[ANN] Dogeparty, Counterparty for the Dogecoin blockchain! (official)

[nutildah]

End-of-year Dogeparty Wrap-Up

- uptime for the year was 99.9%
- new wallet updates make customizing your own fee easy & multisends even cheaper than before
- the Rare Doge project is set to permanently close for new submissions on Jan 1st
- a small but active community remains at the project's official Telegram
- you can check out what people have been buying by going to the Dispenses tab at tokenscan

In conjunction with others, I've been working on a decentralized complaints lodging system that will use Dogeparty in its backend. More details to follow.

Dogeparty has now been going close to 1 year longer than the original version! We at the Dogeparty Foundation are committed to ensuring that Dogeparty lives for decades to come.

To learn more about Dogeparty:

https://dogeparty.net/
https://x.com/DogepartyXDP
https://dogermint.com/dogeparty

[nutildah]

Want to win 2,000 DOGECOIN*?

Of course you do! Duh!!

Get your Dogeparty collection started with 2000 DOGECOIN* tokens, issued on Day 1 of Dogeparty (Aug 13, 2014) by Dogecoin OG LittleShibe.



Simply follow these instructions:

1. Follow us on Twitter.
2. Re-tweet the giveaway.
3. Leave a comment under the giveaway tweet with your Dogeparty address.

These steps will earn you 2,000 DOGECOIN*.

4. For an additional 2,000 DOGECOIN*, join our Telegram & write the words "here for dogecoin" along with your Twitter handle.

Tell yo wife, tell yo kids... everyone can join!

*note: this is not $DOGE but DOGECOIN, a Dogeparty token, so don't get mad & sue us.

[nutildah]

A mobile wallet app is finally coming to Dogeparty!

https://x.com/DogepartyXDP/status/1914518637135978863

The wallet is being developed by a Dogeparty OG who has experience developing apps for other cryptocurrencies.

When the community was asked what the #1 new development should be for Dogeparty, the answer was resoundingly a mobile wallet. This will make it easier for people to not only send & receive tokens but to show off their token collection IRL as well!

Feel free to join us on Telegram:

https://t.me/DogepartyXDP

[nutildah]

Its been a while since this thread was updated. But since the market seems to be gearing up for a NFT revival, I think its worth mentioning a few things about Dogeparty:

• As the launch date of this thread confirms, it first started in August 2014, and was the 3rd layer 1 tokenization protocol for a blockchain; the first 2 being Omni (Mastercoin) and Counterparty on Bitcoin.
• As such, it is home to several novel use cases for user-created tokens, such as the 1st gaming tokens (Dogeparty Runner) and the 2nd token to ever have an image associated with it (JOLLYROGER), which makes it a prototype of the modern-day NFT.
• Although the original incarnation died in 2016, it was relaunched by Counterparty developer J-Dog in 2021, who brought it back as an inexpensive way to make NFTs on top of Dogecoin.
• Along with a few other former Rare Pepe scientists, the Rare Doge series was launched, which is a collection of 1482 Doge-inspired NFTs created over the last 3 years.
• Thanks to an increase in the price of $DOGE, the Dogeparty Foundation treasury has enough funds to continue operation of the platform for at least 15 years! In an industry where rugs and scams are common, Dogeparty is a beacon of stability.

Come join us! We had some decent success in 2021-22, but were largely ignored by influencers the last cycle, which means many of our "grail" tokens are still quite undervalued; especially when compared to Ethereum NFTs created years later.

For more information, visit the Dogeparty homepage:

https://dogeparty.net/

For how to get started creating wallets & your own tokens:

https://dogermint.com/dogeparty/

The Dogeparty block explorer:

https://tokenscan.io/

On X:

https://x.com/DogepartyXDP

On Telegram:

https://t.me/DogepartyXDP

If you have any questions, feel free to ask!

[nutildah]

Happy 11th Birthday to Dogeparty!



This is the 4th birthday we've celebrated after the platform reboot in 2021. If you have a Dogewallet, feel free to take part in our 11th anniversary commemorative token giveaway on X:

https://x.com/DogepartyXDP/status/1955647324052701600

[nutildah]

We're deep in 2026 and Dogeparty is still going strong!

Its working for me too... Everything is there.

Anybody want to trade assets? Here's some I'm willing to part with, just PM me your dogeparty wallet address and I'll send you some:

COUNTERDOGE
DODGERDOGE
MANERO
SUPERSHIBE
HAPPYDOGE
WEBCOIN

and, look away if you are easily offended:

SHITCOIN
SCAMCOIN
CRAPCOIN

I'll give you lots to spread around.... diversify the stakeholders and whatnot.

Who woulda guessed that in addition to making the first SHITCOIN token I also made the first SCAMCOIN.

SHITCOIN original issuance transaction
https://dogeparty.tokenscan.io/tx/6091

on a regular Dogecoin explorer
https://sochain.com/tx/DOGE/c262c4c37571f3459f1944aa4db3bde3f52a019cc29e3babbecaaf74ab37834c

SCAMCOIN original issuance transaction
https://dogeparty.tokenscan.io/tx/17722

on a regular Dogecoin explorer
https://sochain.com/tx/DOGE/6d75255fd1ee240521ebebb68fbfdb7721ade78f6b6c43154b40a00fec0b0ba4

[nutildah]

Hello Ancient Protocol Enjoyers,

I am trying to bring new life to Dogeparty by constructing a mobile-friendly web wallet. The platform itself is still going strong, having been up for much longer since the reboot than its initial run lasted. It has a user-friendly API which is just waiting to be used in a creative fashion.

