The team behind the Solana-based memecoin launch platform Bonk.fun warned users to avoid its website after hackers reportedly compromised the domain and deployed a malicious wallet drainer, with at least one trader claiming losses of $273,000 after connecting their wallet.

Bonk.fun domain hack triggers wallet drainer

In a statement posted on social media, the Bonk.fun account said a “malicious actor” had taken control of the platform’s domain and urged users not to interact with the website until the issue is resolved.

“A malicious actor has compromised the BONKfun domain, do not interact with the website until we have secured everything,” the platform said.

Tom, an operator associated with Bonk.fun, also warned that hackers had hijacked a team account and placed a crypto drainer directly on the site’s domain. The attacker allegedly used the compromised domain to prompt users to sign a fraudulent approval message disguised as a terms-of-service request.

According to Tom, only users who signed the fake message after the compromise were affected.

“If you connected to Bonk.fun in the past you’re not affected,” Tom wrote, adding that users trading Bonk.fun tokens through external trading terminals were also safe.

He said the team quickly detected the incident and spread warnings across social media, which helped limit losses.

Despite the response, some users reported significant losses. One user claimed on X that they lost their entire wallet after connecting to the site.

“I just got drained for $273,000 on Bonk.fun,” the user wrote, adding that their wallet was left “bone dry” after connecting.

The team said it is working to secure the domain and investigate the incident, stressing that protecting users remains its top priority.

The attack highlights a recurring security risk in the crypto sector, where compromised websites are often used to trick users into signing malicious transactions that grant attackers access to their funds.

Security researchers at Ledger have discovered a major flaw in some Android smartphone chips that lets an attacker siphon encrypted user data like passwords and private keys in a matter of seconds using just a USB connection.

The vulnerability was first spotted in January by Ledger’s internal security research team, Donjon, Ledger Chief Technology Officer Charles Guillemet wrote in a recent X post. 

According to Guillemet, the vulnerability affected smartphones powered by MediaTek and Trustonic’s TEE processors. 

MediaTek has since issued a security patch to fix the issue; users who have not installed the latest security updates on their devices may still remain at risk.

White hat hackers were able to penetrate a smartphone from manufacturer Nothing, notably the company’s CMF 1 phone, in under 45 seconds using a laptop.

“Without ever even booting into Android, the exploit automatically recovered the phone’s PIN, decrypted its storage, and extracted the seed phrases from the most popular software wallets,” Guillemet said.

This puts software wallets like Trust Wallet, Base, Kraken Wallet, Rabby, Tangem’s mobile wallet, and Phantom at risk, as the seed phrases and other sensitive credentials are stored locally on the device.

In their report, researchers noted that the vulnerability allowed attackers with physical access to bypass the phone’s security protections through the secure boot chain, which is a core startup process that runs at the highest privilege level before the operating system loads. Subsequently, the attacker can recover the device’s PIN, decrypt its storage, and extract the information.

“This has the potential to affect millions of Android smartphones,” Guillemet added.

Estimates suggest nearly 36 million people manage digital assets on their smartphones, which means that if attackers manage to exploit a vulnerability, it could put a large number of wallets at risk. 

Guillemet advised using devices with dedicated secure elements that are built for key protection and can safeguard sensitive data even under physical attack.

The Ledger team also detailed a separate attack it tested on MediaTek Dimensity 7300 processors (MT6878) in December, where the team used electromagnetic fault injection to disrupt the chip’s boot process. It allowed them to bypass security checks and ultimately gain full control over the smartphone at the highest privilege level.

As covered by crypto.news on several occasions, crypto users have been targeted across multiple platforms, including iOS, macOS, and Windows.

While Android devices are often easier to compromise due to Google’s more open ecosystem and flexible app distribution model, Apple’s iOS devices have also developed unique attack vectors that target users through malicious frameworks embedded inside otherwise legitimate apps.

For instance, last year, security researchers discovered a malicious app that infiltrated both iOS and Android devices by requesting file access and subsequently scanning device storage to extract wallet data. Although not as technically severe in nature as hardware-level exploits, the scheme still managed to steal more than $1.8 million in cryptocurrency.

