Crypto Hackers Strike Again: Lottie Player Compromised, Users Lose 10 BTC!

Share This Post

Radiant Capital Hack How a Multisig Flaw Led to a $50M Loss

The post Crypto Hackers Strike Again: Lottie Player Compromised, Users Lose 10 BTC! appeared first on Coinpedia Fintech News

In a major coordinated attack on the web3 space, on-chain sleuths discovered a massive supply chain attack on Lottie Player earlier today. According to the LottieFiles team, the attackers managed to plug in bugs into several Lottie Player versions – including 2.05, 2.06, and 2.0.7. Notably, the said versions were uploaded and published on GitHub’s npm platform.

“The unauthorized versions contained code that prompted for connecting to user’s crypto wallets. A large number of users using the library via third-party CDNs without a pinned version were automatically served the compromised version as the latest release,” the LottieFiles team noted

Immediate Mitigating Action

The LottieFiles team is currently investigating the incident as it is believed that a developer with the required privileges facilitated the attack. The LottieFiles team noted that it has published a new safe version dubbed 2.0.8, which is a copy of the original Lottie Player version 2.0.4.

Most importantly, the LottieFiles team has unpublished the compromised package versions from the npm platform to mitigate further damage.

Additionally, the LottieFiles team removed all access and associated service accounts of the impacted developer.

Impact of the Lottie Player Supply Chain Attack

According to the on-chain analysis platform Scam Sniffer, the Lottier Player supply chain attack compromised major decentralized applications (Dapps) led by 1inch (1INCH), and Movement network. With the attacker having the motive of draining users’ funds, the 1inch protocol has pledged to refund all the affected users through its network. 

Meanwhile, the 1-inch team has advised all affected users to revoke the ERC20 smart contract approvals from malicious addresses using revoke.cash to prevent further harm. According to on-chain data analysis, a web3 user lost 10 Bitcoins, worth over 720k, earlier today due to the Lottie Player supply chain attack.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Crypto Insiders Reveal Top 3 Altcoins Expected to Surpass 10,000% by 2025

The post Crypto Insiders Reveal Top 3 Altcoins Expected to Surpass 10,000% by 2025 appeared first on Coinpedia Fintech News Cryptocurrency insiders are buzzing about three emerging digital coins

Crypto Bull Run Ahead : JPMorgan Predicts Trump Victory Could Trigger Bitcoin and Gold Rally

The post Crypto Bull Run Ahead : JPMorgan Predicts Trump Victory Could Trigger Bitcoin and Gold Rally appeared first on Coinpedia Fintech News The US presidential election is creating a storm of

Asia emerges as new crypto developer powerhouse, leaving US behind

Asia has surpassed North America as the leading hub for crypto developers, according to a report from Electric Capital Maria Shen, partner at Electric Capital, pointed out that Asia has steadily

Canary Capital Files for Solana ETF to Provide Direct SOL Exposure

Canary Capital Group LLC has filed a registration statement with the US Securities and Exchange Commission (SEC) to introduce the Canary Solana ETF This exchange-traded fund (ETF) aims to give

Ripple CTO Embraces Meme Coin Trend on XRP Ledger

The post Ripple CTO Embraces Meme Coin Trend on XRP Ledger appeared first on Coinpedia Fintech News The Ripple CTO, David Schwartz, has recently voiced that he is enjoying the growing trend of meme

Security in Blockchain Development: Protecting Your Blockchain Networks, Applications, and Smart Contracts

The post Security in Blockchain Development: Protecting Your Blockchain Networks, Applications, and Smart Contracts appeared first on Coinpedia Fintech News As blockchain technology gains popularity,