News View Non-AMP

Crypto Hack Alert! Lottie Player Update Drains Wallets; Users at Risk

Published by
Qadir AK

A silent threat is lurking. On October 30, several major crypto platforms reported a surge of suspicious popups prompting users to link their wallets. This security breach was traced to a supply chain attack involving the popular Lottie Player animations library, used by well-known websites like Apple, Spotify, and Disney.

The question arises: How did such a widespread attack go unnoticed?

Details of the Supply Chain Breach

Hackers specifically targeted decentralized finance (DeFi) platforms, including 1inch and TEN Finance, by tampering with the Lottie Player JavaScript library. They accessed LottieFiles’ GitHub account after stealing authentication data from a senior software engineer.

The attackers then released three updates containing malware, which embedded popups into the library that urged users to connect their crypto wallets.

The hacked version of Lottie Player caused sites and apps to display popups that redirected users to the Ace Drainer crypto-draining tool. Unlike past attacks that relied on separate phishing links, this tactic delivered harmful ads directly through popular and trusted crypto applications, capitalizing on users’ trust.

LottieFiles’ Response

After identifying the breach, LottieFiles promptly removed the malicious updates and advised developers to upgrade to secure versions—either 2.0.4 or the latest 2.0.8. Jawish Hameed, VP of Engineering at LottieFiles, confirmed that the infected versions had been removed from GitHub repositories.

Everyone, Stay Alert!

Despite LottieFiles’ response, cybersecurity firms like Wiz and Blockaid caution that users should remain vigilant, as some platforms may still show the malicious popups if they continue using affected library versions.

Trusted software libraries have increasingly become targets for attackers. With a rise in security breaches and scams, platforms are encouraged to improve monitoring and regularly update systems to defend against similar risks in the future.

Protect yourself from the next big crypto hack. Share this Coinpedia article with your friends and family.

Qadir AK

Qadir Ak is the founder of Coinpedia. He has over a decade of experience writing about technology and has been covering the blockchain and cryptocurrency space since 2010. He has also interviewed a few prominent experts within the cryptocurrency space.

Recent Posts

Cardano (ADA) Stumbles with 8% Drop, but Ruvi AI’s (RUVI) Token Takes Center Stage for Crypto Investors with 100% Bonus

The cryptocurrency market has once again found itself under the spotlight, with Cardano (ADA) seeing…

April 4, 2025

Is Pi Coin Headed to Zero Amid Rug Pull Fears?

Pi Coin has dropped to an all-time low of $0.51, marking an 83% drop since…

April 4, 2025

Grayscale Submitted S-1 Form for Solana ETF, But Staking Is Off the Table

Grayscale, the leading cryptocurrency asset manager, has officially submitted an S-1 form to the U.S.…

April 4, 2025

Dogecoin Price Prediction 2025, 2026 – 2030: Will DOGE Price Hit $1?

Story Highlights The price of Dogecoin today is . Dogecoin price may reach a maximum…

April 4, 2025

Cardano Price Prediction 2025, 2026 – 2030: Will ADA Price Hit $2?

Story Highlights The live price of the Cardano token is . ADA coin price could…

April 4, 2025

Solana Price Prediction 2025, 2026 – 2030: SOL Price Targets $500 Next?

Story Highlights Solana Price Today is . Solana price could reach a potential high of…

April 4, 2025