LottieFiles disclosed a supply chain compromise that could potentially result in asset theft by enticing users to connect crypto wallets with malicious code
LottieFiles, a platform that facilitates the creation of animations by designers and developers, has issued a warning regarding a security lapse involving its npm package. This breach may expose users to malicious code that is intended to compromise crypto wallets.
LottieFiles announced in an X post on Oct. 31 that the affected versions — Lottie Web Player 2.0.5, 2.0.6, and 2.0.7 — were published on Oct. 30.
This announcement prompted immediate concern after numerous user reports surfaced regarding unusual code injections. LottieFiles responded to the threat by releasing a new version, 2.0.8, which reverted to the secure code.
“A large number of users using the library via third-party CDNs without a pinned version were automatically served the compromised version as the latest release.” – LottieFiles
LottieFiles suggests that end users be informed about the potential fraudulent wallet connection prompts associated with the Lottie-player if they are unable to update. Users may also choose to continue using version 2.0.4 in order to mitigate potential risks.
LottieFiles cautioned that applications that utilize the compromised npm package may inadvertently prompt users to connect their crypto wallets, thereby creating opportunities for larceny.
The firm has confirmed that the developer account associated with the malicious uploads has been deactivated and the associated tokens have been revoked in order to prevent any additional unauthorized activity. However, the complete extent of the attack is still unknown.
According to a research report from HTX Ventures, the trend of crypto companies departing the United States could be halted,…
Metaplanet Inc., a Japanese investment firm, has been admitted to the CoinShares Blockchain Global Equity Index (BLOCK Index). Prominent publicly…
The central bank's CBDC pilot, which is rapidly expanding, has attracted the participation of numerous prominent South Korean banks and…
After first going to a Mt.Gox cold wallet, most of that stash—nearly 30,400 bitcoin BTC—was sent to "1FG2C…Rveoy," and 2,000…
Major banking firms launched the Global Dollar Network, a regulated platform designed to accelerate stablecoin adoption worldwide. Crypto and traditional…
Rune Christensen, co-founder of Sky (formerly MakerDAO), proposes a strictly deflationary model to stop token emissions, in line with MakerDAO’s…