LottieFiles, a platform for creating animations, has revealed a supply chain compromise in its npm package that could lead to asset theft. The compromised versions of the Lottie Web Player released on October 30th could prompt users to connect their crypto wallets, potentially allowing theft. LottieFiles has released a new version to revert to secure code and has warned users about potential fraudulent wallet connection prompts. The developer account responsible for the compromise has been stripped of access, but the full extent of the attack is still unknown.
Other News from Today
Expert Says This Time Will Not Be Different After Massive Bitcoin Rallies in Last Three US Elections