DogWifTools breached in supply-chain attack on cryptocurrency wallets

An unidentified threat actor has performed a supply-chain attack that compromised DogWifTools, a software used for launching and promoting meme coins on the Solana blockchain, and exfiltrated users' cryptocurrency wallets, BleepingComputer reports.

The attackers were able to access the project's private GitHub repository by reverse engineering the software and extracting a GitHub token. They then trojanized versions 1.6.3 through 1.6.6 of the platform, and injected a Remote Access Trojan into the legitimate builds. The embedded malware would then proceed to download a malicious file that attempted to extract users' private keys for their cryptocurrency wallets. Many users reported losing access to their wallets and cryptocurrency exchange accounts as a result of the incident, with estimated losses exceeding $10 million. Some community members speculated that DogWifTools was complicit in the attack, though no direct evidence supports these claims. The platform denied any involvement and pledged to strengthen security measures. Investigations are ongoing to identify the perpetrators.