The code will be open source after I have a MVP to share with the public. I still have a lot of work to do but so far I can send both Dogecoin and Dogeparty tokens. I will be hosting everything out of pocket, so if you love Dogeparty and want new tools for the modern era, consider buying some tokens from my open dispensers (these are all 2014-minted tokens, with the exception of LFGAIR).

Thanks!

Nutildah's Dogeparty tokens, for sale by the creator:

Asset_Name_____________	More Information / Homepage_________________	Price
LFGAIR	https://dogeparty.tokenscan.io/asset/LFGAIR	20 DOGE Dispenser Link
DOSEQUIS	https://dogeparty.tokenscan.io/asset/DOSEQUIS	60 DOGE Dispenser Link
BENGALS	https://dogeparty.tokenscan.io/asset/BENGALS	250 DOGE Dispenser Link
MILLER	https://dogeparty.tokenscan.io/asset/MILLER	250 DOGE Dispenser Link
Dogeparty BitBowl Set	https://dogermint.com/dispensers/	300 DOGE Dispenser Link
Dogermint Starter Pack	https://dogermint.com/dispensers/	1000 DOGE Dispenser Link

[youwillbeinformed]

Something is happening and the community is not getting information from the officials channels, so i decided to write this to let everybody knows what's happening with Dogeparty.

On May 9 2026 one of the Admin posted on the official Telegram channel that " at least 5 Dogeparty wallets have been compromised in less than a months time. This has led to the theft of thousands of assets and over 110k XDP."

Another official statement from Dogeparty via X on May 21 2026 "A potential exploit in the original 2014 Dogeparty web wallet has been identified."

No forensics or audits have been made to the original 2014 Dogeparty web wallet, but the admins running Dogeparty got to the conclusion that this was the source of the hack without evidence or disclosing anything with facts to the public, they just assume that:

"Its not the fault of the browser. Its the fault of the wallet logic for allowing seed generation to proceed in the absence of the then newly-released window.crypto random number generator, falling back on bitcoin.js' SecureRandom function instead.

The problem is SecureRandom had a bug that wasn't known about until 2023:

https://www.kaspersky.com/blog/vulnerability-in-hot-cryptowallets-from-2011-2015/49943/"

Also it seems that information is being hidden to the community, like who the hacker or hackers are, or that they banned several users from the telegram chat accusing them of being the scammers.

The admins of the project are now discussing forking Dogeparty or doing something instead of taking the easiest approach that is talking to the hacker and buy back the coins he stole, the hacker is active trying to sell the coins he stole very cheap, one comment from one of members from the telegram channel:

"And just so we're clear, I do care about the problem, and I have put some of my own funds up to try to address the issue. I saw that the hacker that took some funds, set up dispensers and didn't really understood how they operated, and I saw that for $90, I could take back a huge portion of the stolen funds.... So I did so.... my own money.... as an individual community member."

-

Now lets look at the hackers motive, why he will target Dogeparty? a project that is almost dead since it was launched and a token XDP that cannot be traded in any exchange but only using Dogeparty? isnt that suspicious that he will target a small project and try to get a few dollars out of it? instead of targeting other web wallets with the same exploit?

For some members that are not vocal in the project right now, this is concerning, also the fact that some wallets hacked belong to admins, those working in a new web wallet application.

Another concerning thing is that not only Dogeparty wallets got hacked, one member says that another member got his ETH wallet drained at the same time "not only he lost his tokens but his eth wallet got hacked too"

And to make thing worst, it was discovered and exposed that some of the admins of Dogeparty are creating tokens on PumpFun who they pump and dump to earn creator rewards.

The community is now speculating what happened:

1.Some hacker exploited a vulnerability from the web wallet that affect old wallets, but only targeted a few and is trying to sell back the tokens back very cheap, but the managers refuse to buy them back and are discussing to fork the project instead. The hacker know there are many more wallets holding XDP, other tokens and Dogecoin, but he decides not to hack those wallets because he is ethical.

2. The admins developing the new wallet had poor security, exposed their private keys, and someone stole the coins.

3. The admins launching the PumpFun tokens got into a group chat, a link was shared, some admins click it and they got not only theirs Dogeparty hacked but also theirs ETH and probably other wallets.

4. Inside job to kill Dogeparty because the project isnt growing.


-

What answers we want:

1. taken from a member from the Dogeparty Telegram group:
Why the hacker only stole from few addresses instead of taking it all?
Only a few got hacked.
"Oh, it does? have the stats on how many XDP holders have wallets that were created in 2014 and have never moved them? You have stats on how long it takes to crack a single address using the entropy vulnerability? So you have those stats, so naturally you can project exactly how long it will take for a hacker to steal all of the XDP from all of their wallets that were in the initial Doge Party burn that haven't moved their XDP to a new wallet.... right? or do you just feel this is extreme and feel that something is at risk and so therefore you're going to very loudly exclaim your viewpoint that this affects everyone and that everyone is at risk and let everyone know the sky is falling when in reality (according to me), it's not."

2. Does the admins who got their wallets hacked did forensics to their machine to determine if they are not running malware installed when they click or install an application?

3. The private keys of the hacked wallets got imported into the new wallet Dogeparty is developing? why dont publish the source code so we can evaluate?

4. Explain why some Dogeparty Admins are active launching Pump and Dump coins on PumpFun, and how many of those admins got their Dogeparty wallets hacked.

-

What it really seems it happened: A group of Dogeparty users on some group chat click or installed the same malware from another Dogeparty user, then this hacker proceeded to drain ETH and Dogeparty from their wallets and because the amount of XDP is high 175k the admins are now planning a fork.



Dogeparty is handling this very bad.

[nutildah]

OK so you're talking about me in most of your references as the "admin"... I am a volunteer member of the Dogeparty Foundation, and I am a moderator in the Dogeparty Telegram chat. That is the extent of my "admin" involvement in Dogeparty.

I've been doing nothing but spending time figuring out what happened and gathering evidence for an IC3 report for the last two weeks. Its not fun, and nobody is happy.

The Dogeparty community is quite small and most active members are already aware of the situation, which is that several wallets created in 2014 showed unusual activity and then their contents were swept to new wallets belonging to the hacker. In all 6 known community members had the contents of their wallet swept, and there are at least 4 unknown victims whose addresses had been inactive since 2014.

The victims don't have anything in common with each other outside of creating a Dogeparty seed phrase using the original web wallet from 2014. The chances that everyone who got drained had malware on their computer is zero because some of these wallets have been forgotten about for over a decade.

A review of the randomness generation method used by the original Dogeparty web wallet revealed that it used a buggy version of bitcoin.js in some browsers. This caused seed phrases to be generated with much lower entropy than they were supposed to. As I said and in the link you quoted, the bug wasn't known until 2023, and none of us knew it was applicable to Dogeparty wallets even if we had known about it (we didn't).

I have since alerted every single party I know about that might be vulnerable to move their assets ASAP. What else do you think we should be doing?

If you are actually affected and want to help, feel free to give us some suggestions. Thanks.


Edited to answer your questions, which as I read them, I'm pretty sure are being asked in bad faith. But in case they're not, and to dispel potential FUD:

1. "Why the hacker only stole from few addresses instead of taking it all?
Only a few got hacked."

It could be that they purchase individual seed phrases with balances from somebody doing the actual hacking. It could be they are slowly combing through the entire list of possible seed phrases creatable using the buggy random number generator, and have only found a few so far. They could be working on taking it all as we speak. Or they might have stopped as there is zero financial incentive to continue at this point.

2. "Does the admins who got their wallets hacked did forensics to their machine to determine if they are not running malware installed when they click or install an application?"

I ran a Malware scan on my computer and it came back with results suggesting an altcoin QT wallet installer had infected my computer with malware. It turns out this was a false positive and I was too quick to assume this had anything to do with my problems, because an exploit of this level is far less likely to happen.

3. "The private keys of the hacked wallets got imported into the new wallet Dogeparty is developing? why dont publish the source code so we can evaluate?"

What? No. How would I have the private keys of the hacked wallets? Obviously I generated new keys for testing purposes. There's not enough development for it to be published, and to suggest this has anything to do with what's going on is nonsensical.

4. "Explain why some Dogeparty Admins are active launching Pump and Dump coins on PumpFun, and how many of those admins got their Dogeparty wallets hacked."

First of all we don't have "admins," we have one lead developer, J-Dog. There is another part-time developer named Javier. I am not an admin, and I've never launched a coin on PumpFun. I have received "creator rewards" for 3 tokens, which is a way for devs to acknowledge the source of inspiration behind a coin. I have never created, bought or sold any tokens on Solana.

Let's say for the sake of argument I was a bad boy and got what I deserved from clicking on a malware link shared with me by an evil PumpFun dev. How do you explain that addresses which have literally _never_ moved tokens are getting hacked?

[youwillbeinformed]

"OK so you're talking about me in most of your references as the "admin""

No, actually i don't know why are you replying to this if you're just a "volunteer member of the Dogeparty Foundation"
Please stop trying to derail the conversation here. Not everything is about you.
All you just wrote has no value in this conversation. You just wasted energy, and its not good for you.
It looks like you just want to cause a lot of noise and attract attention to yourself.
I have no interest in conversing with you further.
Feel free to have the last word.

-


But what you just said bring more concerns about the hack and the motive of the supposed "hacker"

"I've been doing nothing but spending time figuring out what happened"  Because the truth is that to hack a wallet with the Randstorm vulnerability is not as simple as its sound.
It needs, time and money, so assuming that the hacker targeted you with the Randstorm to steal useless $XDP instead of hacking Counterparty wallets with $BTC sounds delusional.
In the Counterparty community everything is normal.
Is not the end of the world there, no vulnerabilities, no hacks.
Dogeparty is a fork of Counterparty, that's all i have to say.

-

"Edited to answer your questions, which as I read them, I'm pretty sure are being asked in bad faith"

Your ego won't let you admit I'm not spreading FUD.

What usually happens when a DEFI project gets hacked: the project communicates with users, investigation, identify the hacker, communicate with the hacker so it can return part of the funds, do any patch necessary so the project wont die.

