bitcoin
bitcoin

$72272.69 USD 

-0.10%

ethereum
ethereum

$2650.19 USD 

0.31%

tether
tether

$0.999674 USD 

0.00%

bnb
bnb

$590.95 USD 

-2.00%

solana
solana

$175.43 USD 

-3.01%

usd-coin
usd-coin

$0.999960 USD 

0.00%

xrp
xrp

$0.521170 USD 

-0.66%

dogecoin
dogecoin

$0.171701 USD 

-2.65%

tron
tron

$0.169309 USD 

1.56%

toncoin
toncoin

$4.96 USD 

-1.96%

cardano
cardano

$0.356396 USD 

-0.34%

shiba-inu
shiba-inu

$0.000019 USD 

-2.60%

avalanche
avalanche

$25.98 USD 

-2.31%

chainlink
chainlink

$12.26 USD 

2.22%

bitcoin-cash
bitcoin-cash

$370.61 USD 

-2.47%

加密貨幣新聞文章

1inch 網站遭到入侵,使用者請勿進行任何互動

2024/10/31 09:40

去中心化交易聚合器 1inch 的網站以及使用相同前端庫 Lottie Player 的多個其他平台都已被攻破。

1inch 網站遭到入侵,使用者請勿進行任何互動

Decentralized exchange aggregator 1inch’s website has been breached along with multiple other platforms that use the same frontend library, Lottie Player.

去中心化交易聚合器 1inch 的網站以及使用相同前端庫 Lottie Player 的多個其他平台都已被攻破。

The breach was discovered after users reported suspicious activity on their wallets following interactions with these platforms. Upon investigation, it was found that malicious code had been injected into the Lottie Player, a widely-used animation library used by several dApps and non-crypto websites.

該漏洞是在用戶報告與這些平台互動後錢包上出現可疑活動後發現的。經調查,發現惡意程式碼已被注入到 Lottie Player 中,Lottie Player 是多個 dApp 和非加密網站廣泛使用的動畫庫。

As of now, no user wallets have been reportedly compromised. However, 1inch users are being cautioned against any interactions with the platform until the issue is fully resolved.

截至目前,尚未有用戶錢包被洩漏的報道。然而,在問題完全解決之前,1inch 用戶被警告不要與平台進行任何互動。

According to several posts on X (formerly Twitter), 1inch and TEN Finance are the confirmed victims of this attack so far. However, the number could be much higher, as the exploit targeted Lottie Player versions 2.0.5 and above.

根據 X(前 Twitter)上的多篇帖子,到目前為止,1inch 和 TEN Finance 是攻擊的確認受害者。然而,這個數字可能要高得多,因為該漏洞針對的是 Lottie Player 2.0.5 及更高版本。

Hackers have reportedly injected malicious code into the front-end JSON files of websites using these versions. This code now enables the compromised sites to perform unauthorized transactions, posing a severe threat to users’ assets and data.

據報道,駭客已將惡意程式碼注入到使用這些版本的網站的前端 JSON 檔案中。該程式碼現在使受感染的網站能夠執行未經授權的交易,對使用者的資產和資料構成嚴重威脅。

Reports from Blockaid indicate that the attack was introduced through a compromise of Lottie Player’s content server, where a malicious npm package was used to distribute altered code. Blockaid and other security firms have confirmed the injection of unauthorized scripts within the package.

Blockaid 的報告表明,這次攻擊是透過 Lottie Player 的內容伺服器受到損害而引入的,其中使用了惡意 npm 套件來分發更改後的程式碼。 Blockaid 和其他安全公司已確認該軟體包中註入了未經授權的腳本。

“Legitimate sites (non crypto as well) are now serving malicious content, including anti-debug evasion code. @LottieFiles, it looks like attackers have managed to push malicious versions of your package, with another version being uploaded now,” Blockaid wrote in an X (formerly Twitter) post.

「合法網站(也包括非加密網站)現在正在提供惡意內容,包括反偵錯規避程式碼。 @LottieFiles,看起來攻擊者已經成功推送了你的軟體包的惡意版本,並且現在正在上傳另一個版本,」Blockaid 在 X(以前的 Twitter)帖子中寫道。

At the time of writing, 1inch hasn’t released any official statement on the breach. However, the Lottie Player team has confirmed that they were able to identify the cause of the breach and are working on removing the affected versions.

截至撰寫本文時,1inch 尚未就此次洩漏事件發表任何官方聲明。然而,Lottie Player 團隊已確認他們能夠確定違規原因,並正在努力刪除受影響的版本。

Users are strictly advised to avoid connecting wallets or interacting with affected platforms until the security issues are fully resolved.

強烈建議用戶避免連接錢包或與受影響的平台交互,直到安全問題完全解決。

新聞來源:beincrypto.com

免責聲明:info@kdj.com

所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!

如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。

2024年10月31日 其他文章發表於