Hackers compromised the Windows version of DogWifTools, a platform used for promoting meme coins on the Solana blockchain, in a supply-chain attack that drained users’ wallets. The attack was traced back to a malicious actor who accessed the project’s private GitHub repository after reverse-engineering the software to extract a GitHub token. The hacker waited for new software updates to be released and, after each release, injected a Remote Access Trojan (RAT) into the builds, which went undetected in GitHub logs. The affected versions, 1.6.3 to 1.6.6, specifically targeted Windows users, while macOS users remained unaffected.
When the malicious DogWifTools application was launched, it downloaded a file, updater.exe, into users’ AppData folders, which targeted the private keys of their cryptocurrency wallets.
This breach led to significant financial losses, as the trojanized software drained users’ wallets, including funds stored in both hot and cold wallets, and even compromised access to their cryptocurrency exchange accounts such as Binance and Coinbase. Community members accused DogWifTools of “rug pulling,” a term used to describe fraudulent practices in which the creators abandon a project after taking users’ funds. However, there was no concrete evidence of fraudulent activity on the platform’s part.
DogWifTools is designed to assist developers in launching and promoting meme coins, offering features such as volume automation, bundling, and comment bots to increase token engagement. However, the platform has been criticized for enabling fraudulent token launches by allowing scammers to take advantage of its promotional tools. According to blockchain investigator ZachXBT, DogWifTools facilitates this abuse through its bundler, which discreetly holds a large amount of the launched coin and inflates transaction activity with a volume bot. These features, combined with intrusive permissions requested by the application, allowed hackers to gain access to users’ sensitive data and hijack cryptocurrency exchange accounts.
The DogWifTools team has denied any involvement in the breach and has vowed to rebuild trust within the community. The platform is working on enhancing its security measures and collaborating with investigators to identify the hacker and hold them accountable. Despite the accusations and the financial loss of more than $10 million, according to some estimates, the DogWifTools team is committed to ensuring that such an attack does not happen again and to regaining users’ confidence in the platform.
Reference: