Crypto Hack: Lottie Player Breach Leads to Crypto Wallet Draining

Share This Post

Celebrity Crypto Scam

The post Crypto Hack: Lottie Player Breach Leads to Crypto Wallet Draining appeared first on Coinpedia Fintech News

On October 30, numerous significant crypto platforms observed an influx of dangerous popups that encouraged users to link their wallets. Information about the unauthorized access originated from a supply chain attack on the widely used Lottie Player animations library. 

This JavaScript library which is used by popular websites including the ones run by Apple, Spotify, and Disney was manipulated to include a crypto-draining popup that targeted decentralized finance (DeFi) projects like 1inch and TEN Finance.

The details of the supply chain breach

LottieFiles’ GitHub account was attacked by obtaining a senior software engineer’s authentication data after which the attackers quickly released three updates containing malware in all. 

Consequently, any site or app incorporating the hacked version of Lottie Player flooded the users with popups that led them to the said Ace Drainer crypto drainer. This approach was a departure from those previous methods, as it was essentially serving users ads through their favourite and most reliable crypto applications as opposed to sending out phishing links on other apps.

Industry response and security recommendations

When the attack was identified, LottieFiles deleted the malicious update and advised application developers to update to either the safer 2.0.4 version or the most recent 2.0.8 version of the library. Engineering vice-president at LottieFiles Jawish Hameed corroborated these changes, reimbursing that the afflicted versions had been removed from GitHub repositories. 

Cybersecurity companies such as Wiz and Blockaid have discouraged users from relaxing, saying that some crypto websites may still show the malicious popup even when using the affected library versions.

Recently there has been growing use of trusted SLPs as attackers rely on them more often. Since the instances of scams and security breaches are on the increase, the platforms are encouraged to enhance the monitoring activities and include frequently updates to protect against other related threats in future.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Bitcoin Price Forecast: Analyst Says Expect 98% Crash After Blow Off To $250,000, Here’s Why

A crypto analyst has forecasted a 98% Bitcoin price crash following a substantial rally to $250,000 Interestingly, the analyst is confident that Bitcoin will eventually reach this ambitious

Crypto Price Today (Oct 31st, 2024): Bitcoin Stays Idle at $72k, MOG Memecoin Surges 12.81%

The post Crypto Price Today (Oct 31st, 2024): Bitcoin Stays Idle at $72k, MOG Memecoin Surges 1281% appeared first on Coinpedia Fintech News The cryptocurrency market saw a slight dip in momentum

Bitcoin Price Soars: Will It Hit $80K Soon? OR Is It Too Late to Invest Now?

The post Bitcoin Price Soars: Will It Hit $80K Soon OR Is It Too Late to Invest Now appeared first on Coinpedia Fintech News Bitcoin is on fire! The price has soared to heights not seen since March,

Trump Expands Bitcoin Support With No Tax Promise For Digital Transactions

With just six days remaining until the US presidential election, former President Donald Trump has intensified his support for Bitcoin (BTC) and the broader crypto industry  In a recent statement

Binance Eyes Web3 Future Amidst Challenges at Dubai Blockchain Week

The post Binance Eyes Web3 Future Amidst Challenges at Dubai Blockchain Week appeared first on Coinpedia Fintech News During Binance Blockchain Week Dubai 2024, co-founder He Yi addressed Binance’s

TRON DAO Partners with Chainlink for Enhanced DeFi Data Security

The post TRON DAO Partners with Chainlink for Enhanced DeFi Data Security appeared first on Coinpedia Fintech News TRON DAO has joined the Chainlink SCALE program, designating Chainlink Data Feeds as