Something is happening and the community is not getting information from the officials channels, so i decided to write this to let everybody knows what's happening with Dogeparty.
On May 9 2026 one of the Admin posted on the official Telegram channel that " at least 5 Dogeparty wallets have been compromised in less than a months time. This has led to the theft of thousands of assets and over 110k XDP."
Another official statement from Dogeparty via X on May 21 2026 "A potential exploit in the original 2014 Dogeparty web wallet has been identified."
No forensics or audits have been made to the original 2014 Dogeparty web wallet, but the admins running Dogeparty got to the conclusion that this was the source of the hack without evidence or disclosing anything with facts to the public, they just assume that:
"Its not the fault of the browser. Its the fault of the wallet logic for allowing seed generation to proceed in the absence of the then newly-released window.crypto random number generator, falling back on bitcoin.js' SecureRandom function instead.
The problem is SecureRandom had a bug that wasn't known about until 2023:
https://www.kaspersky.com/blog/vulnerability-in-hot-cryptowallets-from-2011-2015/49943/"
Also it seems that information is being hidden to the community, like who the hacker or hackers are, or that they banned several users from the telegram chat accusing them of being the scammers.
The admins of the project are now discussing forking Dogeparty or doing something instead of taking the easiest approach that is talking to the hacker and buy back the coins he stole, the hacker is active trying to sell the coins he stole very cheap, one comment from one of members from the telegram channel:
"And just so we're clear, I do care about the problem, and I have put some of my own funds up to try to address the issue. I saw that the hacker that took some funds, set up dispensers and didn't really understood how they operated, and I saw that for $90, I could take back a huge portion of the stolen funds.... So I did so.... my own money.... as an individual community member."
-
Now lets look at the hackers motive, why he will target Dogeparty? a project that is almost dead since it was launched and a token XDP that cannot be traded in any exchange but only using Dogeparty? isnt that suspicious that he will target a small project and try to get a few dollars out of it? instead of targeting other web wallets with the same exploit?
For some members that are not vocal in the project right now, this is concerning, also the fact that some wallets hacked belong to admins, those working in a new web wallet application.
Another concerning thing is that not only Dogeparty wallets got hacked, one member says that another member got his ETH wallet drained at the same time "not only he lost his tokens but his eth wallet got hacked too"
And to make thing worst, it was discovered and exposed that some of the admins of Dogeparty are creating tokens on PumpFun who they pump and dump to earn creator rewards.
The community is now speculating what happened:
1.Some hacker exploited a vulnerability from the web wallet that affect old wallets, but only targeted a few and is trying to sell back the tokens back very cheap, but the managers refuse to buy them back and are discussing to fork the project instead. The hacker know there are many more wallets holding XDP, other tokens and Dogecoin, but he decides not to hack those wallets because he is ethical.
2. The admins developing the new wallet had poor security, exposed their private keys, and someone stole the coins.
3. The admins launching the PumpFun tokens got into a group chat, a link was shared, some admins click it and they got not only theirs Dogeparty hacked but also theirs ETH and probably other wallets.
4. Inside job to kill Dogeparty because the project isnt growing.
-
What answers we want:
1. taken from a member from the Dogeparty Telegram group:
Why the hacker only stole from few addresses instead of taking it all?
Only a few got hacked.
"Oh, it does? have the stats on how many XDP holders have wallets that were created in 2014 and have never moved them? You have stats on how long it takes to crack a single address using the entropy vulnerability? So you have those stats, so naturally you can project exactly how long it will take for a hacker to steal all of the XDP from all of their wallets that were in the initial Doge Party burn that haven't moved their XDP to a new wallet.... right? or do you just feel this is extreme and feel that something is at risk and so therefore you're going to very loudly exclaim your viewpoint that this affects everyone and that everyone is at risk and let everyone know the sky is falling when in reality (according to me), it's not."
2. Does the admins who got their wallets hacked did forensics to their machine to determine if they are not running malware installed when they click or install an application?
3. The private keys of the hacked wallets got imported into the new wallet Dogeparty is developing? why dont publish the source code so we can evaluate?
4. Explain why some Dogeparty Admins are active launching Pump and Dump coins on PumpFun, and how many of those admins got their Dogeparty wallets hacked.
-
What it really seems it happened: A group of Dogeparty users on some group chat click or installed the same malware from another Dogeparty user, then this hacker proceeded to drain ETH and Dogeparty from their wallets and because the amount of XDP is high 175k the admins are now planning a fork.
Dogeparty is handling this very bad.
