tl;dr
The website of decentralized exchange aggregator 1inch has been breached, along with other platforms using the same frontend library, Lottie Player. The breach originated from malicious code injected into the Lottie Player, a widely-used animation library. No user wallets have been reportedly compro...
1inch and other platforms using Lottie Player affected by malicious code injection, caution advised for users
Security breach through compromised Lottie Player's content server poses severe threat to users' assets and data
1inch yet to release official statement, users advised to avoid affected platforms until security issues resolved
Crypto industry plagued by security breaches, recent hacks exceeding $2.1 billion in 2024
Recent crypto hacks include theft from US government and $50 million loss by Blockchain lender Radiant Capital
Arrest of SEC X account hacker intensifies investigation and prosecution of crypto crimes
The website of decentralized exchange aggregator 1inch has been breached, along with other platforms using the same frontend library, Lottie Player. The breach originated from malicious code injected into the Lottie Player, a widely-used animation library. No user wallets have been reportedly compromised so far. 1inch and TEN Finance are confirmed victims, but the number could be higher, as the exploit targeted Lottie Player versions 2.0.5 and above. The compromised sites can now perform unauthorized transactions, posing a threat to users' assets and data. The breach was introduced through a compromise of Lottie Player's content server, where a malicious npm package was used to distribute altered code. 1inch has not released an official statement, but the Lottie Player team is working to remove the affected versions. Users are advised to avoid connecting wallets or interacting with affected platforms until the security issues are resolved.
Additionally, crypto security breaches continue to escalate, with recent reports of significant hacks and thefts in the industry. Hacks have exceeded $2.1 billion in 2024, with CeFi platforms experiencing the biggest hits. Decentralized exchange aggregator 1inch’s website has been breached along with multiple other platforms that use the same frontend library, Lottie Player. The breach originated from malicious code injected into the Lottie Player, a widely-used animation library used by several dApps and non-crypto websites. As of now, no user wallets have been reportedly compromised.
According to several posts on X (formerly Twitter), 1inch and TEN Finance are the confirmed victims of this attack so far. However, the number could be much higher, as the exploit targeted Lottie Player versions 2.0.5 and above. Hackers have reportedly injected malicious code into the front-end JSON files of websites using these versions. This code now enables the compromised sites to perform unauthorized transactions, posing a severe threat to users’ assets and data. Reports from Blockaid indicate that the attack was introduced through a compromise of Lottie Player’s content server, where a malicious npm package was used to distribute altered code. Blockaid and other security firms have confirmed the injection of unauthorized scripts within the package.
At the time of writing, 1inch hasn’t released any official statement on the breach. However, the Lottie Player team has confirmed that they were able to identify the cause of the breach and are working on removing the affected versions. Users are strictly advised to avoid connecting wallets or interacting with affected platforms until the security issues are fully resolved.
Security breaches have been the most plaguing issue of the crypto industry, and malicious activities continue to grow every year. Most recently, hackers reportedly stole $20 million worth of cryptocurrencies from the US government. The funds were also part of the $3.6 billion that the feds seized from the Bitfinex hackers. Blockchain lender Radiant Capital suffered one of the biggest hacks of this year, losing more than $50 million. The hackers gained control of the firm’s private keys and rapidly drained these assets. However, the investigation and prosecution of these crimes have also intensified. FBT recently arrested the SEC X (formerly Twitter) account hacker. The accused is a 25-year-old Alabama man named Eric Council Jr.
More about C3 Ai Inc
C3 Ai Inc (C3) operates in the technology and services-prepackaged software industry with a market capitalization of $3.34 billion. The stock price has shown a 2.28% decrease, closing at $25.11. The Relative Strength Index (RSI) stands at 32.674, indicating a potential oversold condition. The stock has experienced a negative price change of $0.855. The trading volume is at 325,433,000.
Despite the decrease in stock price, the RSI suggests a possible oversold scenario, which could lead to a trend reversal. However, it's important to approach this with caution and wait for confirmation signals to validate a potential bullish reversal. As always, past performance is not indicative of future results, and it's essential to consider all risk factors before making any investment decisions.