Порушення децентралізованого біржового агрегатора 1Inch та інших платформ

Веб-сайт децентралізованого агрегатора 1Inch було зламано разом із кількома іншими платформами, які використовують ту саму інтерфейсну бібліотеку Lottie Player.

Джерелом атаки став зловмисний код, вбудований у бібліотеку Lottie Player, яка широко використовується для анімації в кількох додатках dApp і на некрипто-сайтах. Наразі не повідомлялося про прямий вплив на гаманці користувачів.

Попередження для користувачів 1 дюйма щодо взаємодії з платформою

According to several posts on X (formerly Twitter), the confirmed victims of the attack so far include 1Inch and TEN Finance. However, the number of affected platforms could be higher, as versions 2.0.5 and above of Lottie Player were exposed to the exploit.

The attackers reportedly inserted malicious code into JSON files used by these versions, allowing the compromised websites to perform unauthorized transactions, posing a significant risk to user assets and data.

Reports from Blockaid and other security firms indicate that the attack occurred through a compromise of the Lottie Player content server, with the malicious code distributed via an npm package. The insertion of unauthorized scripts directly into the package has been confirmed.

As of yet, 1Inch has not released an official statement on the breach. Conversely, the Lottie Player team has confirmed that they have identified the cause of the issue and are working to remove the affected library versions.

Users are strongly advised to avoid connecting wallets or interacting with affected platforms until the security issues are fully resolved.

Community post on the 1inch Discord channel

Increase and Escalation of Crypto Hacks

Security concerns remain one of the most pressing issues in the crypto industry, with the number of malicious activities rising each year.

Recently, hackers reportedly gained control of £20 million worth of cryptocurrency previously seized by the U.S. government. These funds were part of the £3.6 billion the authorities recovered from the Bitfinex hack.

The blockchain platform Radiant Capital experienced one of the year’s largest hacks, suffering a loss of over £50 million. Attackers gained access to the company’s private keys and swiftly transferred all assets.

Investigations and prosecutions of these crimes have also intensified. The FBI recently arrested Eric Council Jr., who allegedly hacked the SEC’s X (formerly Twitter) account to spread false information about Bitcoin ETF approval, significantly impacting the market. Federal authorities believe Council was not the mastermind behind the operation and are negotiating a plea deal with him.

In 2024, crypto hacks have already surpassed £2.1 billion, with CeFi platforms experiencing the most significant hits.

#cybersecurity , #HackerAlert , #CryptoSecurity , #Malware , #CryptoNews🚀🔥

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:

,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.