Whats happening with Dogeparty: No communication, just rumors, no investigation but assuming the hack targeted users who created the wallets with a vulnerability (unlikely this happened because what financial incentive have the hacker to steal XDP? NONE), no communication with the hacker; this can be done using memo, social media or telegram, instead members who have weight in the project started to advise to fork immediately.

The community start to ask questions and they get accused of "bad faith", but: What really happened? Why Counterparty isnt getting hacked? Why the hacker only target people launching tokens on PumpFun? Why someone also got his ETH wallet hacked at the same time?

The only incentive of this incident seems to be, fork Dogeparty. Wallets get drained everyday, its part of crypto so why dont just move on instead of using this supposed vulnerability to make Dogeparty centralized?

Not much left to be said here, some want us to believe that the hacker wasted his time and money to steal a few XDP on Dogeparty worth nothing instead of stealing BTC on Counterparty, Omni wallets or other web wallets with known vulnerability worth millions.

[nutildah]

Now I know you're just trolling me because nobody who ever used Dogeparty would compare it to a "DEFI project." You also keep repeating incorrect information to make wild speculations, which means you're not serious. All that stuff at the top = not serious.

The community was first alerted about a string of recent thefts on May 8th:

https://x.com/DogepartyXDP/status/2052887876153782516

After more information about the nature of the attack was digested, a more specific warning was made on May 20th:

https://x.com/DogepartyXDP/status/2057184331014316107

As far as disclosing information about the investigation into suspects is concerned, that would be a bad idea as its an ongoing investigation.

Not much left to be said here

Agreed.

[youwillbeinformed]

"I know you're just trolling me"

You keep hearing your name, it was ever mentioned?
If no one named you, ask yourself why you feel implicated.
The fact that you keep making this about yourself and not about Dogeparty is more revealing than anything.
This discussion concerns the DEFI Project Dogeparty, your attempt to insert yourself is irrelevant.
Unless you have something substantive to add, your replies serve no purpose.
You're a waste of everybody's time and you should be ashamed of yourself.

Dogeparty definition: DEFI Project
Is 100% correct

Accusing me of being a troll because nobody who uses Dogeparty would compare it to a "DEFI project" just demonstrates an attempt to derail the conversation from the main issue that the Randstorm vulnerability has nothing to do with the hack.

Alright, so its official. You're as relentless of a liar as you are useless.

In the Dogeparty documentation, Dogeparty is defined as: "the Dogeparty Project"
In Wikipedia Counterparty is defined as: "DeFi platform"

Go ahead and say I'm wrong again, surely that will improve your pathetic situation.

Dogeparty is a fork of Counterparty, so calling Dogeparty "DEFI project" is valid.

That denial reflects an avoidance of truth.

-

Lets be clear with something: anyone who ask questions about the DEFI Project Dogeparty is being tagged as fudder or troll and when that doesn't work is being accused of spreading "incorrect information to make wild speculations", this is typical what happens when someone is planning something sinister or is hidding the truth and try to silence the community, avoid accountability or transparency.

This has already been demonstrated here by the fact that I was accused simply for asking questions.

Something else i have to add is why "a volunteer member of the Dogeparty Foundation" with poor knowlage about how things work and who is also an aparent victim of this Randstorm vulnerability who was launching controversial Pump and Dump tokens on PumpFun and who was in contact with people in that enviroment who is known to be full of scammers is "gathering evidence for an IC3 report" in the name of Dogeparty?

Why not an independent entity does this?

[nutildah]

Summary of the Recent Dogeparty Attack: What is Known

13 Dogeparty addresses - 12 of which were generated in 2014 - were drained of their contents (unauthorized withdrawals) during the months of April and May 2026. This has resulted in the theft of approximately 104,000 XDP, 4,000 DOGE and thousands of user-created tokens, worth at least $200,000. While the first and second known victims attributed the hack to malware, none of the others report finding any malware.

Some known victims hadn't moved tokens in months or years. The wallets belonging to unknown victims had all been inactive since 2014:

DCAGHZx4XDweiat3D6mHB5pwah7HccrAS8 - https://dogeparty.tokenscan.io/tx/432323
DLCehPEmAZ8qR8FP5febWsppVQjAdkgKMX - https://dogeparty.tokenscan.io/tx/432324
DPd8z6LUeYiqMiR4GauaPuUbPjiiGMCg1s - https://dogeparty.tokenscan.io/tx/432326
D5PoBXcjnbUaimm7TnYr2zj5DvUmCL9iAD - https://dogeparty.tokenscan.io/tx/432327
DJ9Kz17j4axKD7kJvtn4c5m9ZhjyqYm57o - https://dogeparty.tokenscan.io/tx/432328
DGK4v4ZZjhAjYYngYZbUixMNodvKw54Yt5 - https://dogeparty.tokenscan.io/tx/432329
DRKBao1QMAg2z2Qijf3kRRzR1c5MuZh54s - https://dogeparty.tokenscan.io/tx/432330
DDzXqdS4oMMv55MUZDwF44aHt5qpAMKMMb - https://dogeparty.tokenscan.io/tx/432730

This makes a malware attack highly unlikely as none of the victims have anything in common beyond an old Dogeparty wallet.

