Security

Website Supply Chain Attack Drains User Wallets via Malicious Script

Third-party resource compromise injected a malicious JavaScript drainer, weaponizing a trusted front-end to steal user token approvals.
November 27, 20253 min

The image features a close-up of an abstract, futuristic object composed of translucent blue and clear flowing forms, integrated with brushed silver cylindrical components. These metallic elements display concentric ring patterns on their visible ends, contrasting with the organic shapes
A large, metallic and white cylindrical mechanism with intricate modular detailing extends diagonally from the upper left, emitting a cloud of white, particulate matter from its end. The background consists of blurred, dark blue and grey geometric structures, suggesting a complex, high-tech environment

Briefing

A critical supply chain compromise against a major crypto data aggregator exposed visitors to an active wallet-draining campaign. The attacker leveraged a vulnerability in a third-party resource, specifically a homepage doodle image, to inject malicious JavaScript that presented a fake “Connect Wallet” popup to unsuspecting users. This allowed the script to steal token approvals and subsequently drain assets from connected wallets, resulting in a confirmed loss of $43,266 across 110 individual victims.

A high-tech cylindrical component is depicted, featuring a polished blue metallic end with a detailed circular interface, transitioning into a unique white lattice structure. This lattice encloses a bright blue, ribbed internal core, with the opposite end of the component appearing as a blurred metallic housing

Context

The prevailing attack surface for Web3 users has increasingly shifted from complex smart contract logic to centralized front-end infrastructure and third-party dependencies. Prior to this incident, reports indicated that wallet drainers were responsible for stealing nearly $500 million in the previous year, highlighting the systemic risk posed by social engineering and malicious script injection. This reliance on external, often unaudited, resources for website functionality represents a known, high-leverage vulnerability for attackers.

A high-resolution, close-up image showcases a section of an advanced device, featuring a prominent transparent, arched cover exhibiting internal blue light and water droplets or condensation. The surrounding structure comprises polished metallic and dark matte components, suggesting intricate internal mechanisms and precision engineering

Analysis

The incident was a classic supply chain attack, where the attacker did not breach the core platform’s servers but rather compromised a trusted, external element → the “doodle” image asset. By injecting malicious JavaScript into this resource, the attacker achieved Cross-Site Scripting (XSS) on the main page, effectively weaponizing the user’s browser. The script then executed a wallet drainer payload, which prompted users to “connect” their wallet, thereby granting malicious token approval permissions. This allowed the attacker to transfer assets without further user interaction, with the success being predicated on exploiting the trust users place in the primary domain.

A prominent, silver-toned circular mechanism, detailed with concentric rings and a dark central point, is enveloped by a vibrant, translucent blue flow. This dynamic, undulating stream appears to emanate from or pass through the core component, set against a softly blurred background of dark, technical machinery

Parameters

  • Total Funds Drained → $43,266. The confirmed financial loss from the wallet-draining script.
  • Victim Count → 110. The number of unique wallet addresses successfully drained by the attacker.
  • Attack Vector TypeSupply Chain Injection. Exploitation of a third-party asset to inject malicious code.

The image presents a prominent blue, faceted X-shaped structure, resembling the XRP digital asset logo, encased within a dark, angular metallic frame. White vapor and dynamic blue energy fragments emanate from the central mechanism and surrounding elements, against a gradient grey background

Outlook

Immediate mitigation requires all protocols to conduct rigorous audits of their entire front-end supply chain, including all external scripts and resources. Users must adopt a zero-trust policy for wallet connection requests, especially when prompted unexpectedly, and revoke unnecessary token approvals immediately. This incident will likely drive new security standards focused on content security policies (CSP) and the deprecation of blind signing to prevent the weaponization of trusted web properties for on-chain theft.

A close-up view presents two sophisticated, white and metallic mechanical connectors, with one end displaying a vibrant blue illuminated core, positioned as if about to interlock. The background features blurred, similarly designed components, suggesting a larger, interconnected system

Verdict

The exploitation of a centralized data aggregator’s supply chain to execute a decentralized asset drain confirms the critical shift of high-impact threats from smart contract flaws to user-facing web infrastructure.

Supply chain attack, malicious script injection, wallet drainer, front-end compromise, web3 phishing, token approval theft, decentralized assets, cross-site scripting, trusted resource exploit, third-party risk, digital asset security, user interface attack, on-chain theft, JavaScript injection, web security, asset drainer Signal Acquired from → bleepingcomputer.com

Micro Crypto News Feeds

token approvals

Definition ∞ Token approvals are permissions granted by a token holder that allow a smart contract or another address to interact with their tokens, such as transferring or spending them.

malicious script injection

Definition ∞ Malicious Script Injection is a cyberattack where an attacker inserts harmful code into a website or web application, typically targeting the front-end.

supply chain attack

Definition ∞ A supply chain attack targets the software or hardware supply chain of a digital asset service or platform.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

on-chain theft

Definition ∞ On-chain theft refers to the illicit acquisition of digital assets directly from a blockchain ledger or smart contract.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

Tags:

Tags: