Malicious Popups Hit Crypto Apps After Major Library Hack

Published:

Crypto users faced a new security threat on October 30 after hackers compromised the widely used Lottie Player animation library, spreading malicious popups through decentralized finance (DeFi) apps. These popups tricked users into connecting their wallets to a malicious entity known as “Ace Drainer,” a crypto-draining tool, according to Blockaid, a security platform that first reported the attack on X.

What Happened: How Lottie Player Was Compromised

Hackers managed to inject harmful code into the Lottie Player library, a service that provides animations for websites and apps and is used by major brands like Apple, Spotify, and Disney. Security experts identified the breach as a “massive supply chain attack,” making this case unique because the hackers embedded the malicious popups directly into legitimate, popular websites.

Gal Nagli, a security lead at cybersecurity firm Wiz, explained that the hack was executed through unauthorized updates posted to the Lottie Player GitHub account. Attackers gained access to a senior engineer’s GitHub account, pushing three harmful updates within hours. This quickly led Lottie Player’s development team to remove the compromised versions from GitHub and advise users to upgrade to secure versions of the library.

Impact on Crypto Apps and Users

Crypto apps like 1inch and TEN Finance experienced the malicious popups, urging users to connect their wallets. These popups were crafted to resemble standard wallet connection requests but were actually linked to the Ace Drainer, designed to siphon crypto from user accounts once connected.

Wiz’s Nagli noted that users encountered these harmful popups across multiple popular sites. The attacker’s goal, he suggested, likely involved targeting crypto-focused websites that use the Lottie Player library to access high-value assets.

Precautions and Recommended Actions

LottieFiles, the company behind the animation library, responded quickly by removing compromised library versions from its GitHub page. Jawish Hameed, LottieFiles’ engineering vice president, confirmed that the affected updates were no longer available. He advised users to install either version 2.0.4 or the latest 2.0.8 of the library, which are secure from this vulnerability.

For crypto users, the best action is to verify any popup requesting wallet connections, especially on crypto or financial websites. Crypto security experts recommend keeping software up-to-date and checking for any unusual activity in wallet applications.

LottieFiles has not yet responded to additional requests for comment, though its swift actions are seen as a critical first step in mitigating the damage from this widespread attack.

Adam L
Adam L
In the world of blockchain and cryptocurrencies, I have a great deal of passion and interest. My interest in blockchain and cryptocurrencies has led me to explore these technologies in greater depth, as I am interested in the potential implications they could have on the global economy.

Related News

Recent