Cryptocurrency investors are used to such attacks, but the new attack also concerns some normal websites. The vulnerability detected a few minutes ago says that many sites, including the websites of decentralized applications using Lottie, can be taken under control by attackers.
Attention Cryptocurrency Investors
In 2017, 3 engineers from Airbnb created iOS and Android libraries that can handle JSON animations. Later, this structure was developed and Lottie was formed. This software, which exports animations made in Adobe After Effects as JSON files, solves the animation needs of websites in a much simpler way. It is widely used because its file size is small and its integration and usage performance is good.
Now, returning to our main topic, Blockaid (which provides on-chain cyber security services) detected the attack targeting dApps and other websites using Lottie Player.
“blockaid The team detected a potential supply chain attack targeting dApps using Lottie Player. A new version of this npm package was deployed a few minutes ago and multiple legitimate dApps are now issuing malicious processes.
Legitimate sites (including non-cryptocurrency sites) now serve malicious content, including anti-debug hijacking code.”
In its simplest form, some codes in the software’s code library have been replaced with codes that could harm users. dApp It may be useful as a precaution to remove your permissions for a few hours and not connect your wallets to the applications.
Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that crypto currencies carry high volatility and therefore risk, and should carry out their transactions in line with their own research.
