Breach of the Decentralized Exchange Aggregator 1Inch and Other Platforms
The website of the decentralized aggregator 1Inch was compromised, along with multiple other platforms that use the same frontend library, Lottie Player.
The source of the attack came from malicious code embedded in the Lottie Player library, widely used for animations across several dApps and non-crypto websites. So far, no direct impacts on user wallets have been reported.
Warning for 1Inch Users Regarding Platform Interaction
According to several posts on X (formerly Twitter), the confirmed victims of the attack so far include 1Inch and TEN Finance. However, the number of affected platforms could be higher, as versions 2.0.5 and above of Lottie Player were exposed to the exploit.
The attackers reportedly inserted malicious code into JSON files used by these versions, allowing the compromised websites to perform unauthorized transactions, posing a significant risk to user assets and data.
Reports from Blockaid and other security firms indicate that the attack occurred through a compromise of the Lottie Player content server, with the malicious code distributed via an npm package. The insertion of unauthorized scripts directly into the package has been confirmed.
As of yet, 1Inch has not released an official statement on the breach. Conversely, the Lottie Player team has confirmed that they have identified the cause of the issue and are working to remove the affected library versions.
Users are strongly advised to avoid connecting wallets or interacting with affected platforms until the security issues are fully resolved.
Increase and Escalation of Crypto Hacks
Security concerns remain one of the most pressing issues in the crypto industry, with the number of malicious activities rising each year.
Recently, hackers reportedly gained control of $20 million worth of cryptocurrency previously seized by the U.S. government. These funds were part of the $3.6 billion the authorities recovered from the Bitfinex hack.
The blockchain platform Radiant Capital experienced one of the year’s largest hacks, suffering a loss of over $50 million. Attackers gained access to the company’s private keys and swiftly transferred all assets.
Investigations and prosecutions of these crimes have also intensified. The FBI recently arrested Eric Council Jr., who allegedly hacked the SEC’s X (formerly Twitter) account to spread false information about Bitcoin ETF approval, significantly impacting the market. Federal authorities believe Council was not the mastermind behind the operation and are negotiating a plea deal with him.
In 2024, crypto hacks have already surpassed $2.1 billion, with CeFi platforms experiencing the most significant hits.
#cybersecurity , #HackerAlert , #CryptoSecurity , #Malware , #CryptoNews🚀🔥
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“