(disclaimer: I used AI to generate a lot of the below as its a condensed version of hours of conversation and research)


Best Technical Explanation

Old Dogeparty web wallets generated mnemonic seeds in the browser. When those pages ran without the browser’s secure random API (for example, when the site was loaded over plain HTTP), the wallet code could fall back to an older, weak JavaScript RNG that produced far less entropy. An attacker reconstructed that weak RNG behavior, brute‑forced the much smaller seed space, found matching addresses on‑chain, and swept tokens and DOGE into attacker addresses. The attacker then consolidated, sold, and laundered proceeds (including using a service like FixedFloat).


How the compromise occurred

1. Intended secure flow

The wallet’s mnemonic code expects a cryptographically secure source of randomness. For example, the code explicitly calls the browser CSPRNG:

Code:

if (window.crypto && window.crypto.getRandomValues) { window.crypto.getRandomValues(this.random); } else if (window.msCrypto && window.msCrypto.getRandomValues) { window.msCrypto.getRandomValues(this.random); } else { var errText = "Your browser lacks a way to securely generate random values. Please use a different, newer browser."; bootbox.alert(errText); assert(false, errText); }  

That code shows the developer intended to use window.crypto.getRandomValues (or msCrypto) as the entropy source.

2. Real‑world failure mode

In 2014 browsers exposed window.crypto.getRandomValues only on secure origins (HTTPS, localhost, extensions). If the wallet page was loaded over HTTP, window.crypto was undefined.

The project bundled an older bitcoinjs/JS RNG implementation (minified into the shipped JS). That older RNG had a fallback path seeded with low‑entropy values (timestamps, Math.random, small pools) and was not cryptographically secure.

In practice the code path could continue and use that weak RNG instead of aborting, collapsing the effective entropy.

3. Consequence for seed strength

Intended entropy: 96 or 128 bits (9‑ or 12‑word mnemonics) → infeasible to brute force.

Actual entropy when the weak RNG was used: roughly 32–48 bits → brute‑forceable with modern compute and blockchain pruning.


Condensed Timeline of token and DOGE movements

2026‑04‑14 17:06–17:07 GMT → Small token transfers (499 XDP, 1,068 BACON, tiny BACONLOVER) moved into an attacker address DRsG7p....

2026‑04‑14 17:36–17:38 GMT → An “insufficient funds” attempt then the first sweep moved funds from a victim address (DP15m...) into attacker consolidation DF7fa7M....

2026‑04‑14 18:02 GMT → 473 DOGE moved from DP15m... to attacker address DRsG7p... (on an external explorer record).

2026‑04‑14 18:09–18:17 GMT → Additional sweeps from other victim addresses into attacker consolidation addresses (DF7fa7M..., DRsG7p...).

2026‑04‑19 09:35–09:57 GMT → Multiple sweeps (3rd, 4th, 5th) and many token transfers (GANESHA, FLOWCOIN, MILKYWAY, BACKPACK, TURNTABLE) consolidated into D8UCFi.... Small DOGE amounts also moved into that same consolidation address.

2026‑04‑27 → 04‑28 → Large bursts of token sweeps: many XDP transfers (10k–28k), large TACOS, JOODOGE, SHITCOIN, and other tokens moved into attacker addresses such as DNn6rm3... and DPU1qms.... The attacker opened an XDP dispenser and placed XDP/DOGE orders (indicating active monetization of stolen tokens).

2026‑05‑02 → 05‑13 → Repeated sweep waves (6th–9th sweeps) into a small set of consolidation addresses DKcJuxM... and others. Attacker listed stolen assets for sale and continued moving funds.

2026‑05‑26 → Consolidation address DkcJux... sent funds to a FixedFloat deposit address (an on‑ramp service), indicating conversion of DOGE into other assets or fiat rails.

2026‑05‑31 → 06‑01 → Further sweeps and final consolidations; multiple attacker addresses sent funds to FixedFloat or other exchange deposit addresses for cash‑out.

Pattern to note: many dormant victim addresses were reactivated in short windows, funds were swept into a small set of aggregator addresses, and those aggregators then sent funds to conversion services (FixedFloat / exchanges).


Forensic indicators (how to spot affected addresses)

Dormant reactivation: an address with no outgoing transactions for years that suddenly sends all funds.

Many small victims → few aggregators: dozens of different victim addresses all send to the same consolidation addresses.

Repeated use of the same aggregator addresses across different victims and dates.

Deposits to known on‑ramp addresses (FixedFloat or exchange deposit addresses) shortly after consolidation.

Token dispenser / sale activity from attacker addresses (placing orders, opening dispensers, listing stolen tokens for sale).

Evidence of phishing or malware reported in 2 of up to 13 victims, while most drained addresses have not shown activity since 2014. This suggests systemic key compromise rather than endpoint compromise.


What victims and the community should do now (practical steps)

For individual users who used the old Dogeparty web wallet:

 - Assume compromise if your mnemonic was created in 2014–2015 via the web wallet and the page may have been loaded over HTTP. Do not reuse that mnemonic.

 - Move any remaining funds only after generating a new seed with the latest version of Dogewallet.

 - Check addresses you control for the forensic indicators above; if you see reactivation, consider funds lost and report to exchanges if you can identify where proceeds were sent.


