CandleFocus

1Inch Frontend Compromised in Widespread Supply Chain Attack 

The website of decentralized exchange aggregator 1Inch and several other platforms have been breached due to a malicious code injected into the widely-used animation library, Lottie Player. While no user wallets have been compromised, the attack has targeted sites using Lottie Player versions 2.0.5 and above, allowing unauthorized transactions. The breach was introduced through a compromise of Lottie Player's content server, utilizing a malicious npm package. 1Inch and TEN Finance are confirmed victims, but there may be others affected. The Lottie Player team is working on removing the affected versions. Users are advised to avoid interacting with affected platforms. This security breach adds to the growing number of malicious activities in the crypto industry, including recent high-profile hacks resulting in significant losses. However, there have also been increased efforts in investigating and prosecuting these crimes. In 2024, crypto hacks have surpassed $2.1 billion, with centralized finance (CeFi) platforms facing the largest impact.

Related News