Decentralized exchange aggregator 1inch has fallen victim to a supply chain attack, putting users’ funds and personal data at risk.
The breach also affected TEN Finance and several other platforms, all due to malicious code found in a popular animation library called Lottie Player.
What the hack happened?
The attack compromised the frontend of 1inch by injecting harmful code into versions 2.0.5 and above of the Lottie Player library.
This vulnerability allows unauthorized transactions, which could lead to significant losses for users.
As a precaution, everyone is strongly advised to steer clear of these affected platforms until the security issues are fully resolved.
The trouble began when attackers introduced malicious code into the JSON files of the Lottie Player library.
This made it possible for compromised websites to execute unauthorized actions without users’ consent.
According to Blockaid, a cybersecurity firm, the breach was linked to a corrupted npm package on Lottie Player’s content server, and even legitimate websites outside the crypto world might be serving up harmful content because of this exploit.
A growing problem
This incident highlights a worrying trend, as crypto hacks are becoming more frequent and sophisticated.
Lately hackers managed to steal $20 million in crypto from the U.S. government, linked to funds seized from Bitfinex hackers.
In another case, blockchain lender Radiant Capital suffered a big loss when over $50 million was drained due to a hack that accessed its private keys.
The authorities are stepping up their game too. The FBI recently arrested Eric Council Jr., who allegedly hacked the SEC’s X account and spread false news about Bitcoin ETF approvals, causing quite a hype in the market.
While Council is now in custody, investigators believe he wasn’t the mastermind behind the operation and are currently negotiating a plea deal with him.
The bigger picture
As of 2024, crypto-related thefts have already topped $2.1 billion, with decentralized finance platforms taking the biggest hits.
It’s clear that security breaches remain a pressing issue in the crypto industry, maybe the biggest one, and as technology developes, so do the tactics of cybercriminals.
