Security

Website Supply Chain Attack Drains User Wallets via Malicious Script

Third-party resource compromise injected a malicious JavaScript drainer, weaponizing a trusted front-end to steal user token approvals.
November 27, 20253 min

A macro photograph captures an intricate, spiraling arrangement of numerous fine bristles, distinctly colored blue and transparent white. The central area showcases hollow, transparent filaments, while surrounding layers feature dense blue bristles interspersed with white, creating a textured, frosted appearance
A detailed view presents a dark, multi-faceted mechanical component at its core, surrounded by a light blue, textured material resembling fine particles. A bright, translucent blue fluid dynamically twists and flows around this central element, creating a striking visual contrast

Briefing

A critical supply chain compromise against a major crypto data aggregator exposed visitors to an active wallet-draining campaign. The attacker leveraged a vulnerability in a third-party resource, specifically a homepage doodle image, to inject malicious JavaScript that presented a fake “Connect Wallet” popup to unsuspecting users. This allowed the script to steal token approvals and subsequently drain assets from connected wallets, resulting in a confirmed loss of $43,266 across 110 individual victims.

The image displays an abstract composition of frosted, textured grey-white layers partially obscuring a vibrant, deep blue interior. Parallel lines and a distinct organic opening within the layers create a sense of depth and reveal the luminous blue

Context

The prevailing attack surface for Web3 users has increasingly shifted from complex smart contract logic to centralized front-end infrastructure and third-party dependencies. Prior to this incident, reports indicated that wallet drainers were responsible for stealing nearly $500 million in the previous year, highlighting the systemic risk posed by social engineering and malicious script injection. This reliance on external, often unaudited, resources for website functionality represents a known, high-leverage vulnerability for attackers.

A complex, metallic and transparent apparatus, featuring bright blue internal elements, is centrally positioned against a soft grey background, surrounded by dynamic splashes of clear liquid. The intricate design showcases precise engineering with fluid dynamics

Analysis

The incident was a classic supply chain attack, where the attacker did not breach the core platform’s servers but rather compromised a trusted, external element → the “doodle” image asset. By injecting malicious JavaScript into this resource, the attacker achieved Cross-Site Scripting (XSS) on the main page, effectively weaponizing the user’s browser. The script then executed a wallet drainer payload, which prompted users to “connect” their wallet, thereby granting malicious token approval permissions. This allowed the attacker to transfer assets without further user interaction, with the success being predicated on exploiting the trust users place in the primary domain.

The image presents an abstract, high-tech structure featuring a central, translucent, twisted element adorned with silver bands, surrounded by geometric blue blocks and sleek metallic frames. This intricate design, set against a light background, suggests a complex engineered system with depth and interconnected components

Parameters

  • Total Funds Drained → $43,266. The confirmed financial loss from the wallet-draining script.
  • Victim Count → 110. The number of unique wallet addresses successfully drained by the attacker.
  • Attack Vector TypeSupply Chain Injection. Exploitation of a third-party asset to inject malicious code.

The image displays multiple metallic, cylindrical components, primarily in a vibrant blue hue with silver and chrome accents, arranged in a dynamic, interconnected configuration. The central component is in sharp focus, revealing intricate details like grooves, rings, and a complex end-piece with small prongs, while a fine, granular white substance partially covers the surfaces

Outlook

Immediate mitigation requires all protocols to conduct rigorous audits of their entire front-end supply chain, including all external scripts and resources. Users must adopt a zero-trust policy for wallet connection requests, especially when prompted unexpectedly, and revoke unnecessary token approvals immediately. This incident will likely drive new security standards focused on content security policies (CSP) and the deprecation of blind signing to prevent the weaponization of trusted web properties for on-chain theft.

The image presents a detailed view of complex, dark metallic machinery, characterized by interlocking components, precise grooves, and integrated wiring. This intricate hardware, with its futuristic aesthetic, could be interpreted as a sophisticated validator node or a dedicated ASIC mining rig, fundamental to the operational integrity of a decentralized ledger

Verdict

The exploitation of a centralized data aggregator’s supply chain to execute a decentralized asset drain confirms the critical shift of high-impact threats from smart contract flaws to user-facing web infrastructure.

Supply chain attack, malicious script injection, wallet drainer, front-end compromise, web3 phishing, token approval theft, decentralized assets, cross-site scripting, trusted resource exploit, third-party risk, digital asset security, user interface attack, on-chain theft, JavaScript injection, web security, asset drainer Signal Acquired from → bleepingcomputer.com

Micro Crypto News Feeds

token approvals

Definition ∞ Token approvals are permissions granted by a token holder that allow a smart contract or another address to interact with their tokens, such as transferring or spending them.

malicious script injection

Definition ∞ Malicious Script Injection is a cyberattack where an attacker inserts harmful code into a website or web application, typically targeting the front-end.

supply chain attack

Definition ∞ A supply chain attack targets the software or hardware supply chain of a digital asset service or platform.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

on-chain theft

Definition ∞ On-chain theft refers to the illicit acquisition of digital assets directly from a blockchain ledger or smart contract.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

Tags:

Tags: