain hijack, confirms $30K in losses — AMBCrypto","type":"news_article","url":"https://ambcrypto.com/bonk-fun-relaunches-after-domain-hijack-confirms-30k-in-losses/"}]},{"content":"The BONK.fun incident follows a documented pattern of crypto platform attacks that bypass on-chain security by targeting Web2 infrastructure. The attack vector was social engineering directed at the platform's domain registrar, causing the domain to be transferred to an attacker-controlled registrar on March 11, 2026. The original domain registrar later acknowledged responsibility for the unauthorized transfer, according to the platform's post-incident disclosure. Once domain control was obtained, attackers served a malicious frontend that replicated the legitimate site's appearance. The fake terms-of-service modal used in the attack is consistent with the 'approval crasher' drainer technique on Solana, which presents users with fabricated consent prompts — often styled as routine compliance steps — to obtain unlimited token-transfer permissions (SetAuthority or similar approval transactions). This class of attack exploits user trust in familiar UI patterns and is distinct from smart contract exploits; it requires no vulnerability in the underlying protocol. The incident highlights that Solana launchpad infrastructure, which depends on centralized Web2 domain and hosting layers, carries front-end attack risk as a systemic threat vector independent of on-chain security posture.","heading":"Attack Vector: Frontend Hijack via Domain Registrar Social Engineering","severity":"high","sources":[{"credibility":2,"name":"Bonk fun hack highlights front-end risks on Solana platforms — Cryptonomist","type":"news_article","url":"https://en.cryptonomist.ch/2026/03/12/bonk-fun-hack-frontend-risks/"},{"credibility":3,"name":"What Happened to Bonk.fun? The Hijack and What's Changed — Smithii","type":"other","url":"https://smithii.io/en/what-happened-bonk-fun/"},{"credibility":3,"name":"Bonk.fun Hack Explained: Phishing Attack Targets Solana Crypto Wallets — Medium","type":"community_report","url":"https://medium.com/@casi.borg/bonk-fun-hack-explained-phishing-attack-targets-solana-crypto-wallets-2d49dc1988ba"},{"credibility":2,"name":"BONKfun Relaunch After Hack With 110% Refund Plan — CoinGabbar","type":"news_article","url":"https://www.coingabbar.com/en/crypto-currency-news/bonkfun-relaunch-30k-hack-110-percent-refund"}]},{"content":"The BONK.fun team shut down the compromised domain and issued public warnings across social media shortly after detecting the intrusion on March 12, 2026. Domain control was restored on March 18, 2026, after coordination with the original registrar. The platform relaunched officially on March 19–20, 2026, following comprehensive security testing. The team confirmed that internal systems, code repositories, and team accounts remained uncompromised beyond the domain-layer breach. Post-relaunch, the platform announced a 110% refund plan for all confirmed affected users — full restitution of losses plus an additional 10% to compensate for opportunity costs. As of the relaunch, a detailed claims procedure had not yet been announced; affected users were directed to retain transaction proofs. New security measures included collaboration with wallet providers for real-time threat warnings and the introduction of an alternative access domain to mitigate antivirus flagging. The platform also introduced 'Balanced Mode,' routing 0.75% of post-bonding volume to liquidity pools and 0.25% to a creator reward pool distributed every 24 hours.","heading":"Platform Recovery and Remediation","severity":"medium","sources":[{"credibility":2,"name":"BONKfun Back Online After Hack, Promises 110% Refund to Users — Live Bitcoin News","type":"news_article","url":"https://www.livebitcoinnews.com/bonkfun-back-online-after-hack-promises-110-refund-to-users/"},{"credibility":3,"name":"What Happened to Bonk.fun? The Hijack and What's Changed — Smithii","type":"other","url":"https://smithii.io/en/what-happened-bonk-fun/"},{"credibility":3,"name":"BONKfun Recovers from Domain Hijacking Attack, Promises 110% Reimbursement — 211 Bitcoin","type":"news_article","url":"https://www.211bitcoin.com/litecoin-news/bonkfun-recovers-from-domain-hijacking-attack-promises-110-reimbursement-to-affected-users/"},{"credibility":2,"name":"BONK Fun Website Restored After Domain Hijack — Phemex News","type":"news_article","url":"https://phemex.com/news/article/bonk-fun-website-restored-after-domain-hijack-67962"}]},{"content":"BONK.fun