Around the same time, Kaspersky flagged a malware campaign that spread through malicious software development kits embedded in seemingly harmless apps.

There is a growing risk that a looming crisis in the private credit market, fueled by rising redemptions and defaults, could spill over into Bitcoin (BTC) and crypto markets, according to analysts.

Key takeaways:

• The $2 trillion private credit sector faces a crisis from defaults, redemptions, and limited oversight.

• A liquidity crunch may force investors to sell readily accessible assets, like Bitcoin, first.

• Historical crises show Fed interventions often lead to strong Bitcoin price rallies as a hedge against money supply expansion.

The private credit ticking time bomb?

The private credit sector, the non-bank lending sector that has grown to over $2 trillion from $500 billion in the past five years, is flashing warning signs of an impending crisis. 

Fueled by low rates and investor hunger for high yields, it now rivals traditional banks but lacks the same oversight.

Related: Will Bitcoin crash if oil prices hit $100 per barrel?

In 2024, the International Monetary Fund (IMF) warned that the private credit sector “warranted closer watch,” adding:

“Rapid growth of this opaque and highly interconnected segment of the financial system could heighten financial vulnerabilities given its limited oversight.”

Now, the private credit market shows cracks that threaten triggering a financial crisis.

BlackRock, the world’s largest asset manager, with over $10 trillion under management, limited withdrawals from its $26 billion flagship credit funds, reported Bloomberg.

Blue Owl Capital halted redemptions amid software sector woes from AI disruptions, while UBS warns of default rates hitting 15% in worst-case scenarios. 

On Wednesday, Reuters reported that JPMorgan restricted lending to its private credit funds while Morgan Stanley and Cliffwater Private Credit Fund joined the growing list of asset managers under distress.

”Bond King” Jeffrey Gundlach, founder at Double Line said that the private credit fund of funds in 2026 closely mirrors CDO-squared in early 2007, before the 2008 global financial crisis.

“Financial repression is incoming,” market analyst MartyParty said in an X post on Thursday, attributing the problems to the sector’s rapid growth in the face of ‘increasing scrutiny’ over liquidity during periods of investor outflows.

“Either the Fed injects liquidity, or we go into crisis.”

Global conflict and macroeconomic uncertainties exacerbate this, potentially delaying Fed easing while putting pressure on equities and the Bitcoin price.

As Cointelegraph reported, futures markets are pricing less than a 1% chance of Fed rate cuts at the March 18 FOMC meeting.

Liquidity crunch could crash Bitcoin price, at first

While the withdrawal limitations directly affect the private credit market, the implications extend far beyond traditional finance.

Withdrawal limits are a “big deal for crypto,” crypto investor Paul Barron said in a recent post on X, adding:

“When giants like Blackrock lock the gates on private funds, it signals a ‘liquidity crunch.’ Investors stuck in private credit might sell their ‘liquid’ assets (Bitcoin/ETH) to raise cash elsewhere.”

This means that if investors cannot access funds from illiquid private credit portfolios, they may turn to assets that can be sold instantly in public markets.

Bitcoin, which trades 24/7, often serves as the first pressure valve. Its price dropped sharply by 50% in March 2020 as the market priced in the COVID-19 crisis.

But this usually forces government interventions: emergency liquidity injections and rate cuts, aimed at averting systemic collapse.

In 2020, Fed actions post-crash fueled Bitcoin’s surge to its previous all-time high of $69,000 by year-end from $4,400, a 1,400% rally.

Similarly, during the March 2023 banking turmoil, Bitcoin initially sold off on contagion fears, then rallied more than 200% as markets priced in a Fed pause on rate hikes.

This suggests that a private credit breakdown might ultimately result in the further expansion of the money supply, sending BTC price to new highs.

As Cointelegraph reported, BitMEX co-founder Arthur Hayes will wait untill until the Fed loosens its monetary policy before buying any more Bitcoin. BTC price will then rise to $250,000, he predicted.