Telegram ID: @Vipkhoone_manager

1inch Frontend Compromised in Widespread Supply Chain Attack

Crypto Leak 140 Best Vip channels of the world

1inch Frontend Compromised in Widespread Supply Chain Attack

tesla

In Brief

  • 1Inch, TEN Finance, and others hit by a supply chain attack due to a compromised Lottie Player frontend library.
  • Injected malicious code enables unauthorized transactions, posing risks to users’ funds and personal data.
  • Users are advised to avoid any interactions with the websites; Lottie Player team is working on a fix.

     

     

Decentralized exchange aggregator 1inch’s website has been breached along with multiple other platforms that use the same frontend library, Lottie Player. 

The breach originated from malicious code injected into the Lottie Player, a widely-used animation library used by several dApps and non-crypto websites. As of now, no user wallets have been reportedly compromised.

1inch Users Cautioned Against Any Interactions

According to several posts on X (formerly Twitter), 1inch and TEN Finance are the confirmed victims of this attack so far. However, the number could be much higher, as the exploit targeted Lottie Player versions 2.0.5 and above.

Hackers have reportedly injected malicious code into the front-end JSON files of websites using these versions. This code now enables the compromised sites to perform unauthorized transactions, posing a severe threat to users’ assets and data.

 

Reports from Blockaid indicate that the attack was introduced through a compromise of Lottie Player’s content server, where a malicious npm package was used to distribute altered code. Blockaid and other security firms have confirmed the injection of unauthorized scripts within the package.

“Legitimate sites (non crypto as well) are now serving malicious content, including anti-debug evasion code. @LottieFiles, it looks like attackers have managed to push malicious versions of your package, with another version being uploaded now,” Blockaid wrote in an X (formerly Twitter) post.

At the time of writing, 1inch hasn’t released any official statement on the breach. However, the Lottie Player team has confirmed that they were able to identify the cause of the breach and are working on removing the affected versions.

Users are strictly advised to avoid connecting wallets or interacting with affected platforms until the security issues are fully resolved.

1inch hack
Community post on the 1inch Discord channel

 

 

 

 

 

 

 

Get to know Godleak

Godleak crypto signal is a  service which provide profitable crypto and forex signals for trading. Godleak tried to provide you signals of best crypto vip channels in the world.

It means that you don’t need to buy individual crypto signal vip channels that have expensive prices. We bought all for you and provide you the signals with bot on telegram without even a second of delay.

Crypto leak

Godleak crypto leak service have multiple advantages in comparision with other services:

  •  Providing signal of +160 best crypto vip channels in the world
  • Using high tech bot to forward signals
  • Without even a second of delay
  • Joining in +160 separated channels on telegram
  • 1 month, 3 months , 6 months and yearly plans
  • Also we have trial to test our services before you pay for anything

For joining Godleak and get more information about us only need to follow godleak bot on telegram and can have access to our free vip channels. click on link bellow and press start button to see all features

 

Join for Free

☟☟☟☟☟

https://t.me/Godleakbot

Also you can check the list of available vip signal channels in the bot. by pressing Channels button.

 

&nbsp 

Crypto Hacks Continue To Escalate

Security breaches have been the most plaguing issue of the crypto industry, and malicious activities continue to grow every year.

Most recently, hackers reportedly stole $20 million worth of cryptocurrencies from the US government. The funds were also part of the $3.6 billion that the feds seized from the Bitfinex hackers.

Blockchain lender Radiant Capital suffered one of the biggest hacks of this year, losing more than $50 million. The hackers gained control of the firm’s private keys and rapidly drained these assets.

However, the investigation and prosecution of these crimes have also intensified. FBT recently arrested the SEC X (formerly Twitter) account hacker. The accused is a 25-year-old Alabama man named Eric Council Jr.

Earlier this year, the Council allegedly hacked the SEC’s X account and posted false news about Bitcoin ETF approvals, which significantly affected the market. Yet, the feds believe Council wasn’t the brains of this operation and they are trying to negotiate a plea deal with him.

So far, crypto hacks have exceeded $2.1 billion in 2024, with CeFi platforms taking the biggest hits.

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *