News View Non-AMP

Crypto Hack Alert! Lottie Player Update Drains Wallets; Users at Risk

Published by
Qadir AK

A silent threat is lurking. On October 30, several major crypto platforms reported a surge of suspicious popups prompting users to link their wallets. This security breach was traced to a supply chain attack involving the popular Lottie Player animations library, used by well-known websites like Apple, Spotify, and Disney.

The question arises: How did such a widespread attack go unnoticed?

Details of the Supply Chain Breach

Hackers specifically targeted decentralized finance (DeFi) platforms, including 1inch and TEN Finance, by tampering with the Lottie Player JavaScript library. They accessed LottieFiles’ GitHub account after stealing authentication data from a senior software engineer.

The attackers then released three updates containing malware, which embedded popups into the library that urged users to connect their crypto wallets.

The hacked version of Lottie Player caused sites and apps to display popups that redirected users to the Ace Drainer crypto-draining tool. Unlike past attacks that relied on separate phishing links, this tactic delivered harmful ads directly through popular and trusted crypto applications, capitalizing on users’ trust.

LottieFiles’ Response

After identifying the breach, LottieFiles promptly removed the malicious updates and advised developers to upgrade to secure versions—either 2.0.4 or the latest 2.0.8. Jawish Hameed, VP of Engineering at LottieFiles, confirmed that the infected versions had been removed from GitHub repositories.

Everyone, Stay Alert!

Despite LottieFiles’ response, cybersecurity firms like Wiz and Blockaid caution that users should remain vigilant, as some platforms may still show the malicious popups if they continue using affected library versions.

Trusted software libraries have increasingly become targets for attackers. With a rise in security breaches and scams, platforms are encouraged to improve monitoring and regularly update systems to defend against similar risks in the future.

Protect yourself from the next big crypto hack. Share this Coinpedia article with your friends and family.

Qadir AK

Qadir Ak is the founder of Coinpedia. He has over a decade of experience writing about technology and has been covering the blockchain and cryptocurrency space since 2010. He has also interviewed a few prominent experts within the cryptocurrency space.

Recent Posts

Bitcoin Price Prediction 2025: Expert Says $160k Possible This Cycle

As Bitcoin continues to hover around the $100,000 mark, experts are debating just how high…

June 25, 2025

Ripple vs SEC Lawsuit Update: New Ruling Expected, But It Won’t Decide XRP’s Future

The long-running legal battle between Ripple and the U.S. SEC is once again making headlines.…

June 25, 2025

These 2 Tokens That Are Not Dogecoin (DOGE) and Shiba Inu (SHIB) Will Turn $200 into $10,000 in 2025

While Dogecoin (DOGE) and Shiba Inu (SHIB) remain the OG giants of the meme space,…

June 25, 2025

James Wynn Goes All In on Shorts, Calls Market Pump “Completely Fake”

James Wynn, once known as a fearless crypto trader, is now making headlines again —…

June 25, 2025

What Crypto To Buy Now As the Markets Dip

Crypto markets are dipping, sparking curiosity about what crypto to buy now. Investors are eyeing…

June 25, 2025

Shiba Inu Price Prediction 2025, 2026 – 2030: Will SHIB Price Hit $0.00005?

Story Highlights The live price of SHIB memecoin is SHIB token price could reach a…

June 25, 2025