bitcoin
bitcoin

$72332.35 USD 

-0.10%

ethereum
ethereum

$2651.85 USD 

0.37%

tether
tether

$0.999686 USD 

0.01%

bnb
bnb

$591.48 USD 

-1.93%

solana
solana

$175.85 USD 

-2.54%

usd-coin
usd-coin

$0.999993 USD 

0.01%

xrp
xrp

$0.521378 USD 

-0.57%

dogecoin
dogecoin

$0.171975 USD 

-2.41%

tron
tron

$0.169401 USD 

1.56%

toncoin
toncoin

$4.97 USD 

-1.83%

cardano
cardano

$0.356607 USD 

-0.21%

shiba-inu
shiba-inu

$0.000019 USD 

-2.39%

avalanche
avalanche

$26.02 USD 

-2.06%

chainlink
chainlink

$12.27 USD 

2.33%

bitcoin-cash
bitcoin-cash

$370.61 USD 

-2.43%

Cryptocurrency News Articles

1inch Users Cautioned Against Any Interactions as Its Website Gets Breached

Oct 31, 2024 at 09:40 am

Decentralized exchange aggregator 1inch's website has been breached along with multiple other platforms that use the same frontend library, Lottie Player.

1inch Users Cautioned Against Any Interactions as Its Website Gets Breached

Decentralized exchange aggregator 1inch’s website has been breached along with multiple other platforms that use the same frontend library, Lottie Player.

The breach was discovered after users reported suspicious activity on their wallets following interactions with these platforms. Upon investigation, it was found that malicious code had been injected into the Lottie Player, a widely-used animation library used by several dApps and non-crypto websites.

As of now, no user wallets have been reportedly compromised. However, 1inch users are being cautioned against any interactions with the platform until the issue is fully resolved.

According to several posts on X (formerly Twitter), 1inch and TEN Finance are the confirmed victims of this attack so far. However, the number could be much higher, as the exploit targeted Lottie Player versions 2.0.5 and above.

Hackers have reportedly injected malicious code into the front-end JSON files of websites using these versions. This code now enables the compromised sites to perform unauthorized transactions, posing a severe threat to users’ assets and data.

Reports from Blockaid indicate that the attack was introduced through a compromise of Lottie Player’s content server, where a malicious npm package was used to distribute altered code. Blockaid and other security firms have confirmed the injection of unauthorized scripts within the package.

“Legitimate sites (non crypto as well) are now serving malicious content, including anti-debug evasion code. @LottieFiles, it looks like attackers have managed to push malicious versions of your package, with another version being uploaded now,” Blockaid wrote in an X (formerly Twitter) post.

At the time of writing, 1inch hasn’t released any official statement on the breach. However, the Lottie Player team has confirmed that they were able to identify the cause of the breach and are working on removing the affected versions.

Users are strictly advised to avoid connecting wallets or interacting with affected platforms until the security issues are fully resolved.

News source:beincrypto.com

Disclaimer:info@kdj.com

The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!

If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.

Other articles published on Oct 31, 2024