DogWifTools Windows releases drained wallets

DogWifTools was a commercial tool for Solana memecoin launches. It automated volume, bundling, comments, and activity simulation for Pump.fun promotion. The users trusted the Windows client with wallets and local trading material.

According to DogWifTools' disclosure as reported by BleepingComputer, an attacker reverse engineered the software and extracted a GitHub token. The token gave access to the project's private GitHub repository. The attacker did not publish malware immediately. After legitimate releases, they waited, modified the builds, and replaced the Windows artifacts.

The affected versions were 1.6.3 through 1.6.6. The malicious build installed a remote access trojan and downloaded updater.exe into the user's local AppData directory. The payload targeted cryptocurrency wallet private keys. Reports also described exchange-account loss and possible exposure of identity documents from systems where DogWifTools had broad permissions.

The estimated theft was more than $10 million, though that figure came from community reporting and was disputed by a person claiming responsibility. DogWifTools denied staff involvement, said macOS users were not affected, and said it was adding security controls while working with investigators.

Motive

Financial Gain

Cause

Exposed Secret

Transitive

No

• Solana Pump.fun tool DogWifTool compromised to drain walletsbleepingcomputer.com
• DogWifTool supply chain attackthreats.wiz.io
• Explained: The DogWifTools Hack (January 2025)halborn.com