The trading Telegram bot BONKbot on the Solana network has reportedly been hacked, resulting in users losing approximately $208,000.
We are seeing reports that @bonkbot_io users have lost funds in a possible private key leak.
Problem may lie in users exporting private keys
Based on reports, it appears that at least ~$208k has been stolen pic.twitter.com/JD91fBZNLI
— CertiK Alert (@CertiKAlert) March 29, 2024
Analysts at CertiK noted multiple reports of losses and suggested a probable private key leak.
The exact cause of the exploit remains unknown. Representatives of BONKbot and other users point to different culprits.
According to the Telegram bot developers, the issue arose because users exported their private keys, which were then compromised in another application.
TLDR: BONKbot is SAFE, as always, and exporting your private key itself did NOT put you at risk. There has been an exploit with another Solana app.
More than half of the ~300 victims were non-BONKbot wallets.
The BONKbot users affected had imported their private key into a…
— BONKbot (@bonkbot_io) March 29, 2024
“BONKbot remains safe, and exporting the private key itself does not put you at risk. A vulnerability has been noted in another Solana application. More than half of the approximately 300 victims were non-BONKbot wallets,” the post stated.
Meanwhile, traders who did not export keys also reported losses.
My bonkbot wallet got drained. And, contrary to what the devs claim, my wallet was not linked to any other app (except sol-incinerator). The private key was only exported to Phantom.
If you want to help me a little bit to get back on track:… pic.twitter.com/ywxWFZ6TX9— marc611 | TheYoloDAO (@marctheyolo) March 29, 2024
“My BONKbot wallet was drained. Contrary to the developers’ claims, my wallet was not linked to any other app (except sol-incinerator). The private key was only exported to Phantom,” stated marc611.
In BONKbot, the blame was placed on a “specific application,” with some pointing to Solareum, another Solana-based Telegram bot.
Representatives of the latter deny any vulnerabilities and claim the exploit may be more widespread, affecting other bots and decentralized applications.
solareum devs confirm they are closing the project
Full message in next tweet pic.twitter.com/xqHtgxVfwG
— king.sol (@DeFiAzog) March 30, 2024
They suggested hackers might have stolen access tokens to the Telegram bot, gaining control over the message history containing private keys. The damage was estimated at approximately $310,000.
Days after the incident, Solareum announced its closure. Developers cited “insufficient funds, evolving market trends, and the recent security breach.”
The bot team has already contacted law enforcement in an attempt to freeze the stolen funds if they reach centralized exchanges.
The situation has caused confusion in the community, as the nature of the vulnerability remains unclear. The number of affected users also remains unknown: BONKbot claims only 0.1% of their traders were impacted, while some users suggest much higher figures.
Bans in the BONKbot chat for expressing concerns have further diminished trust in such statements.
Hey @bonkbot_io is this how you deal with real situations? when your clients loses hundreds of thousands. Your admin team literally kicking everyone speaking up. And you tell us this is safe continue to use it?
You fucking scammers I will take you down myself pic.twitter.com/JCKlGrbmal
— shrek (@ShrekCrypto_) March 29, 2024
“Hey, BONKbot, is this how you handle real situations when your clients lose hundreds of thousands? Your admin team is literally kicking everyone who speaks up. And you tell us this is safe and suggest we continue using [the bot]? You ***ing scammers, I will take you down myself,” wrote a disgruntled trader.
In March, according to PeckShield, crypto projects lost assets worth $187 million due to hacks. This figure decreased by 48% compared to the previous month.
According to Immunefi research, in the first quarter, losses from fraud and hacking in the industry reached $336 million. The losses are 100% linked to the DeFi sector.