As an analyst with over a decade of experience in cybersecurity, I have seen my fair share of supply chain attacks and their devastating consequences. The recent compromise of several online crypto apps through a popular animation library is yet another stark reminder of why we must remain vigilant in our digital world.
On October 30, several cryptocurrency application websites experienced security breaches as hackers inserted harmful software into an upgrade for a frequently used and well-known animation tool.
1inch and TEN Finance decentralized finance applications displayed prompts to users to link their digital wallets. However, these requests were allegedly a disguise for the malicious actor known as “Ace Drainer,” according to a recent announcement by crypto security platform Blockaid on October 30th.
As an analyst, I would rephrase Gal Nagli’s explanation as follows: “I, as a security lead at cybersecurity firm Wiz, clarified that the recent compromise was due to a widespread attack on the Lottie Player library – a widely-used animation service for websites and applications, which counts tech giants like Apple, Spotify, and Disney among its users.
The attack is unique as it injected a malicious popup into a seemingly otherwise unaffected website. Attackers typically breach highly-followed social media accounts to trick followers into clicking phishing links on fake websites.
Jawish Hameed, who serves as the Vice President of Engineering at LottieFiles (the company responsible for the animations library), posted on GitHub that the impacted library versions have been deleted. He strongly recommended users to update to the most recent version.
He said that attackers compromised the GitHub account of a LottieFiles’ senior software engineer and pushed three malicious updates in three hours, adding it had “removed the compromised account access.”
According to Wiz’s Nagli, users have encountered a warning for malicious cryptocurrency wallet connections on various well-known sites scattered throughout the web.
It appears that the initial purpose of the cyber-attack was to hit significant cryptocurrency sites which rely on this particular library, as he pointed out.
Nagli warned that websites that still use the affected library versions “are probably still vulnerable,” saying users should check if sites are using the non-malicious packages — either version 2.0.4 or the latest 2.0.8.
LottieFiles did not immediately respond to a request for comment.
Crypto-Sec: 2 auditors miss $27M Penpie flaw, Pythia’s ‘claim rewards’ bug
Read More
- DYM PREDICTION. DYM cryptocurrency
- CYBER PREDICTION. CYBER cryptocurrency
- ZK PREDICTION. ZK cryptocurrency
- JASMY PREDICTION. JASMY cryptocurrency
- POPCAT PREDICTION. POPCAT cryptocurrency
- Top gainers and losers
- SKEY PREDICTION. SKEY cryptocurrency
- TURBO PREDICTION. TURBO cryptocurrency
- RUNE PREDICTION. RUNE cryptocurrency
- GEOD PREDICTION. GEOD cryptocurrency
2024-10-31 05:21