DogWifTools Hack - January 2025 ($10M)
Overview
A coordinated exploit hit a platform designed to help meme coins on the Solana blockchain get more exposure, DogWifTools, and many of its users lost a lot of money.
Attack Method
The DogWifTools team said the attackers accessed their private GitHub repository by reverse-engineering the software and obtaining a GitHub token, which enabled the hackers to insert malicious code into legitimate software updates and distribute them to users.
Malware Details
The dropped updates were malware pretending to be a Remote Access Trojan (RAT) that downloaded a file called "updater.exe" into the AppData folder, and the malicious file targeted users' cryptocurrency wallets and stole customers' private keys.
Financial Impact
The attack utilized exploits on versions 1.6.3 through 1.6.6 of the software, with estimates of over $10 million worth of cryptocurrency stolen.
Data Theft Beyond Wallets
With the ID documents stolen from users' computers, they also allegedly completed KYC and opened Binance accounts in their victims' names, and with these accounts, they could withdraw their stolen crypto while posing as the legitimate account owner.
Platform Purpose
DogWifTools is an example of a fake liquidity generator used on Solana, and users would use a tool like DogWifTools to automatically generate fake trading activity on-chain to create the illusion of liquidity, widespread interest, and high potential return on investment for potential buyers.
Sources