Verify a decision

{"actor":"system:backfill","investigation_id":"e05ca87b-8858-4518-b7e5-1ff5395b9bbf","kind":"publish","page_slug":"dogwiftools","published_at":"2026-05-19T20:13:21.463Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"DogWifTools","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://x.com/dogwiftools/status/1811888342591766584"},{"credibility":3,"name":"","type":"other","url":"https://docs.dogwiftools.com/dogwiftools/getting-started/bundler"},{"credibility":3,"name":"","type":"other","url":"https://www.bleepingcomputer.com/news/security/solana-pumpfun-tool-dogwiftool-compromised-to-drain-wallets/"},{"credibility":3,"name":"","type":"other","url":"https://www.rootdata.com/Projects/detail/DogWifTools?k=MTYxMzY%3D"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://docs.dogwiftools.com/dogwiftools/getting-started/bundler"},{"credibility":3,"name":"","type":"other","url":"https://www.bleepingcomputer.com/news/security/solana-pumpfun-tool-dogwiftool-compromised-to-drain-wallets/"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptotimes.io/2025/01/30/solana-pump-fun-tool-dogwiftool-exploit-drains-10m-in-crypto/"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-dogwiftools-hack-january-2025"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.bleepingcomputer.com/news/security/solana-pumpfun-tool-dogwiftool-compromised-to-drain-wallets/"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-dogwiftools-hack-january-2025"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptotimes.io/2025/01/30/solana-pump-fun-tool-dogwiftool-exploit-drains-10m-in-crypto/"},{"credibility":3,"name":"","type":"other","url":"https://www.mexc.com/news/410195"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/poetic-justice"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-dogwiftools-hack-january-2025"},{"credibility":3,"name":"","type":"other","url":"https://docs.dogwiftools.com/dogwiftools/getting-started/bundler"},{"credibility":3,"name":"","type":"other","url":"https://www.bleepingcomputer.com/news/security/solana-pumpfun-tool-dogwiftool-compromised-to-drain-wallets/"},{"credibility":3,"name":"","type":"other","url":"https://www.soliduslabs.com/reports/solana-rug-pulls-pump-dumps-crypto-compliance"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.bleepingcomputer.com/news/security/solana-pumpfun-tool-dogwiftool-compromised-to-drain-wallets/"},{"credibility":3,"name":"","type":"other","url":"https://www.rootdata.com/Projects/detail/DogWifTools?k=MTYxMzY%3D"},{"credibility":3,"name":"","type":"other","url":"https://www.scworld.com/brief/dogwiftools-breached-in-supply-chain-attack-on-cryptocurrency-wallets"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-dogwiftools-hack-january-2025"},{"credibility":3,"name":"","type":"other","url":"https://threats.wiz.io/all-incidents/dogwiftool-supply-chain-attack"},{"credibility":3,"name":"","type":"other","url":"https://www.dlnews.com/articles/defi/solana-execs-sued-over-memecoin-trades/"},{"credibility":3,"name":"","type":"other","url":"https://www.bleepingcomputer.com/news/security/solana-pumpfun-tool-dogwiftool-compromised-to-drain-wallets/"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/poetic-justice"}]}],"sources_used":[],"summary":"DogWifTools is a Solana-based memecoin tooling platform that markets features explicitly designed to simulate artificial trading volume, conceal supply concentration across hundreds of wallets, and inflate engagement metrics on pump.fun — capabilities that security researchers and blockchain analysts characterize as enabling wash trading and coordinated pump-and-dump schemes. In January 2025, the platform suffered a supply-chain attack in which threat actors trojaned versions 1.6.3 through 1.6.6 with a Remote Access Trojan, draining an estimated $10 million from users' wallets; the attacker group framed the theft as vigilante justice against scammers. No known regulatory action has been taken against DogWifTools operators, who remain anonymous.","timeline":[{"date":"2024-07-12","event":"DogWifTools v1.0 officially released on X, advertising volume bot, bundler, anti-detection bypass, and comment bot features for pump.fun token launches.","source":""},{"date":"2024-07-01","event":"Platform begins selling lifetime licenses at approximately 15 SOL, establishing a paid subscription base of memecoin operators.","source":""},{"date":"2025-01-01","event":"Threat actors reverse-engineer DogWifTools software and extract a GitHub authentication token, gaining covert access to the private repository.","source":""},{"date":"2025-01-27","event":"Threat actors trojanize DogWifTools versions 1.6.3 through 1.6.6, embedding a Remote Access Trojan (RAT) that downloads 'updater.exe' to harvest private keys, exchange credentials, and KYC identity documents from Windows users.","source":""},{"date":"2025-01-29","event":"DogWifTools users begin reporting mass wallet draining across hot and cold wallets; loss of Binance and Coinbase account access reported. Community estimates of losses reach $10 million.","source":""},{"date":"2025-01-29","event":"DogWifTools operators publicly attribute the compromise to a third-party actor who gained access via GitHub token; deny it is an internal rug pull.","source":""},{"date":"2025-01-30","event":"A group calling itself 'Jizzy Group' publishes a manifesto on a dark web onion site claiming responsibility for the attack, framing it as vigilante justice against scammers and calling Solana 'a fucking joke designed by criminals for criminals.'","source":""},{"date":"2025-01-30","event":"Major crypto security outlets including BleepingComputer, Halborn, Rekt News, CryptoTimes, and The Defiant publish coverage of the incident, widely characterizing DogWifTools as a 'fake liquidity generator.'","source":""},{"date":"2025-02-01","event":"Halborn Security publishes post-mortem analysis confirming supply-chain attack vector, RAT injection mechanism, and characterizing DogWifTools as infrastructure for wash trading and fake liquidity generation.","source":""},{"date":"2025-02-01","event":"Wiz Cloud Threat Landscape database catalogues the DogWifTool supply-chain attack as a notable 2025 security incident.","source":""}]},"v":1}