Several online crypto apps' front-end websites were compromised on Oct. 30 when attackers injected malicious code into a popular animation library update. Decentralized finance apps like 1inch and TEN Finance displayed popups prompting users to connect their wallets, actually leading to the crypto drainer 'Ace Drainer,' as reported by Blockaid. The security lead at Wiz, Gal Nagli, described the incident as a 'massive supply chain attack' on the Lottie Player library, used by major services such as Apple and Spotify. The attackers compromised a LottieFiles engineer's GitHub account, pushing three malicious updates in three hours. Users were urged to update to the latest library version to avoid the malicious popup. Nagli warned that websites still using the affected versions remain vulnerable and advised checking for safe versions. LottieFiles did not provide immediate comments on the issue. Read more AI-generated news on: https://app.chaingpt.org/news