experienced significant market share volatility in the year prior to the security incident. The platform held approximately 84% of Solana bonding-curve launchpad market share at its peak in mid-2025. By late 2025, following Pump.fun's recovery and the introduction of competing launchpad products, BONK.fun's share had declined to approximately 7%. A revenue resurgence was reported in early January 2026, with single-day fees reaching $352,793. The domain hijack on March 11, 2026 occurred against this backdrop of declining competitive position. The incident had a limited direct impact on the BONK token price, which declined approximately 0.9% in the 24 hours following the disclosure.","heading":"Competitive Position and Market Context","severity":"low","sources":[{"credibility":1,"name":"Solana memecoin launchpad war flips again as Pump takes top spot amid LetsBonk collapse — The Block","type":"news_article","url":"https://www.theblock.co/post/367266/solana-memecoin-launchpad-war-flips-again-as-pump-takes-top-spot-amid-letsbonk-collapse"},{"credibility":2,"name":"Solana Launchpad letsBONK.fun Sees 600% Revenue Surge in Early 2026 — KuCoin","type":"news_article","url":"https://www.kucoin.com/blog/en-solana-launchpad-letsbonk-fun-sees-600-revenue-surge-in-early-2026"},{"credibility":2,"name":"BONK.fun Team Account Breach Deploys Wallet Drainer on Solana Launchpad — BeInCrypto","type":"news_article","url":"https://beincrypto.com/bonkfun-hacked-wallet-drainer-solana/"}]}],"sources_used":[{"credibility":1,"name":"Bonk.fun hacked: Domain hijacked, crypto drainer planted — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/03/12/bonk-fun-hacked-domain-hijacked-crypto-drainer-planted"},{"credibility":2,"name":"BONK.fun Team Account Breach Deploys Wallet Drainer on Solana Launchpad — BeInCrypto","type":"news_article","url":"https://beincrypto.com/bonkfun-hacked-wallet-drainer-solana/"},{"credibility":1,"name":"Bonk.fun's official website hijacked, draining user funds upon interaction — The Block","type":"news_article","url":"https://www.theblock.co/post/393345/bonk-fun-hijacked"},{"credibility":2,"name":"Bonk.fun Hack: Domain Breach Triggers Wallet Drainer Warning on Solana Memecoin Platform — Live Bitcoin News","type":"news_article","url":"https://www.livebitcoinnews.com/bonk-fun-hack-domain-breach-triggers-wallet-drainer-warning-on-solana-memecoin-platform/"},{"credibility":2,"name":"BONKfun Back Online After Hack, Promises 110% Refund to Users — Live Bitcoin News","type":"news_article","url":"https://www.livebitcoinnews.com/bonkfun-back-online-after-hack-promises-110-refund-to-users/"},{"credibility":2,"name":"BONK.fun relaunches after domain hijack, confirms $30K in losses — AMBCrypto","type":"news_article","url":"https://ambcrypto.com/bonk-fun-relaunches-after-domain-hijack-confirms-30k-in-losses/"},{"credibility":3,"name":"What Happened to Bonk.fun? The Hijack and What's Changed — Smithii","type":"other","url":"https://smithii.io/en/what-happened-bonk-fun/"},{"credibility":2,"name":"Bonk.fun users report drained wallets after hackers hijack platform domain — Crypto.news","type":"news_article","url":"https://crypto.news/bonk-fun-users-report-drained-wallets-after-hack/"},{"credibility":2,"name":"Bonk.fun Domain Hijacked, but Losses Limited to Fake TOS Signers — GNCrypto News","type":"news_article","url":"https://www.gncrypto.news/news/bonk-fun-domain-hijacked-wallet-drainer-fake-tos/"},{"credibility":2,"name":"Bonk fun hack highlights front-end risks on Solana platforms — Cryptonomist","type":"news_article","url":"https://en.cryptonomist.ch/2026/03/12/bonk-fun-hack-frontend-risks/"},{"credibility":2,"name":"Bonk.fun warns hackers hijacked domain in wallet-drainer attack — CryptoNews.net","type":"news_article","url":"https://cryptonews.net/news/security/32545423/"},{"credibility":2,"name":"Bonk.fun users at risk after hackers hijack domain to deploy wallet drainer — Invezz","type":"news_article","url":"https://invezz.com/news/2026/03/12/bonk-fun-users-at-risk-after-hackers-hijack-domain-to-deploy-wallet-drainer/"},{"credibility":2,"name":"BONKfun Relaunch After Hack With 110% Refund Plan — CoinGabbar","type":"news_article","url":"https://www.coingabbar.com/en/crypto-currency-news/bonkfun-relaunch-30k-hack-110-percent-refund"},{"credibility":2,"name":"BONK Fun Website Restored After Domain Hijack — Phemex