LottieFiles disclosed a supply chain compromise that could potentially result in asset theft by enticing users to connect crypto wallets with malicious code
LottieFiles, a platform that facilitates the creation of animations by designers and developers, has issued a warning regarding a security lapse involving its npm package. This breach may expose users to malicious code that is intended to compromise crypto wallets.
LottieFiles announced in an X post on Oct. 31 that the affected versions — Lottie Web Player 2.0.5, 2.0.6, and 2.0.7 — were published on Oct. 30.
This announcement prompted immediate concern after numerous user reports surfaced regarding unusual code injections. LottieFiles responded to the threat by releasing a new version, 2.0.8, which reverted to the secure code.
“A large number of users using the library via third-party CDNs without a pinned version were automatically served the compromised version as the latest release.” – LottieFiles
LottieFiles suggests that end users be informed about the potential fraudulent wallet connection prompts associated with the Lottie-player if they are unable to update. Users may also choose to continue using version 2.0.4 in order to mitigate potential risks.
LottieFiles cautioned that applications that utilize the compromised npm package may inadvertently prompt users to connect their crypto wallets, thereby creating opportunities for larceny.
The firm has confirmed that the developer account associated with the malicious uploads has been deactivated and the associated tokens have been revoked in order to prevent any additional unauthorized activity. However, the complete extent of the attack is still unknown.
Shytoshi Kusama hints at the launch of the TREAT token, aimed at strengthening Shiba Inu’s ecosystem with trust, governance, and…
SHIB's burn rate soared over 4100% today as the crypto market rallied, with leading analysts suggesting a potential Shiba Inu…
Analysts predict Ether price could reach a $20,000 cycle top, with momentum building in early 2025. In the upcoming weeks,…
Elon Musk scored a significant win against the US SEC as the court rejected the Commission's request to sanction him.…
Coin Center notes that the Trump administration favors crypto but warns that ongoing cases may pose challenges for investors and…
OpenAI Inc. has awarded a grant to Duke University researchers for a project called "Research AI Morality," according to a…