Malicious Code Update Sees DogWifTools Users Lose $10 Million

Reading Time: 2 minutes
  • A malicious update to the DogWifTools software has compromised users’ wallets, resulting in over $10 million in losses
  • The attack exploited the software’s auto-update feature, installing malware that targets sensitive user data
  • The perpetrators utilized stolen identification documents to create accounts on cryptocurrency exchanges in the victims’ names

Users of the DigWifHat toolset DogWifTools have suffered significant financial losses after a compromised software update installed malware on their systems. The attack resulted in the theft of over $10 million in cryptocurrencies and victims’ details being used to create fraudulent accounts on crypto exchanges. However, some in the community are enjoying the schadenfreude of DogWifTools users, who often used the tools to rug pull token buyers, themselves losing out.

Malicious Update Exploited Auto-Update Feature  

DogWifTools fell victim to the attack through its auto-update mechanism, with perpetrators infiltrating the software’s private GitHub repository and injecting a trojanized update. When developers released new versions, the attackers quickly embedded malware into updates 1.6.3 through 1.6.6, injecting a Remote Access Trojan (RAT) targeting Windows users.  

Once installed, the malicious software downloaded an executable file named `updater.exe` into the AppData folder. The program silently scanned for private keys, exchange login credentials, and identification photos stored on users’ computers. The attackers then used these stolen personal identification documents to create legitimate accounts on cryptocurrency exchanges like Binance, enabling them to carry out unauthorized transactions.  

Security Warnings Ignored  

Security experts had previously warned about the extensive permissions required by DogWifTools, which granted it deep system access and left users vulnerable to attacks. Despite these concerns, many continued using the software, unaware of the risks. The latest breach reinforced the dangers of using applications that demand excessive permissions, particularly in the cryptocurrency sector, where security is paramount.  

The irony of the loss, which saw holdings stolen and the victims’ identities used to create fake crypto exchange accounts, was that DogWifTools has been heavily used by unscrupulous developers to launch and then rug pull memecoins on the Solana network. The fact that many of these users have now themselves lost out financially has not gone unnoticed by the community.

Share