News View Non-AMP

Lottie Player Crypto Hack: Major DApps Attacked, Users Lose $720K

Published by
Qadir AK
October 31, 2024

This comes as a major shock to the crypto industry.

In a major coordinated attack on the web3 space, on-chain sleuths discovered a massive supply chain attack on Lottie Player earlier today. The LottieFiles team reported that attackers injected malicious code into several versions of Lottie Player, including 2.05, 2.06, and 2.0.7, which were published on GitHub’s npm platform.

“The unauthorized versions contained code that prompted for connecting to user’s crypto wallets. A large number of users using the library via third-party CDNs without a pinned version were automatically served the compromised version as the latest release,” the LottieFiles team noted

Users at Risk? Here’s What Was Done

The LottieFiles team is currently investigating the incident, suspecting that a developer with the necessary privileges facilitated the attack. They have since released a new secure version, called 2.0.8, which is a copy of the original Lottie Player version 2.0.4.

To prevent further harm, the LottieFiles team has unpublished the compromised package versions from the npm platform. They also removed all access and associated service accounts of the impacted developer.

Impact of the Lottie Player Supply Chain Attack

According to the on-chain analysis platform Scam Sniffer, the Lottie Player supply chain attack affected major decentralized applications (DApps), including 1inch (1INCH) and Movement Network. The attackers aimed to drain users’ funds, prompting the 1inch protocol to pledge refunds to all affected users through its network.

In response to the attack, the 1inch team has urged all impacted users to revoke ERC20 smart contract approvals from malicious addresses using revoke.cash to avoid further losses. On-chain data analysis revealed that a web3 user lost 10 Bitcoins, worth over $720,000, earlier today due to the Lottie Player supply chain attack.

As the dust settles on this attack, one question remains: What’s next for the web3 world?

Qadir AK

Qadir Ak is the founder of Coinpedia. He has over a decade of experience writing about technology and has been covering the blockchain and cryptocurrency space since 2010. He has also interviewed a few prominent experts within the cryptocurrency space.

Published by
Qadir AK
Tags: Crypto ScamHack
October 31, 2024

Recent Posts

Apple, Google, and Uber Quietly Explore Stablecoins to Revolutionize Payments

On the path to innovation, Apple, Google, X, Airbnb, and Uber are quietly exploring stablecoins,…

June 7, 2025

Pi Network News: Users Outraged Over Missing Tokens Despite KYC Completion

Following the news, Pi Coin has dropped around 4% in the last 24 hours, now…

June 7, 2025

Eric Trump Backs $TRUMP Token While Price Faces Bearish Pressure—Is a Rebound Coming?

As political and crypto narratives continue to intersect, the Trump family’s crypto ambitions are once…

June 7, 2025

Bitcoin Price Surpasses $104K Ahead of U.S.-China Trade Talks on June 9th

Bitcoin price has recovered from intraday lows and surpassed the $104,000 mark after the US…

June 7, 2025

Cardano Bulls Defend $0.61 Support, But the Bearish Structure Remains Intact-What’s Next for the ADA Price Rally?

Cardano has managed to find temporary support above the $0.6 mark, a level where buyers…

June 7, 2025

XRP News Today: Ripple Transfers $498M to Unknown Wallet

Ripple recently moved over 230 million XRP, valued at around $498 million, to an unknown…

June 7, 2025