Skip to main content
Security

Website Supply Chain Attack Drains User Wallets via Malicious Script

Third-party resource compromise injected a malicious JavaScript drainer, weaponizing a trusted front-end to steal user token approvals.
November 27, 20253 min

A meticulously crafted metallic mechanism, composed of gleaming silver components, including a cylindrical body, a threaded section, and a finely grooved end piece, is partially submerged in a vivid, bubbly blue foam. A prominent blue ring accentuates the precision engineering of the central module
A futuristic white and metallic device, with internal blue glowing components, is expelling a thick cloud of white smoke infused with blue light from its front. The device rests on a dark, patterned surface resembling a circuit board

Briefing

A critical supply chain compromise against a major crypto data aggregator exposed visitors to an active wallet-draining campaign. The attacker leveraged a vulnerability in a third-party resource, specifically a homepage doodle image, to inject malicious JavaScript that presented a fake “Connect Wallet” popup to unsuspecting users. This allowed the script to steal token approvals and subsequently drain assets from connected wallets, resulting in a confirmed loss of $43,266 across 110 individual victims.

The image features a close-up of an abstract, futuristic object composed of translucent blue and clear flowing forms, integrated with brushed silver cylindrical components. These metallic elements display concentric ring patterns on their visible ends, contrasting with the organic shapes

Context

The prevailing attack surface for Web3 users has increasingly shifted from complex smart contract logic to centralized front-end infrastructure and third-party dependencies. Prior to this incident, reports indicated that wallet drainers were responsible for stealing nearly $500 million in the previous year, highlighting the systemic risk posed by social engineering and malicious script injection. This reliance on external, often unaudited, resources for website functionality represents a known, high-leverage vulnerability for attackers.

A futuristic spherical mechanism, partially open, reveals an intricate internal process with distinct white and blue elements. The left side displays a dense aggregation of white, granular material, transitioning dynamically into a vibrant formation of sharp, blue crystalline structures on the right, all contained within a metallic, paneled shell

Analysis

The incident was a classic supply chain attack, where the attacker did not breach the core platform’s servers but rather compromised a trusted, external element ∞ the “doodle” image asset. By injecting malicious JavaScript into this resource, the attacker achieved Cross-Site Scripting (XSS) on the main page, effectively weaponizing the user’s browser. The script then executed a wallet drainer payload, which prompted users to “connect” their wallet, thereby granting malicious token approval permissions. This allowed the attacker to transfer assets without further user interaction, with the success being predicated on exploiting the trust users place in the primary domain.

A sophisticated mechanical assembly features a prominent blue, cube-like central unit with metallic silver detailing and visible screw fasteners. Various blue and grey tubes or conduits emanate from and connect to this central component, suggesting a complex network of pathways

Parameters

  • Total Funds Drained ∞ $43,266. The confirmed financial loss from the wallet-draining script.
  • Victim Count ∞ 110. The number of unique wallet addresses successfully drained by the attacker.
  • Attack Vector TypeSupply Chain Injection. Exploitation of a third-party asset to inject malicious code.

A macro photograph captures an intricate, spiraling arrangement of numerous fine bristles, distinctly colored blue and transparent white. The central area showcases hollow, transparent filaments, while surrounding layers feature dense blue bristles interspersed with white, creating a textured, frosted appearance

Outlook

Immediate mitigation requires all protocols to conduct rigorous audits of their entire front-end supply chain, including all external scripts and resources. Users must adopt a zero-trust policy for wallet connection requests, especially when prompted unexpectedly, and revoke unnecessary token approvals immediately. This incident will likely drive new security standards focused on content security policies (CSP) and the deprecation of blind signing to prevent the weaponization of trusted web properties for on-chain theft.

The image displays multiple metallic, cylindrical components, primarily in a vibrant blue hue with silver and chrome accents, arranged in a dynamic, interconnected configuration. The central component is in sharp focus, revealing intricate details like grooves, rings, and a complex end-piece with small prongs, while a fine, granular white substance partially covers the surfaces

Verdict

The exploitation of a centralized data aggregator’s supply chain to execute a decentralized asset drain confirms the critical shift of high-impact threats from smart contract flaws to user-facing web infrastructure.

Supply chain attack, malicious script injection, wallet drainer, front-end compromise, web3 phishing, token approval theft, decentralized assets, cross-site scripting, trusted resource exploit, third-party risk, digital asset security, user interface attack, on-chain theft, JavaScript injection, web security, asset drainer Signal Acquired from ∞ bleepingcomputer.com

Micro Crypto News Feeds

token approvals

Definition ∞ Token approvals are permissions granted by a token holder that allow a smart contract or another address to interact with their tokens, such as transferring or spending them.

malicious script injection

Definition ∞ Malicious Script Injection is a cyberattack where an attacker inserts harmful code into a website or web application, typically targeting the front-end.

supply chain attack

Definition ∞ A supply chain attack targets the software or hardware supply chain of a digital asset service or platform.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

on-chain theft

Definition ∞ On-chain theft refers to the illicit acquisition of digital assets directly from a blockchain ledger or smart contract.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

Tags:

Tags: