According to Decrypt, a significant security breach has impacted several decentralized applications (dApps) due to malicious code injected into Lottie Player, a popular JavaScript animation library. The attack exploited recent updates to Lottie Player’s npm package, specifically versions 2.0.5 through 2.0.7, where hackers embedded harmful code within JSON files that display animations on websites. At least one individual has lost 10 BTC (US$723,000) after unknowingly signing a phishing transaction linked to the breach, according to Scam Sniffer, a platform designed to protect users from online fraud.

Blockaid, a cybersecurity platform monitoring the incident, confirmed that the attackers deployed a fake wallet connection prompt, leading users to the drainer malware