Home Apps targeted as crypto drainer popups hit animation library

Apps targeted as crypto drainer popups hit animation library

Various online crypto apps had their user-facing websites compromised on Wednesday (Oct 30) after malicious code was embedded into a popular animation library. 

1inch and TEN Finance, among other decentralized apps, displayed pop-ups requesting users to connect wallets but due to actions from threat actors, this was the work of the crypto drainer, ‘Ace Drainer’. 

The malicious code injection was confirmed by the X account of onchain security platform, Blockaid. 

https://twitter.com/blockaid_/status/1851729469142372711

Blockaid followed up the initial alert with a full attack report and timeline on Thursday.

It detailed the massive supply chain attack on the Lottie Player Library, a widely used resource that provides content for sites such as Apple, Disney, and Spotify.

The report outlined how Blockaid “detected approximately 400 websites that were affected by this attack but estimated that many more were impacted.” 

The incident was resolved within a couple of hours by Lottie with malicious versions removed from its NPM package. A clean, secure version was installed in its place to ensure all service users were protected. 

Blockaid further stated it estimates many more websites were impacted than the 400 it identified, but due to the payload being a wallet drainer, it suspects only crypto users were left vulnerable.

Some websites “are probably still vulnerable”

As reported by Cointelegraph, a security chief at cybersecurity firm Wiz explained the proliferation of the attack. 

Gal Nagli noted how users were seeing the malicious crypto wallet connection popup “on popular websites all across the internet.”

“It seems that the original attack intent was to target major crypto websites who (sic) utilize the library,” he continued.

Nagli warned websites that still use the affected library versions “are probably still vulnerable,” asking users to check if sites are using the updated, non-malicious packages — either version 2.0.4 or the most recent 2.0.8. 

Image credit: Via Midjourney

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech, gambling and blockchain industries for major developments, new product and brand launches, AI breakthroughs, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Graeme Hanna
Tech Journalist

Graeme Hanna is a full-time, freelance writer with significant experience in online news as well as content writing. Since January 2021, he has contributed as a football and news writer for several mainstream UK titles including The Glasgow Times, Rangers Review, Manchester Evening News, MyLondon, Give Me Sport, and the Belfast News Letter. Graeme has worked across several briefs including news and feature writing in addition to other significant work experience in professional services. Now a contributing news writer at ReadWrite.com, he is involved with pitching relevant content for publication as well as writing engaging tech news stories.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.