Oct 31, 04:24 PM

LottieFiles Confirms Supply Chain Attack on 'lottie-player' npm Package, Exposing Users to Crypto Wallet Drainer; Affects 1inch Users, October 31, 2024

LottieFiles has confirmed a supply chain attack that compromised its popular 'lottie-player' npm package, exposing users to a malicious crypto wallet drainer. This incident has raised significant cybersecurity concerns, particularly affecting developers who utilize the library. Reports indicate that users of platforms such as 1inch have experienced losses due to this attack. Security firms, including Blockaid, have detailed the attack's mechanics, noting their ability to detect and flag the issue within minutes. The vulnerability of the Lottie Player has prompted urgent calls for updates and security measures from affected users and developers.

#LottieFiles #1inch #Blockaid #Lottie Player

Written with ChatGPT (GPT-4o mini).

Sources

Infosec Alevski 💻🕵️‍♂️@Alevskey
1 year ago
LottieFiles confirmed a supply chain attack on Lottie-Player: https://t.co/nbULYUpn7N by Security Affairs #infosec #cybersecurity #technology #news
web3 is going just great@web3isgreat
1 year ago
Supply chain attack stemming from JavaScript animation library results in losses for users of 1inch and other platforms October 31, 2024 https://t.co/2kmPoc6lAU
SIRSU is going supernova ✈️💀🎩@sirsuhayb
1 year ago
My account was targeted as BLVKHVND, Parallel, and Crash assets were sold off including tokens of no value associated with these projects. Do not engage with my wallets. I will be posting a list of all of them https://t.co/wqQ8WZ0S0T

LottieFiles Confirms Supply Chain Attack on 'lottie-player' npm Package, Exposing Users to Crypto Wallet Drainer; Affects 1inch Users, October 31, 2024

Sources

Additional media

Similar Stories