Crypto Hackers Strike Again: Lottie Player Compromised, Users Lose 10 BTC!

Share This Post

Radiant Capital Hack How a Multisig Flaw Led to a $50M Loss

The post Crypto Hackers Strike Again: Lottie Player Compromised, Users Lose 10 BTC! appeared first on Coinpedia Fintech News

In a major coordinated attack on the web3 space, on-chain sleuths discovered a massive supply chain attack on Lottie Player earlier today. According to the LottieFiles team, the attackers managed to plug in bugs into several Lottie Player versions – including 2.05, 2.06, and 2.0.7. Notably, the said versions were uploaded and published on GitHub’s npm platform.

“The unauthorized versions contained code that prompted for connecting to user’s crypto wallets. A large number of users using the library via third-party CDNs without a pinned version were automatically served the compromised version as the latest release,” the LottieFiles team noted

Immediate Mitigating Action

The LottieFiles team is currently investigating the incident as it is believed that a developer with the required privileges facilitated the attack. The LottieFiles team noted that it has published a new safe version dubbed 2.0.8, which is a copy of the original Lottie Player version 2.0.4.

Most importantly, the LottieFiles team has unpublished the compromised package versions from the npm platform to mitigate further damage.

Additionally, the LottieFiles team removed all access and associated service accounts of the impacted developer.

Impact of the Lottie Player Supply Chain Attack

According to the on-chain analysis platform Scam Sniffer, the Lottier Player supply chain attack compromised major decentralized applications (Dapps) led by 1inch (1INCH), and Movement network. With the attacker having the motive of draining users’ funds, the 1inch protocol has pledged to refund all the affected users through its network. 

Meanwhile, the 1-inch team has advised all affected users to revoke the ERC20 smart contract approvals from malicious addresses using revoke.cash to prevent further harm. According to on-chain data analysis, a web3 user lost 10 Bitcoins, worth over 720k, earlier today due to the Lottie Player supply chain attack.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

MicroStrategy plans $42 billion bitcoin expansion with bold ’21/21 Plan’

MicroStrategy has unveiled a bold three-year plan to raise $42 billion in capital aimed at expanding its Bitcoin holdings significantly, according to an Oct 30 statement Dubbed the “21/21

Toncoin Price Prediction 2024 – 2030: Will TON Price Hit $10 In Q4?

The post Toncoin Price Prediction 2024 – 2030: Will TON Price Hit $10 In Q4 appeared first on Coinpedia Fintech News Story Highlights The live price of the TON token is Toncoin price could hit

Solana records over 3x Ethereum DEX volume with 14 million transactions in past 24 hours

According to GeckoTerminal, Solana processed 14,185,459 transactions in the past 24 hours, surpassing Ethereum’s 268,621 transactions Solana’s total value locked (TVL) in decentralized

MicroStrategy Bitcoin Holdings Double as Company Adds 25,889 BTC in Q3 2024

The post MicroStrategy Bitcoin Holdings Double as Company Adds 25,889 BTC in Q3 2024 appeared first on Coinpedia Fintech News MicroStrategy, the biggest company holder of Bitcoin, recently shared its

Brazilian Central Bank Considers Taxing Stablecoin Remittances

The stablecoin boom in Brazil has caught the attention of the central bank, which is currently exploring several ways to tax stablecoin remittances, including issuing a special license for crypto

Bitcoin Consolidates Near ATH – Volume Suggests A Big Move Ahead

Bitcoin has been trading in a tight 4-hour range between $71,300 and $73,300 since Tuesday, setting the stage for a significant move in the coming days Analysts and investors closely watch this range