bitcoin
bitcoin

$72332.35 USD 

-0.10%

ethereum
ethereum

$2651.85 USD 

0.37%

tether
tether

$0.999686 USD 

0.01%

bnb
bnb

$591.48 USD 

-1.93%

solana
solana

$175.85 USD 

-2.54%

usd-coin
usd-coin

$0.999993 USD 

0.01%

xrp
xrp

$0.521378 USD 

-0.57%

dogecoin
dogecoin

$0.171975 USD 

-2.41%

tron
tron

$0.169401 USD 

1.56%

toncoin
toncoin

$4.97 USD 

-1.83%

cardano
cardano

$0.356607 USD 

-0.21%

shiba-inu
shiba-inu

$0.000019 USD 

-2.39%

avalanche
avalanche

$26.02 USD 

-2.06%

chainlink
chainlink

$12.27 USD 

2.33%

bitcoin-cash
bitcoin-cash

$370.61 USD 

-2.43%

加密货币新闻

1inch 网站遭到入侵,用户请勿进行任何互动

2024/10/31 09:40

去中心化交易聚合器 1inch 的网站以及使用相同前端库 Lottie Player 的多个其他平台都已被攻破。

1inch 网站遭到入侵,用户请勿进行任何互动

Decentralized exchange aggregator 1inch’s website has been breached along with multiple other platforms that use the same frontend library, Lottie Player.

去中心化交易聚合器 1inch 的网站以及使用相同前端库 Lottie Player 的多个其他平台都已被攻破。

The breach was discovered after users reported suspicious activity on their wallets following interactions with these platforms. Upon investigation, it was found that malicious code had been injected into the Lottie Player, a widely-used animation library used by several dApps and non-crypto websites.

该漏洞是在用户报告与这些平台交互后钱包上出现可疑活动后发现的。经调查,发现恶意代码已被注入到 Lottie Player 中,Lottie Player 是多个 dApp 和非加密网站广泛使用的动画库。

As of now, no user wallets have been reportedly compromised. However, 1inch users are being cautioned against any interactions with the platform until the issue is fully resolved.

截至目前,尚未有用户钱包被泄露的报道。然而,在问题完全解决之前,1inch 用户被警告不要与平台进行任何交互。

According to several posts on X (formerly Twitter), 1inch and TEN Finance are the confirmed victims of this attack so far. However, the number could be much higher, as the exploit targeted Lottie Player versions 2.0.5 and above.

根据 X(前 Twitter)上的多篇帖子,到目前为止,1inch 和 TEN Finance 是此次攻击的确认受害者。然而,这个数字可能要高得多,因为该漏洞针对的是 Lottie Player 2.0.5 及更高版本。

Hackers have reportedly injected malicious code into the front-end JSON files of websites using these versions. This code now enables the compromised sites to perform unauthorized transactions, posing a severe threat to users’ assets and data.

据报道,黑客已将恶意代码注入到使用这些版本的网站的前端 JSON 文件中。该代码现在使受感染的站点能够执行未经授权的交易,对用户的资产和数据构成严重威胁。

Reports from Blockaid indicate that the attack was introduced through a compromise of Lottie Player’s content server, where a malicious npm package was used to distribute altered code. Blockaid and other security firms have confirmed the injection of unauthorized scripts within the package.

Blockaid 的报告表明,这次攻击是通过 Lottie Player 的内容服务器受到损害而引入的,其中使用了恶意 npm 包来分发更改后的代码。 Blockaid 和其他安全公司已确认该软件包中注入了未经授权的脚本。

“Legitimate sites (non crypto as well) are now serving malicious content, including anti-debug evasion code. @LottieFiles, it looks like attackers have managed to push malicious versions of your package, with another version being uploaded now,” Blockaid wrote in an X (formerly Twitter) post.

“合法网站(也包括非加密网站)现在正在提供恶意内容,包括反调试规避代码。 @LottieFiles,看起来攻击者已经成功推送了你的软件包的恶意版本,并且现在正在上传另一个版本,”Blockaid 在 X(以前的 Twitter)帖子中写道。

At the time of writing, 1inch hasn’t released any official statement on the breach. However, the Lottie Player team has confirmed that they were able to identify the cause of the breach and are working on removing the affected versions.

截至撰写本文时,1inch 尚未就此次泄露事件发表任何官方声明。然而,Lottie Player 团队已确认他们能够确定违规原因,并正在努力删除受影响的版本。

Users are strictly advised to avoid connecting wallets or interacting with affected platforms until the security issues are fully resolved.

强烈建议用户避免连接钱包或与受影响的平台交互,直到安全问题完全解决。

新闻来源:beincrypto.com

免责声明:info@kdj.com

所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!

如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。

2024年10月31日 发表的其他文章