1inch has been hacked

The website of the decentralized application 1inch has been hacked. The same thing happened with many other platforms that use the open-source Lottie Player library.

Team 1inch confirmed fact of hacking of the frontend. The developers noted that they will compensate all stolen user funds.

What happened

It is reported that attackers have injected malicious code into the JSON interface files of websites running Lottie Player 2.0.5 and higher. This code allows compromised sites to perform unauthorized transactions, compromising the security of users’ assets and data.

According to Blockaidfirst hackers hacked the Lottie Player content server. They used a malicious NPM package to distribute the modified code.

An NPM package is a library or set of code available for installation via npm (Node Package Manager) – a package manager for JavaScript

Cyber ​​Security Specialists notedthat after the distribution of malicious content on the official websites of various projects, the data in the pop-up windows for connecting to the crypto wallet was replaced with the addresses of hackers.

Lottie Player Team statedthat she found the reason for the hack. Meanwhile, representatives of 1inch recommended revoke ERC-20 approvals from malicious addresses through the Revoke.cash tool. This is necessary to prevent further access.

There is no information yet on the number of victims and the volume of stolen funds. The 1inch team stated that only the project’s application was affected. The crypto wallet and 1inch API were not affected. The developers emphasized that they will compensate the damage caused to users.

By the time of writing this material, the problem has been resolved. However, those who are still using the vulnerable Lottie Player library need to update to secure versions.

Stay informed! Subscribe to World Stock Market in Telegram.