Crypto Hack: Lottie Player Breach Leads to Crypto Wallet Draining

Share This Post

Celebrity Crypto Scam

The post Crypto Hack: Lottie Player Breach Leads to Crypto Wallet Draining appeared first on Coinpedia Fintech News

On October 30, numerous significant crypto platforms observed an influx of dangerous popups that encouraged users to link their wallets. Information about the unauthorized access originated from a supply chain attack on the widely used Lottie Player animations library. 

This JavaScript library which is used by popular websites including the ones run by Apple, Spotify, and Disney was manipulated to include a crypto-draining popup that targeted decentralized finance (DeFi) projects like 1inch and TEN Finance.

The details of the supply chain breach

LottieFiles’ GitHub account was attacked by obtaining a senior software engineer’s authentication data after which the attackers quickly released three updates containing malware in all. 

Consequently, any site or app incorporating the hacked version of Lottie Player flooded the users with popups that led them to the said Ace Drainer crypto drainer. This approach was a departure from those previous methods, as it was essentially serving users ads through their favourite and most reliable crypto applications as opposed to sending out phishing links on other apps.

Industry response and security recommendations

When the attack was identified, LottieFiles deleted the malicious update and advised application developers to update to either the safer 2.0.4 version or the most recent 2.0.8 version of the library. Engineering vice-president at LottieFiles Jawish Hameed corroborated these changes, reimbursing that the afflicted versions had been removed from GitHub repositories. 

Cybersecurity companies such as Wiz and Blockaid have discouraged users from relaxing, saying that some crypto websites may still show the malicious popup even when using the affected library versions.

Recently there has been growing use of trusted SLPs as attackers rely on them more often. Since the instances of scams and security breaches are on the increase, the platforms are encouraged to enhance the monitoring activities and include frequently updates to protect against other related threats in future.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Bitcoin Tokens Have Only Been Getting Older This Bull Run, Analyst Reveals

An analyst has explained how the age of the average Bitcoin token has only been getting older during the recent bull run, something that could be bullish for the asset’s price Bitcoin Average

Citi Predicts Crypto Surge in 2025, Driven by Trump Policies and ETF Inflows

Citi analysts forecast strong crypto growth in 2025, driven by Trump’s policies, rising ETF inflows, and stablecoin innovation, signaling a bullish outlook for bitcoin and defi Citi’s 2025

Rising crypto scams in France trigger crackdown by authorities

The rise of crypto has become a breeding ground for financial scams in France, contributing to a surge in fraudulent activity that has authorities scrambling to protect consumers The Paris Public

Bitcoin Crashes Back To $95,000 As Whale Exchange Inflows Exceed $3 Billion

Bitcoin has observed a sharp retrace to $95,000 in the past day as on-chain data shows whales have been busy depositing to exchanges Bitcoin Has Almost Entirely Retraced Its Gains From Christmas

South Korea Sees Crypto Boom: 30% of Population Now Owns Digital Assets

South Korea has seen a significant surge in cryptocurrency adoption, with the number of users jumping by 610,000 in November to reach 1559 million Trump Victory Sparks Renewed Interest in Crypto The

Bitcoin Reserve Idea Sparks Cautious Response From Japan PM: Report

According to a recent report by Japanese cryptocurrency publication CoinPost, Japan’s Prime Minister Shigeru Ishiba has taken a cautious stance on the proposal to establish a national Bitcoin (BTC)