Subscribe for notification
Crypto

LottieFiles Warns Users of Crypto Security Threats

LottieFiles disclosed a supply chain compromise that could potentially result in asset theft by enticing users to connect crypto wallets with malicious code

LottieFiles, a platform that facilitates the creation of animations by designers and developers, has issued a warning regarding a security lapse involving its npm package. This breach may expose users to malicious code that is intended to compromise crypto wallets.

LottieFiles announced in an X post on Oct. 31 that the affected versions — Lottie Web Player 2.0.5, 2.0.6, and 2.0.7 — were published on Oct. 30.

This announcement prompted immediate concern after numerous user reports surfaced regarding unusual code injections. LottieFiles responded to the threat by releasing a new version, 2.0.8, which reverted to the secure code.

“A large number of users using the library via third-party CDNs without a pinned version were automatically served the compromised version as the latest release.” – LottieFiles

LottieFiles suggests that end users be informed about the potential fraudulent wallet connection prompts associated with the Lottie-player if they are unable to update. Users may also choose to continue using version 2.0.4 in order to mitigate potential risks.

LottieFiles cautioned that applications that utilize the compromised npm package may inadvertently prompt users to connect their crypto wallets, thereby creating opportunities for larceny.

The firm has confirmed that the developer account associated with the malicious uploads has been deactivated and the associated tokens have been revoked in order to prevent any additional unauthorized activity. However, the complete extent of the attack is still unknown.

Hillary Ondulohi

Hillary is a media creator with a background in mechanical engineering. He leverages his technical expertise to craft informative pieces on protechbro.com, making complex concepts accessible to a wider audience.

Disqus Comments Loading...

Recent Posts

Crypto Companies Could See More US Listings if Trump Wins

According to a research report from HTX Ventures, the trend of crypto companies departing the United States could be halted,…

5 hours ago

Metaplanet Joins Global Equity Index

Metaplanet Inc., a Japanese investment firm, has been admitted to the CoinShares Blockchain Global Equity Index (BLOCK Index). Prominent publicly…

5 hours ago

Major South Korean Banks Join CBDC Pilot

The central bank's CBDC pilot, which is rapidly expanding, has attracted the participation of numerous prominent South Korean banks and…

5 hours ago

BTC Plummets, Mt.Gox Sends $2.2B in Bitcoin to 2 Wallet

After first going to a Mt.Gox cold wallet, most of that stash—nearly 30,400 bitcoin BTC—was sent to "1FG2C…Rveoy," and 2,000…

9 hours ago

Firms Unveil Global Dollar Stablecoin Network

Major banking firms launched the Global Dollar Network, a regulated platform designed to accelerate stablecoin adoption worldwide. Crypto and traditional…

9 hours ago

Sky Co-Founder Proposes No New Token Emissions

Rune Christensen, co-founder of Sky (formerly MakerDAO), proposes a strictly deflationary model to stop token emissions, in line with MakerDAO’s…

22 hours ago