On October 30, the front-end websites of various online crypto apps fell victim to a security breach. This incident occurred after attackers managed to inject harmful code into an update of a widely-used animation library. As a result, decentralized finance apps such as 1inch and TEN Finance displayed pop-ups prompting users to connect their wallets, which were actually linked to a crypto-draining malware known as "Ace Drainer." This information was shared by Blockaid, a crypto security platform, in an October 30 post.
1. The security lead at cybersecurity firm Wiz, Gal Nagli, explained that the compromise was the result of a significant supply chain attack on the Lottie Player library. This library is immensely popular, providing animations for numerous sites and apps, and is used by major companies like Apple, Spotify, and Disney.
2. The attack was unusual in that it introduced a malicious pop-up into an otherwise seemingly secure website. Traditionally, attackers compromise high-profile social media accounts to deceive followers into clicking on phishing links on fake websites.
3. Jawish Hameed, the engineering vice president at LottieFiles—the company that publishes the animation library—confirmed on GitHub that the compromised library versions had been taken down and urged users to update to the latest version. He also mentioned that the attackers had gained access to the GitHub account of a LottieFiles' senior software engineer and pushed three malicious updates within a three-hour period. Additionally, he stated that the company had revoked access to the compromised account.
Wiz's Nagli reported that users were encountering the malicious crypto wallet connection pop-up on numerous popular websites across the internet. He speculated that the original intent of the attack might have been to target major crypto websites that utilize the library. Nagli also cautioned that websites still using the affected library versions could remain vulnerable. He advised users to verify if the sites are using the non-malicious packages, either version 2.0.4 or the latest 2.0.8.
In response to this incident, LottieFiles did not immediately provide a public statement.
美国证券交易委员会(SEC)正式对最近有利于Ripple Labs的法院裁决提出上诉,据《The Block》的最新报道。据报道,此案将持续到2025年中期。 周四,SEC向美国第... [详情]
近期,加密货币市场整体呈现强劲上涨的势头,多数币种表现出牛市情绪。根据CoinMarketCap的数据,全球加密货币市场的总市值已经攀升至2.44万亿美元,单日涨幅... [详情]
随着新技术的出现,在线游戏行业正在迅速发展,这些技术增强了游戏的公平性和透明度。这一变革的心脏部分是智能合约,它们是直接编码在系统中的自动执行协议... [详情]
近期,比特币价格跌破7万美元大关,最低达到69,685美元。这一下跌主要源于美国市场的抛售压力。与此同时,多种山寨币也遭遇重创,尤其是IMX币受到了显著影响。... [详情]
近期,一个名为0xd1c的巨鲸钱包地址重新开始积累MANTRA(OM)代币,从加密货币交易所Binance提取了大量资金。这一行动不仅因为交易规模庞大,而且由于它结束了... [详情]
随着加密货币市场的逐步回暖,NEAR Protocol 正成为本次备受期待的牛市周期中的领头羊之一。近日,NEAR 重新测试了一个关键的整理区间,这可能意味着它即将... [详情]
近来,Chainlink推出了名为“CCIP私人交易”的先进隐私解决方案,旨在满足金融机构的需求。这一新功能由Chainlink的区块链隐私管理器驱动,允许机构在进行跨链... [详情]
近期,乐施会(Oxfam)发布的一份报告揭示了世界银行无法说明去向的240亿美元气候资金。这一发现引发了对资金透明度的严重质疑,因为这些资金本应用于应对气... [详情]
Radiant Capital,一个去中心化借贷协议,遭受了大规模网络攻击,损失了超过5000万美元的数字资产。这次攻击发生在币安的BNB链和以太坊的第二层网络Arbitru... [详情]
在Hedera Hashgraph和区块链社区的令人兴奋的发展中,内罗毕证券交易所(NSE)加入了Hedera治理委员会。此举标志着在代币化金融方面迈出了重要一步,使Heder... [详情]
意见反馈及报错将在两个工作日内及时处理 投诉举报
增值电信业务经营许可证备案号:京ICP备16030243号-1
renBTC
Atlas USV
Lovely Inu finance
BTU Protocol
TOKPIE
Tarot V1
AQTIS
Oxygen
Ecoin
Oduwa Coin
Poollotto.finance
Raini
