BPOI Banner
1inch Frontend Compromised in Widespread Supply Chain Attack  1inch Frontend Compromised in Widespread Supply Chain Attack 

1Inch Website Hacked via Supply Chain Exploit on Lottie Player

Decentralized exchange aggregator 1inch’s website has been breached along with multiple other platforms that use the same frontend library, Lottie Player. 

The breach originated from malicious code injected into the Lottie Player, a widely-used animation library used by several dApps and non-crypto websites. As of now, no user wallets have been reportedly compromised.  

1inch Users Cautioned Against Any Interactions

According to several posts on X (formerly Twitter), 1inch and TEN Finance are the confirmed victims of this attack so far. However, the number could be much higher, as the exploit targeted Lottie Player versions 2.0.5 and above. 

Hackers have reportedly injected malicious code into the front-end JSON files of websites using these versions. This code now enables the compromised sites to perform unauthorized transactions, posing a severe threat to users’ assets and data.

Read More: 9 Crypto Wallet Security Tips To Safeguard Your Assets

Reports from Blockaid indicate that the attack was introduced through a compromise of Lottie Player’s content server, where a malicious npm package was used to distribute altered code. Blockaid and other security firms have confirmed the injection of unauthorized scripts within the package.

“Legitimate sites (non crypto as well) are now serving malicious content, including anti-debug evasion code. @LottieFiles, it looks like attackers have managed to push malicious versions of your package, with another version being uploaded now,” Blockaid wrote in an X (formerly Twitter) post

At the time of writing, 1inch hasn’t released any official statement on the breach. However, the Lottie Player team has confirmed that they were able to identify the cause of the breach and are working on removing the affected versions.

Users are strictly advised to avoid connecting wallets or interacting with affected platforms until the security issues are fully resolved.

Community post on the 1inch Discord channel

Crypto Hacks Continue To Escalate 

Security breaches have been the most plaguing issue of the crypto industry, and malicious activities continue to grow every year. 

Most recently, hackers reportedly stole $20 million worth of cryptocurrencies from the US government. The funds were also part of the $3.6 billion that the feds seized from the Bitfinex hackers.

Blockchain lender Radiant Capital suffered one of the biggest hacks of this year, losing more than $50 million. The hackers gained control of the firm’s private keys and rapidly drained these assets. 

Read More: Crypto Social Media Scams – How to Stay Safe

However, the investigation and prosecution of these crimes have also intensified. FBT recently arrested the SEC X (formerly Twitter) account hacker. The accused is a 25-year-old Alabama man named Eric Council Jr.

Earlier this year, the Council allegedly hacked the SEC’s X account and posted false news about Bitcoin ETF approvals, which significantly affected the market. Yet, the feds believe Council wasn’t the brains of this operation and they are trying to negotiate a plea deal with him. 

So far, crypto hacks have exceeded $2.1 billion in 2024, with CeFi platforms taking the biggest hits. 

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Source link

Mohammad Shahid

https://beincrypto.com/1inch-website-hacked-in-supply-chain-attack/

2024-10-31 01:40:03

bitcoin
Bitcoin (BTC) $ 91,340.47 3.95%
ethereum
Ethereum (ETH) $ 3,104.91 1.52%
tether
Tether (USDT) $ 1.00 0.01%
solana
Solana (SOL) $ 218.27 3.88%
bnb
BNB (BNB) $ 621.07 0.01%
dogecoin
Dogecoin (DOGE) $ 0.378663 2.56%
xrp
XRP (XRP) $ 0.887661 8.29%
usd-coin
USDC (USDC) $ 1.00 0.01%
staked-ether
Lido Staked Ether (STETH) $ 3,102.48 1.59%
cardano
Cardano (ADA) $ 0.713657 21.24%
tron
TRON (TRX) $ 0.191651 8.50%
shiba-inu
Shiba Inu (SHIB) $ 0.000025 7.92%
the-open-network
Toncoin (TON) $ 5.40 3.03%
avalanche-2
Avalanche (AVAX) $ 33.22 6.06%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 91,141.42 3.84%
wrapped-steth
Wrapped stETH (WSTETH) $ 3,669.42 1.31%
sui
Sui (SUI) $ 3.67 12.61%
pepe
Pepe (PEPE) $ 0.000023 11.93%
weth
WETH (WETH) $ 3,102.49 1.40%
chainlink
Chainlink (LINK) $ 13.85 7.13%
bitcoin-cash
Bitcoin Cash (BCH) $ 432.76 3.76%
polkadot
Polkadot (DOT) $ 5.19 8.95%
leo-token
LEO Token (LEO) $ 7.66 3.02%
near
NEAR Protocol (NEAR) $ 5.54 3.30%
litecoin
Litecoin (LTC) $ 84.37 5.07%
aptos
Aptos (APT) $ 11.94 7.25%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,266.54 1.32%
usds
USDS (USDS) $ 0.995459 0.29%
uniswap
Uniswap (UNI) $ 8.59 5.57%
crypto-com-chain
Cronos (CRO) $ 0.17298 18.83%
stellar
Stellar (XLM) $ 0.143699 8.31%
internet-computer
Internet Computer (ICP) $ 8.68 8.27%
dogwifcoin
dogwifhat (WIF) $ 3.89 11.08%
bittensor
Bittensor (TAO) $ 520.40 4.76%
ethereum-classic
Ethereum Classic (ETC) $ 23.19 6.25%
kaspa
Kaspa (KAS) $ 0.136841 1.03%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.29 4.96%
dai
Dai (DAI) $ 1.00 0.13%
whitebit
WhiteBIT Coin (WBT) $ 22.32 0.80%
ethena-usde
Ethena USDe (USDE) $ 1.00 0.08%
bonk
Bonk (BONK) $ 0.000044 27.13%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.374257 4.81%
blockstack
Stacks (STX) $ 1.87 3.50%
hedera-hashgraph
Hedera (HBAR) $ 0.073958 14.69%
render-token
Render (RENDER) $ 7.08 7.51%
monero
Monero (XMR) $ 143.81 3.13%
okb
OKB (OKB) $ 44.06 2.08%
first-digital-usd
First Digital USD (FDUSD) $ 1.00 0.19%
floki
FLOKI (FLOKI) $ 0.000265 25.65%
filecoin
Filecoin (FIL) $ 4.19 8.51%