News","type":"news_article","url":"https://phemex.com/news/article/bonk-fun-website-restored-after-domain-hijack-67962"},{"credibility":2,"name":"LetsBONK.fun Complete Guide — CoinGecko","type":"research","url":"https://www.coingecko.com/learn/letsbonk-fun-solana-memecoin-launchpad-guide"},{"credibility":1,"name":"Solana memecoin launchpad war flips again as Pump takes top spot amid LetsBonk collapse — The Block","type":"news_article","url":"https://www.theblock.co/post/367266/solana-memecoin-launchpad-war-flips-again-as-pump-takes-top-spot-amid-letsbonk-collapse"},{"credibility":2,"name":"Solana Launchpad letsBONK.fun Sees 600% Revenue Surge in Early 2026 — KuCoin","type":"news_article","url":"https://www.kucoin.com/blog/en-solana-launchpad-letsbonk-fun-sees-600-revenue-surge-in-early-2026"}],"summary":"BONK.fun (also styled LetsBonk.fun) is a Solana-based meme coin launchpad that launched on April 25, 2025, as a joint initiative between the BONK community and the Raydium protocol, enabling no-code token creation with automatic BONK buyback-and-burn mechanics. On March 11–12, 2026, the platform suffered a domain hijack via social engineering against its domain registrar; attackers deployed a wallet drainer disguised as a fake terms-of-service modal, resulting in approximately $30,000 in confirmed losses before the site was taken offline. The platform relaunched on March 19–20, 2026, with a 110% refund commitment to affected users and enhanced security measures.","timeline":[{"date":"2025-04-25","event":"BONK.fun (LetsBonk.fun) officially launches as a joint initiative between the BONK community and Raydium protocol on Solana.","source":"CoinGecko LetsBONK.fun Complete Guide","source_url":"https://www.coingecko.com/learn/letsbonk-fun-solana-memecoin-launchpad-guide"},{"date":"2025-07-29","event":"BONK.fun reaches approximately 82% market share of Solana bonding-curve token launches, briefly surpassing Pump.fun as the dominant Solana launchpad.","source":"Solana Launchpad Showdown: Pump.fun vs. LetsBONK.fun — Solana Floor","source_url":"https://solanafloor.com/news/solana-launchpad-showdown-pump-fun-vs-lets-bonk-fun"},{"date":"2025-09-01","event":"Pump.fun regains leading market position with approximately 81% market share; BONK.fun's share declines sharply.","source":"Letsbonk compounds Pump.fun's July decline — Cryptopolitan","source_url":"https://www.cryptopolitan.com/letsbonk-compounds-pump-fun-decline-july/"},{"date":"2026-01-04","event":"BONK.fun reports a revenue surge exceeding 600%, with single-day fees peaking at $352,793.","source":"Solana Launchpad letsBONK.fun Sees 600% Revenue Surge in Early 2026 — KuCoin","source_url":"https://www.kucoin.com/blog/en-solana-launchpad-letsbonk-fun-sees-600-revenue-surge-in-early-2026"},{"date":"2026-03-11","event":"Attackers execute a social engineering attack against BONK.fun's domain registrar, transferring the domain to an external registrar without authorization. Compromised frontend deployed with a fake terms-of-service wallet drainer modal.","source":"What Happened to Bonk.fun? The Hijack and What's Changed — Smithii","source_url":"https://smithii.io/en/what-happened-bonk-fun/"},{"date":"2026-03-12","event":"BONK.fun operator (@SolportTom) publicly warns users to stop interacting with the bonk.fun domain. Platform issues official statement confirming the compromise. Users who signed the fake TOS modal during the active attack window suffered wallet drains totaling approximately $30,000.","source":"Bonk.fun hacked: Domain hijacked, crypto drainer planted — CoinDesk","source_url":"https://www.coindesk.com/tech/2026/03/12/bonk-fun-hacked-domain-hijacked-crypto-drainer-planted"},{"date":"2026-03-18","event":"Domain control restored to BONK.fun team after coordination with the original domain registrar, which acknowledged responsibility for the unauthorized transfer.","source":"BONKfun Back Online After Hack, Promises 110% Refund to Users — Live Bitcoin News","source_url":"https://www.livebitcoinnews.com/bonkfun-back-online-after-hack-promises-110-refund-to-users/"},{"date":"2026-03-19","event":"BONK.fun officially relaunches after comprehensive security testing. Platform announces 110% refund plan for all confirmed affected users and introduces 'Balanced Mode' liquidity routing.","source":"BONK.fun relaunches after domain hijack, confirms $30K in losses — AMBCrypto","source_url":"https://ambcrypto.com/bonk-fun-relaunches-after-domain-hijack-confirms-30k-in-losses/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 902ecfab-c361-4966-bad8-3e4eadbf4221copy