On October 30, a significant number of prominent crypto platforms experienced a wave of hazardous popups urging users to connect their wallets. This unauthorized access was traced to a supply chain attack on the popular Lottie Player animations library. This JavaScript library, utilized by well-known websites such as Apple, Spotify, and Disney, was compromised to display crypto-draining popups targeting decentralized finance (DeFi) projects like 1inch and TEN Finance.
The Details of the Supply Chain Breach
The breach stemmed from an attack on LottieFiles’ GitHub account, achieved by acquiring authentication data from a senior software engineer. Following this breach, the attackers rapidly released three updates containing malware. As a result, any website or application using the compromised version of Lottie Player inundated users with popups that led them to the dangerous Ace Drainer crypto drainer. This method marked a shift from previous tactics, as it involved delivering ads directly through users’ trusted and preferred crypto applications, rather than disseminating phishing links on other platforms.
Industry Response and Security Recommendations
Upon identifying the attack, LottieFiles promptly removed the malicious update and advised application developers to upgrade to either the secure 2.0.4 version or the latest 2.0.8 version of the library. Jawish Hameed, the vice-president of engineering at LottieFiles, confirmed these changes, ensuring that the compromised versions were eliminated from GitHub repositories. Despite this, cybersecurity firms like Wiz and Blockaid have urged users to remain vigilant, noting that some crypto websites might still display the malicious popup even when using the affected library versions.
The growing reliance on trusted software libraries by attackers highlights a concerning trend. With the increasing frequency of scams and security breaches, platforms are strongly encouraged to bolster their monitoring activities and implement regular updates to safeguard against future threats. By staying proactive, developers and users alike can help protect their digital assets from unauthorized access and ensure a more secure online environment.