Full Timeline of Unauthorized Sweeps, Sends & Sales

TransactionID__	Date__________________	Event____________	Attacker / Receiver address
431072	2026-04-14 T17:06:14Z	499 XDP from DP15m...	DRsG7pwYWs9zHPYwiMYqioP3suqZK6dpuM
431073	2026-04-14 T17:07:39Z	1068 BACON from “ “	DRsG7pwYWs9zHPYwiMYqioP3suqZK6dpuM
431074	2026-04-14 T17:07:39Z	0.01000012 BACONLOVER from “ “	DRsG7pwYWs9zHPYwiMYqioP3suqZK6dpuM
431117	2026-04-14 T17:36:13Z	“invalid: insufficient funds”	DRsG7pwYWs9zHPYwiMYqioP3suqZK6dpuM
431124	2026-04-14 T17:38:29Z	1st sweep, from DP15m...	DF7fa7MSiGjGrxmQvdmPvnRNAtndr2pb4k
7011ea5ed...	14 Apr, 2026 18:02:30	473 DOGE from DP15m...	DRsG7pwYWs9zHPYwiMYqioP3suqZK6dpuM
431127	2026-04-14 T18:09:10Z	2nd sweep, from Dqj2ch...	DF7fa7MSiGjGrxmQvdmPvnRNAtndr2pb4k
431128	2026-04-14 T18:17:07Z	attacker sweeps to his own address	DRsG7pwYWs9zHPYwiMYqioP3suqZK6dpuM
431136	2026-04-19 T09:35:09Z	3rd sweep, from D5jES1...	D8UCFim8wxSwR9QQ4yYmRgG88QBTmvkQtz
431137	2026-04-19 T09:35:09Z	4th sweep, from DjsLSH..	D8UCFim8wxSwR9QQ4yYmRgG88QBTmvkQtz
431138	2026-04-19 T09:42:58Z	21 GANESHA from D5qRZ...	D8UCFim8wxSwR9QQ4yYmRgG88QBTmvkQtz
431142	2026-04-19 T09:46:08Z	28M FLOWCOIN from DbmQjL..	D8UCFim8wxSwR9QQ4yYmRgG88QBTmvkQtz
e5144ba0...	19 Apr, 2026 09:47:29	48 DOGE from D5qRZ... to D8UCF...	D8UCFim8wxSwR9QQ4yYmRgG88QBTmvkQtz
431144	2026-04-19 T09:50:26Z	2 MILKYWAY from DSXCVG...	D8UCFim8wxSwR9QQ4yYmRgG88QBTmvkQtz
431145	2026-04-19 T09:50:26Z	2300 BACKPACK from DLHono	D8UCFim8wxSwR9QQ4yYmRgG88QBTmvkQtz
431151	2026-04-19 T09:57:02Z	5th sweep, from DLHono...	D8UCFim8wxSwR9QQ4yYmRgG88QBTmvkQtz
431153	2026-04-19 T10:02:40Z	4 TURNTABLE from DERaFo...	D8UCFim8wxSwR9QQ4yYmRgG88QBTmvkQtz
403f947...	19 Apr, 2026 10:02:40	40 DOGE from DERaF... to D8UCF...	D8UCFim8wxSwR9QQ4yYmRgG88QBTmvkQtz
432308	2026-04-27 T16:52:05Z	200k TACOS from Dhsxof...	DUL5zQbKF9CG4P7ME2bRjdCexCA893mkkK
432309	2026-04-27 T17:03:08Z	0.03 BACONLOVER from “ “	DEQpYA1KDUp2kiybDZwgKc7gkK8pm8eYeZ
432310	2026-04-27 T17:03:08Z	44 GOLDENSHIBE from “ “	D9J6XbeDCYqbV8T5VaH56aa54za5ViejtG
432311	2026-04-27 T17:04:13Z	31k JOODOGE from “ “	DECuFZ4aBVm83fNZG2TNESHgETGfkDsP1u
432312	2026-04-27 T17:06:32Z	2.6M SHITCOIN from “ “	DJBtiHEB8eR1HM2KgA1zyQPR4KdjFrEoFz
432319	2026-04-27 T19:04:28Z	153 XDP from “ “	DNn6rm3Nyj1Cv2P5C1YmYbd2PrdHQod2Nx
432320	2026-04-27 T19:32:48Z	379 BITBEG from DasXru...	DNn6rm3Nyj1Cv2P5C1YmYbd2PrdHQod2Nx
432322	2026-04-27 T20:01:12Z	14 XDP from “ “	DNn6rm3Nyj1Cv2P5C1YmYbd2PrdHQod2Nx
432323	2026-04-28 T03:37:22Z	28k XDP from DCAGH...	DNn6rm3Nyj1Cv2P5C1YmYbd2PrdHQod2Nx
432324	2026-04-28 T04:40:28Z	15k XDP from DLCeh...	DPU1qmsXWZmxuD8NcxmxjsLz21NuQAr45o
