Hackers have orchestrated a sophisticated supply chain attack targeting the Windows version of DogWifTools, a platform designed for promoting memecoins within the Solana blockchain ecosystem. As a result of the breach, over $10 million was siphoned from users’ wallets.
The DogWifTools development team reported that the attackers had gained unauthorized access to the project’s private GitHub repository. The intruders reverse-engineered the software, extracted an access token, and subsequently leveraged it to inject malicious updates into the platform.
The attack was executed with meticulous stealth. Rather than immediately deploying compromised versions, the hackers waited for official updates to be released before swiftly replacing them with infected builds. Versions 1.6.3 to 1.6.6 of DogWifTools were compromised, while macOS users remained unaffected.
Once launched, the infected application deposited a file named updater.exe into the local AppData folder, allowing it to harvest private keys from users’ cryptocurrency wallets. Over the past two days, affected users have reported complete asset depletion, with funds being drained from both hot and cold wallets, alongside loss of access to their Binance and Coinbase accounts.
Some members of the crypto community have speculated that DogWifTools itself may have engaged in intentional fraud, though no conclusive evidence has emerged to support this claim. The suspicions stem from the platform’s mechanisms for artificially inflating trading activity, a tactic often exploited by scammers to orchestrate pump-and-dump schemes. Specifically, DogWifTools enables the automated generation of comments, simulated trading activity, and volume manipulation via bot systems.
Blockchain researcher ZachXBT highlighted that one of the platform’s core functions, bundler, retains a significant portion of issued tokens, while its trading bot artificially stimulates demand. This structure makes DogWifTools an attractive tool for fraudulent schemes—though it does not directly implicate the developers in the attack.
The crypto community has also raised concerns regarding the level of access DogWifTools had to user data. One user noted that the application requested excessively broad permissions, potentially allowing attackers to access sensitive personal data, including identification documents, which could then be leveraged for account takeovers.
A threat actor claiming responsibility for the breach disputed reports of the stolen amount, stating that the figure had been greatly exaggerated. The hacker further denied stealing personal user data, except for locally stored DogWifTools wallet files.
The DogWifTools development team has firmly rejected allegations of fraud, asserting that they had no involvement in the attack. The developers have vowed to strengthen security measures and collaborate with investigators to identify those responsible and ensure they are brought to justice.
