Reports have registered the recent hacking and compromise of the Lottie Player animations library, which is used by many websites and apps across different industries, including cryptocurrency. This Ace Drainer cyberattack incident occurred on the 30th of October. The affected front-end sites were potentially for a number of high-profile decentralized finance (DeFi) apps, which saw an apparently fake wallet connection popup targeting users. By exploiting users’ vulnerability, the action enabled the Ace Drainer tool specifically designed to drain crypto, to deceive the users into connecting their wallets, putting their assets at risk.
This sophisticated attack highlights how vulnerable third-party libraries are and how dangerous it is for platforms as popular as 1inch and TEN Finance. The attacked version of the animation library has been removed, and app developers are asked to upgrade to a verified version to prevent repeated exploitation.
Malicious Popups Trigger Wallet Connections on DeFi Apps
The recent attack follows the malicious popups requesting wallet connections that were reported in various crypto apps by their users, exposing them to the crypto-draining malware. The crypto security platform Blockaid confirmed in an X post on October 30 that the deceptive popups were a result of the Lottie Player animations library’s hacking. According to Blockaid, malicious code was inserted into the hacked update, which created unauthorized prompts in the affected websites.
DeFi apps were specifically targeted. Since the users were likely to connect their crypto wallets, they were vulnerable to the crypto drainer. This is different from the usual targeted social media account hacking and illustrates how serious the crypto sector’s cybersecurity attack has become.
LottieFiles Removes Malicious Updates
LottieFiles the company behind the Lottie Player library said that the hackers got access through one of its senior engineer’s Github account and in just about 3 hours they were able to mount 3 different malwares. LottieFiles engineering VP Jawish Hameed posted on Github that the affected library versions have been taken down and users should update to the latest version to be safe.
Hameed said that access to the hacked Github account was suspended to prevent further attacks. However, cryptocurrency users should make sure the platform they are using is on 2.0.4 or the latest 2.0.8 to be safe from any other attacks.
Security Experts Warn of Potential Ongoing Risks
Sites may still be at risk if many continue to use older versions of the Lottie Player library, explains Gal Nagli, Wiz security lead. According to Nagli, these wallet prompts were appearing increasingly on high-traffic websites, signalling that the Ace Drainer attack was a broad-reaching one. Nagli said: “The original attack intent seemed focused on major crypto websites.”
Security experts advised that as long as some affected websites have not updated to safe versions of the Lottie Player, there could still be a chance for more wallets draining actions. The supply chain attack is another example of the challenges that decentralized platforms, which are built on widely used 3rd party services, are being exposed to.
Conclusion: More Security Needed as Cyber Threats Grow
The Ace Drainer attack on Lottie Player shows that not only unsecured but also trusted DeFi services can be entry points for bad actors. The hackers used a single vulnerability to hit multiple platforms at once, which shows how an interconnected service can be the source of a massive breach.
As DeFi grows, so do the attacks. Be careful when connecting your wallet, especially on platforms that have been hit by recent supply chain attacks. This is a reminder to practice good security when using third-party libraries and to update with safe versions as soon as malware is found.
TheBITJournal is available around the clock, providing you with updated information about the state of the crypto world. Follow us on Twitter and LinkedIn, and join our Telegram channel.