432325	2026-04-28 T04:50:55Z	attacker opens XDP dispenser	DPU1qmsXWZmxuD8NcxmxjsLz21NuQAr45o
432326	2026-04-28 T05:02:17Z	15k XDP from Dpd8z6...	DPU1qmsXWZmxuD8NcxmxjsLz21NuQAr45o
432327	2026-04-28 T05:06:47Z	15k XDP from D5PoBX...	DPU1qmsXWZmxuD8NcxmxjsLz21NuQAr45o
432328	2026-04-28 T05:17:16Z	10K XDP from DJ9Kz1..	DPU1qmsXWZmxuD8NcxmxjsLz21NuQAr45o
432329	2026-04-28 T05:27:16Z	10k XDP from DGK4v4...	DPU1qmsXWZmxuD8NcxmxjsLz21NuQAr45o
432330	2026-04-28 T05:33:04Z	11k XDP from DRKBao1...	DPU1qmsXWZmxuD8NcxmxjsLz21NuQAr45o
432394	2026-04-28 T14:04:34Z	attacker places XDP/DOGE order	DPU1qmsXWZmxuD8NcxmxjsLz21NuQAr45o
432396	2026-04-28 T14:46:26Z	attacker send XDP w/ “bonus for 1st sale” memo	DBNapxtkJohYvxp7hYkpdLqn5GDo6dSnn4
432407	2026-04-28 T16:54:03Z	attacker send XDP w/ “bonus” memo	DBNapxtkJohYvxp7hYkpdLqn5GDo6dSnn4
432421	2026-04-28 T18:47:21Z	DBNapx.. sends 1 HOLOGRAPHIC to attacker	DPU1qmsXWZmxuD8NcxmxjsLz21NuQAr45o
2e58627...	02 May, 2026 04:01:01	2000 DOGE from DPU1qr... to unknown exchange	DACKLTTzQx5ZHLpiiTYnV5VReJPgNGfAyp
432728	2026-05-02 T04:48:20Z	1 BALDTDOGE from Dhsxof...	DNn6rm3Nyj1Cv2P5C1YmYbd2PrdHQod2Nx
432730	2026-05-02 T05:30:55Z	DdzXqdS... sends XDP to Dhsxof...	DHsxofo6HGPzYiadB6ZtqnDfua3b3SPXC9
432731	2026-05-02 T05:37:15Z	6th sweep, from Dhsxof...	DKcJuxMgcmLaDVLuVwMLK8xGWvh1vAZzjn
432732	2026-05-02 T07:17:00Z	DpfPQU... sends XDP to DasXru...	DAsXru3h2CVrKN6QhuncmJ15Jr8EhYk7gt
432733	2026-05-02 T07:21:08Z	7th sweep, from DasXru...	DKcJuxMgcmLaDVLuVwMLK8xGWvh1vAZzjn
433589	2026-05-04 T20:41:11Z	8th sweep, from DpfPQU...	DKcJuxMgcmLaDVLuVwMLK8xGWvh1vAZzjn
433591	2026-05-04 T22:12:14Z	attacker opens XDP dispenser	DNn6rm3Nyj1Cv2P5C1YmYbd2PrdHQod2Nx
434126	2026-05-13 T00:00:03Z	9th sweep, from DHDNBT...	DKcJuxMgcmLaDVLuVwMLK8xGWvh1vAZzjn
29864b7...	13 May, 2026 11:10:19	DPU1qm... sends 20 DOGE to DkcJux...	DKcJuxMgcmLaDVLuVwMLK8xGWvh1vAZzjn
628d82...	2026-05-13T21:07:11Z	attacker puts more stolen assets up for sale	DKcJuxMgcmLaDVLuVwMLK8xGWvh1vAZzjn
434366	2026-05-17 T04:01:39Z	10th sweep, from DfhWW2...	DKcJuxMgcmLaDVLuVwMLK8xGWvh1vAZzjn
186052c...	2026-05-18T06:40:31Z	attacker dispenser purchase by community member	DKcJuxMgcmLaDVLuVwMLK8xGWvh1vAZzjn
9b59598...	26 May, 2026 11:43:02	DkcJux... sends funds to FixedFloat deposit address	DA3hh8mfX98MqVtMEGBKoD4BL8VHGY6aUn
9b3465e...	2026-05-31T16:30:13Z	129 XDP purchased from attacker by unknown	DNn6rm3Nyj1Cv2P5C1YmYbd2PrdHQod2Nx
436019	2026-06-01T06:03:11Z	DKcJux… sweeps wallet	D6mqcvZxXVV4GUi8k7bfu2D1Nh4DFkBFFf
436020	2026-06-01T06:25:28Z	DNn6rm… sweeps wallet	DQ8YPYroqKZo5nt3mXnyLCUG7KGXqBbWcF
7fe3805...	01 Jun, 2026 06:36:52	DNn6rm... sends funds to FixedFloat	DQDFPHPYQE3Th2wZ8E9fRwmfquLV73Dfbn

