CandleFocus

SaaS animation platform LottieFiles alerts users to crypto threats

LottieFiles, a platform for creating animations, has revealed a supply chain compromise in its npm package that could lead to asset theft. The compromised versions of the Lottie Web Player released on October 30th could prompt users to connect their crypto wallets, potentially allowing theft. LottieFiles has released a new version to revert to secure code and has warned users about potential fraudulent wallet connection prompts. The developer account responsible for the compromise has been stripped of access, but the full extent of the attack is still unknown.

Related News