- Ace Drainer has compromised an animation library commonly used by crypto apps
- The compromise allowed the drainer to display malicious pop-ups when users visit affected crypto apps
- Some of the affected crypto platforms include 1inch
Crypto scammers continue to invent ways to steal crypto and have hijacked an animation library used by most crypto projects like 1inch. The compromise allowed Ace wallet drainer to inject code into the Lottie Player library enabling them to direct crypto app users to the drainer when they visit genuine crypto platforms like 1inch. According to crypto security firm Blockaid, the compromise affected crypto apps using Lottie Player, something that may nab many victims because Lottie Player is used by popular DeFi projects.
Non-Crypto Sites Also Compromised
Blockaid disclosed that the malicious actors “managed to push malicious versions” of the library during an upgrade. The blockchain security firm added that the wallet drainer has also compromised non-crypto sites.
🚨 URGENT: Blockaid systems have detected a potential supply chain attack targeting dApps that use Lottie Player.
A new version of this npm packaged was deployed a couple of minutes ago, with multiple legitimate dApps now issuing malicious transactions.
More updates soon. pic.twitter.com/FRpnj11JkQ
— Blockaid (@blockaid_) October 30, 2024
Investigations revealed that the malicious actors accessed the library by compromising one of Lottie Player’s maintainers’ accounts. The animation library has since removed the malicious code from its library. However, websites that still engage with the compromised version are still vulnerable.
LottieFiles revealed that they’ve also “removed all access and associated tokens/services accounts of the impacted developer.” It also said that it’s working with third parties to further investigate the compromise.
Incident Response for Recently Infected Lottie-Player versions 2.05, 2.06, 2.0.7
Comm Date/Time: Oct 31st, 2024 04:00 AM UTC
Incident: On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player…
— LottieFiles (@LottieFiles) October 31, 2024
This Isn’t the Only Way Scammers Are Luring Victims
Affected DeFi platforms are yet to disclose whether their users lost funds to the drainer. This isn’t the first time malicious actors are using unorthodox means to steal crypto. Scammers have in the past turned to hacking social media accounts of prominent personalities and directing their followers to wallet drainers.
Scammers also clone popular crypto and blockchain-focused websites and attach malicious code meant to steal crypto.
With Lottie Player being used by notable DeFi platforms, it’s likely that the scammers pocketed a notable amount from unsuspecting victims.
