Users of Telegram bots BONKbot and Solareum lost $520,000 due to hacking


Reaction score
The trading Telegram bot BONKbot on the Solana network was allegedly subjected to a hacker attack, as a result of which users lost about $208,000.


We are seeing reports that @bonkbot_io users have lost funds in a possible private key leak.

Problem may lie in users exporting private keys

Based on reports, it appears that at least ~$208k has been stolen
— CertiK Alert (@CertiKAlert) March 29, 2024

CertiK analysts drew attention to multiple reports of losses and allowed a possible leak of private keys.

The exact cause of the exploit remains unknown. BONKbot representatives and other users point to various culprits.

According to the Telegram bot developers, the problem occurred because users exported their private keys, which they then compromised in another application.

TLDR: BONKbot is SAFE, as always, and exporting your private key itself did NOT put you at risk. There has been an exploit with another Solana app.

More than half of the ~300 victims were non-BONKbot wallets.

The BONKbot users affected had imported their private key into a…
— BONKbot (@bonkbot_io) March 29, 2024

"BONKbot is still secure, and exporting the private key itself doesn't put you at risk. A vulnerability was detected in another Solana application. More than half of the approximately 300 victims were non-BONKbot wallets, " the post reads.

At the same time, traders who did not export keys also reported losses.

]My bonkbot wallet got drained. And, contrary to what the devs claim, my wallet was not linked to any other app (except sol-incinerator). The private key was only exported to Phantom.
If you want to help me a little bit to get back on track:…
— marc611 | TheYoloDAO (@marctheyolo) March 29, 2024

"My BONKbot wallet is empty. Contrary to the developers ' claims, my wallet was not linked to any other app (except sol-incinerator). The private key was only exported to Phantom, " marc611 stated.

BONKbot placed the blame on a "specific application", and some pointed to Solareum-another Telegram bot based on Solana.

Representatives of the latter deny any vulnerabilities and claim that the exploit may have a larger scale and affect other bots and decentralized applications.

solareum devs confirm they are closing the project

Full message in next tweet
— king.sol (@DeFiAzog) March 30, 2024

They suggested that hackers could steal access tokens to the Telegram bot, gaining control of the message history containing private keys. The damage was estimated at about $310,000.

A few days after the incident, Solareum announced its closure. The developers cited "insufficient funds, emerging market trends, and a recent security breach."

The bot team has already contacted law enforcement authorities in an attempt to freeze the stolen funds if they end up on centralized exchanges.

The situation has caused confusion in the community, as the nature of the vulnerability is not fully clear. The number of affected users also remains unknown: BONKbot claims that only 0.1% of their traders were affected, while some users made much larger values.

Bans in the BONKbot chat for expressing concerns further reduced the credibility of such statements.

Hey @bonkbot_io is this how you deal with real situations? when your clients loses hundreds of thousands. Your admin team literally kicking everyone speaking up. And you tell us this is safe continue to use it?

You fucking scammers I will take you down myself
— shrek (@ShrekCrypto_) March 29, 2024

"Hey BONKbot, is this what you do in real-world situations when your customers lose hundreds of thousands? Your admin team is literally kicking everyone who speaks out. And you tell us that everything is safe, and offer to continue using [the bot]? You * * * s scammers, I will close you myself," wrote a disgruntled trader.