Lottie Player Exploit Breaches Crypto Wallet Security, DeFi Apps at Risk

• Hackers exploit Lottie Player, compromising wallets on trusted DeFi sites like 1inch. Avoid connecting wallets until secure.
• Updated Lottie Player 2.0.8 cleans the exploit; wallet holders should revoke permissions if linked to affected sites.
• Attackers used Ace Drainer to hijack wallets. Users should stay cautious with permissions and only connect when needed.

A severe vulnerability in the Lottie Player JavaScript library has compromised numerous websites, including DeFi giant 1inch. The exploit, discovered on October 30, enables attackers to initiate harmful wallet connections, exposing users to potential losses. 

The hack prompts connection requests from popular wallets like MetaMask, WalletConnect, and others. Consequently, users are warned to avoid connecting wallets on suspicious sites until the threat subsides.

Unpacking the Lottie Player Breach

The exploit affected Lottie Player versions 2.0.5 and above, distributing malware-laced popups urging users to connect wallets to fraudulent sites. These malicious popups redirected users to Ace Drainer, a crypto-draining tool specifically designed to empty wallets. 

Unlike past phishing scams that depended on external links, this attack directly infiltrated trusted applications. Major platforms, including TryHackMe, experienced these popups, though they mitigated the risk by reverting to an older version of Lottie Player.

Additionally, LottieFiles reported that compromised versions of NPM were released using a developer’s hijacked access credentials. These versions, embedded with malware, allowed attackers to redirect users to crypto-draining services. Wallet owners who engaged with the hacked links now face potential losses, especially if they fail to revoke permissions.

Swift Response and Updates from LottieFiles

In response, LottieFiles released a clean version, 2.0.8, and unpublished compromised versions. Jawish Hameed, VP of Engineering at LottieFiles, confirmed these infected files had been removed from GitHub. 

The company has since revoked all developer tokens and engaged cybersecurity experts for an ongoing investigation. Importantly, LottieFiles clarified that other resources, like its SaaS services and GitHub libraries, remain unaffected.

Read CRYPTONEWSLAND on google news

Besides containing the breach, LottieFiles advised users to update to secure versions (either 2.0.4 or the latest 2.0.8) immediately. Many site owners responded by deleting compromised scripts, ensuring they do not prompt wallet connections.

Increasing Caution Amid Crypto Bull Market

This breach highlights rising security concerns as the next crypto bull market gains momentum. Wallet security, especially avoiding automatic connection requests, remains critical for users. Blockchain monitoring tool Scam Sniffer documented a $723,000 Bitcoin loss, emphasizing the exploit’s high stakes.

Staying vigilant and adopting minimal permissions for crypto wallets is advised to reduce exposure to future threats. As investigations continue, LottieFiles is expected to release further updates on the breach.