(more detailed technical report to follow)

[youwillbeinformed]

Dear Moderator, my post https://bitcointalk.org/index.php?topic=737231.msg66831101#msg66831101 was deleted for "Posting dox, 2-day ban"

I didn't dox anyone, i named anyone or posted any personal information.

This seems to be a retaliatory action by someone who wants me silenced for digging into the Dogeparty hack.

This is why i ask you kindly that if this post gets reported again for Dox, or any other rule from the forum, take a few minutes to read it, might be another attempt to remove this post to protect evil people who might want to hide financial crimes.

--

What happened?
- My previous post got removed for Dox, i didn't dox anyone.
From now on, i won't post links, names, usernames, or anything about anyone to protect myself from the forum rules.

If i stay between the forum rules the malicious actor might want to leave a negative trust in my account as a desperate attempt to damage my reputation (I don't understand well how it works, but seems like older members of this forum can leave negative trust to any other members for whatever reason, and this cannot be challenged).
I know it might happen and there is nothing i can do, i will stay focused in my investigation.

--

What i wrote in my previous post?

- The Telegram chat is dead because they banned many users without any reason, lost over 300 users in a month.
- There is only one person speaking in Telegram, seems to have become out of mind because he speaks to himself about the vulnerability he discovered.
- How Dogeparty is being mocked on Twitter.
- How this hack affected mostly only one person.
- The community deserves clear evidence, transparency, and answers.
- How the main goal of the hack is the destruction of Dogeparty.

--

In this new **Update** i want to bring your attention to the **REAL** Dogeparty **HACK**

Not the wallet randomness bs narrative that some malicious actors want to push.
(they believe if they say it 1000 times a lie will become truth)
- no, that's not how it works..

--

I ran Claude Opus 3 on the GitHub repo of the Dogeparty wallet and was able to find 9 vulnerabilities more, (all exploitable), is strange that the only one that matters is the Random bs but none of the others, don't you find this suspicious?
And if Claude Opus 3 was able to find 9 vulnerabilities in under 2 minutes, imagine what other more powerful model can find!

But first

Who is the Hacker?

- I believe the hacker is **** (name removed).

Why?

The hacker presented himself as an OG, someone who created the first Dogeparty assets, he gained status and reputation and he toke an important role, like managing social media accounts, etc.
At the beginning the hacker was really passionate about Dogeparty, he was honest and wanted Dogeparty to succeed, but something happened.
I investigated almost all active members of Dogeparty and none of them had a motive but one **** (name removed). This person seems to be recurring in gambling and substance addiction and seems to have a weakness for some type of women who he sends money regularly, this person don't own a house, own any kind of wealth or have a regular job like the others: **** (name removed), **** (name removed), **** (name removed), **** (name removed), **** (name removed), **** (name removed), **** (name removed), **** (name removed) who are members of Dogeparty and who might have access to the server where the hack occurred ( i will talk later about this right now, hold on).
The hacker for years tried to sell his Dogeparty assets without success, he then tried to sell them in other platforms by wrapping them in third party blockchains ratter than Dogecoin, but no one bought them, then he launched them on PumpFun but he only got less than $3000 rugging his own investors.

-

The main server of the project was hacked two months before the first wallet got drained.
In the same domain, also hosted the Dogeparty web wallet, used by many members of the community.
It makes sense because the hacker waited two months before start draining wallets, as he wanted to collect more seeds.

I don't have access to the server, but i can speculate how the hack happened.

- 1 Hacker get access to the server via ftp to a folder or any other method that allow him to access (maybe planted malware in the owner of the server), i believe was ****, someone from Dogeparty trusted by everyone, i dont believe was **** (name removed) because he has no motive and seems to be financially fine.

- 2 Hacker get access to the web wallet and insert a logger that saves seeds, he collect them, exploit later.

- 3 Then the hacker start to drain DOGE and tried to sell Dogeparty assets.

- 4 The hacker must done this so delicate and in perfect timing that no one notice it till is too late.

- 5 Then when the hack is discovered, **** (name removed) auto hack himself to play the victim and start pushing the narrative that was some randomness bs from 2014.

- 6 Everybody believes **** (name removed), because if not, gets censored from Telegram, banned, etc.

--

What's the motive?

Probably the motive was to take some DOGE out, but when the hacker realized that the amount he will get is little he then changed strategy.
He decided to hack himself.
He knew that the project was abandoned over a decade ago so he asked AI if the GitHub repo had a vulnerability.
He is trying to go for the Dogecoin Foundation funds, around $200k.
He will try to convince the Foundation that they must reimburse the his loss.
How he can do this?
Easy, destroy Dogeparty, tell everyone that the Random bs in the wallet since 2014 is the responsible of the hack, post everywhere, tell as many people as he can, even send unsolicited messages on Twitter to people who don't care and when no one is listening anymore he will talk to himself on Telegram.

Why im saying his motive is to destroy Dogeparty?
- Because he knows that the interest and liquidity in XDP was already razor thin. It will continue to be like this regardless of what path is taken.

He knows regardless of what happens, XDP is destinated to fail, so why not accelerate the process and gain some money in the downfall?

He had access to the server, installed a hacking script, toke over the web wallet, got seeds, drain them, then auto hack himself, play the victim, beg for a pay back for the stolen assets.

What's he is aiming for?

Dogeparty gets dissolved, he get reimbursed.

--

Now you probably are asking questions like: what im talking is bs!

As i was investigating, i came across important evidence that allow me see what the hacker did to steal the seeds from the Dogeparty server (i will post this evidence later in this forum, i hope i dont get banned, i want to gather more).

This is why, i ask **** (name removed) of the Dogeparty Foundation to revoke immediately access from the server to everybody and do the forensics necessary, you need to get IPs, logs, and if they were deleted then you might be able to recover with any recovery tool available like PhotoRec who runs in the Dogeparty server who has ubuntu 2.23.

--

Why im making speculations that the hacker might be **** (name removed)?

Because is the only person pushing the narrative that some bug from 2014 was exploited in 2026 to steal a couple of DOGE and some useless assets with no value, and anyone who contradict him is called a Fudder, and the motive is clear, he wants the money because he needs to send it to women and hes living under the poverty line.

Also seems like the hacker is a master in manipulative tactics, like twisting reality or playing the victim.