2024

Read

LottieFiles revealed a supply chain compromise in which malicious code could lure users into connecting crypto wallets, potentially leading to asset theft.
LottieFiles, a platform that enables designers and developers to create animations, has issued a warning regarding a security breach involving its npm package, which may expose users to malicious code designed to compromise crypto wallets.
<figure class="wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter">
 <div class="wp-block-embed__wrapper">
 <blockquote class="twitter-tweet" data-width="550" data-dnt="true">
 Incident Response for Recently Infected Lottie-Player versions 2.05, 2.06, 2.0.7 Comm Date/Time: Oct 31st, 2024 04:00 AM UTC Incident: On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player…— LottieFiles (@LottieFiles) <a href="https://twitter.com/LottieFiles/status/1851848602093777273?ref_src=twsrc%5Etfw" target="_blank" rel="noopener noreferrer nofollow">October 31, 2024</a>
 </blockquote>
 <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
 </div>
</figure>
In <a href="https://twitter.com/LottieFiles/status/1851848602093777273" target="_blank" rel="noopener noreferrer nofollow">an X post</a> on Oct. 31, LottieFiles said that the affected versions — Lottie Web Player 2.0.5, 2.0.6, and 2.0.7 — were released on Oct. 30, prompting immediate concerns after multiple user reports surfaced about strange code injections. In response to the threat, LottieFiles released a new version, 2.0.8, reverting to the secure code.
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
 “A large number of users using the library via third-party CDNs without a pinned version were automatically served the compromised version as the latest release.”
 LottieFiles
</blockquote>
You might also like: <a rel="noopener noreferrer nofollow" href="https://crypto.news/web3-anti-scam-sleuth-uncovers-phishing-attack-that-drained-4-2m-using-a-malicious-opcode/"> Web3 anti-scam sleuth uncovers phishing attack that drained $4.2m using a malicious opcode </a>
For those unable to update, LottieFiles recommends informing end users about potential fraudulent wallet connection prompts associated with the Lottie-player. Users may also opt to remain on version 2.0.4 to avoid risk.
LottieFiles warned that applications using the compromised npm package may inadvertently prompt users to connect their crypto wallets, opening avenues for potential theft. The developer account linked to the malicious uploads has been stripped of access, and related tokens have been revoked to halt any further unauthorized activity, the firm added, though the full extent of the attack remains unknown.
Read more: <a rel="noopener noreferrer nofollow" href="https://crypto.news/github-repository-exposed-binances-internal-passwords-and-code/"> GitHub repository exposed Binance’s internal passwords and code </a>

SaaS animation platform LottieFiles alerts users to crypto threats

crypto.news

Other articles published on Oct 31, 2024

Judge sentences IcomTech promoter to 8 years to deter ‘crypto frauds’

Cybro presale gains momentum, drawing AVAX, TRX holders with potential for rapid gains

Why CYBRO’s Presale Is Gaining Traction Among Top XRP Investors

Michael Saylor’s MicroStrategy Announces $42 Billion Plan To Increase Bitcoin Holdings

Vote for Donald (VOTEDON) Solana Memecoin Will Explode Over 14,000% Before Exchange Listings, Whi...

Market Report – Is a Recession Coming?

Join our free newsletter for daily crypto updates!