A crypto project that helps launch malicious memecoins has apparently been scammed, while its users lost millions. However, a blockchain investigator claims it might be an exit scam.
The project in question is DogWifTools, which provides a so-called token bundling tool that helps hide the fact that a single entity controls most of the supply of a new token, which is later dumped on unsuspecting investors.
However, multiple reports from blockchain sleuths claim that DogWifTools has been drained itself. Alleged screenshots from their Discord channel, shared on X, state that "a malicious third-party actor gained unauthorized access" to their GitHub repository through a GitHub token, which was possibly obtained by "reversing our compiled software."
update posted on @dogwiftools discord: pic.twitter.com/mBnk1elxrU
undefined solboy (@0x5OLBOY) January 28, 2025
They also added that the attacker was able to inject a Remote Access Trojan into their "legitimate builds," compromising funds from affected users' wallets. Some even reported that their Coinbase wallet was compromised following this attack.
The DogWifTools team claims it wasn't them, instead pointing to a "third-party actor" who operated via VPN. Moreover, the project — despite being used to scam others — said they are also working with "cybersecurity experts and authorities to identify and pursue the attacker" while also "rebuilding the confidence you've placed in us."
However, according to InvincibleXBT, who introduces himself on X as a blockchain security professional, this case might be an exit scam rather than an external exploit, and the DogWifTools team may have made between $10 and 20 million from the scheme.
They also claim to be assisting the Texas State Securities Board in initiating a state-level inquiry into this potential exit scam, while a state prosecutor has already demanded a jury trial regarding the scheme.
In either case, some blockchain sleuths estimate that more than $10 million was drained after the attack.
"Their tool asked for very intrusive permissions on your computer. Now they are using ID pics stored on scammers' computers locally to cash out users' funds," the X user, ‘solboy,’ posted, adding that "every single wallet from scammers is currently in the process of being drained."
insane work by the @dogwiftools team (easily the most popular bundling tool)
undefined solboy (@0x5OLBOY) January 28, 2025
they scammed the scammers for $10m+
their tool asked for very intrusive permissions on your computer
now they are using ID pics stored on computers of scammers locally to cash out users funds lmao… pic.twitter.com/eeUunlZM3K
"Man, no one gonna get any refund. U want to play dirty game, u have to be ready for something like this," a Discord user, prucel, concluded.
Your email address will not be published. Required fields are markedmarked