1inch Breach Reveals Weakness in Crypto Supply Chain Security

1inch frontend compromised by hack.
Security breaches affect several websites.
Significant losses in cryptocurrencies continue.
A recent cyberattack on decentralized exchange aggregator 1inch and other platforms such as TEN Finance has reignited security concerns in the cryptocurrency space. The incident involved the injection of malicious code through the Lottie Player animation library, affecting versions 2.0.5 and above, which enabled unauthorized transactions to be made and put users’ data and funds at risk.
On October 30, 21:12 PM – 23:22 PM CET, users of the 1inch dApp may have encountered a malicious wallet connection and signature request. This signature allows an attacker to drain user funds.
On Oct 30, 9:12 PM – 11:22 PM CET, 1inch dApp users may have encountered a malicious wallet connect and signature request.
This signature allows an attacker to drain user’s funds.
Only the 1inch web dApp was affected; the 1inch Wallet, API, and protocols were never compromised.
— 1inch (@1inch)
October 31, 2024
The intrusion began with the compromise of JSON files in the Lottie Player library, allowing affected websites to perform unintended actions. As reported by security firm Blockaid, the vulnerability originated from a corrupted npm package on the Lottie Player servers. This attack not only affected cryptocurrency platforms, but also other legitimate websites that may unknowingly be distributing malicious content.
Related Stories


Hacker Exploits Vulnerability in Truth Terminal Founder’s X Account and Raises $600K
29/10/2024


EigenLayer Hack: Official X Account Hacked to Promote Fake Airdrop
18/10/2024
The Lottie Player team has already identified and is fixing the issue, working to eliminate compromised versions from their system.
This attack is just one of many that have plagued the cryptocurrency industry recently, showing an escalation in sophistication and impact. In a separate incident, hackers managed to extract $20 million worth of cryptocurrency that had been seized by the US government following a hack of Bitfinex. Radiant Capital also suffered a major blow, with over $50 million stolen after criminals gained access to its private keys.
By 2024, losses related to cyberattacks in the sector are already expected to exceed US$2,1 billion, with centralized finance (CeFi) platforms being the most affected.
Disclaimer:
The views and opinions expressed by the author, or anyone mentioned in this article, are for informational purposes only and do not constitute financial, investment or other advice. Investing or trading cryptocurrencies carries a risk of financial loss.
Tags:
1INCH
Hacker Attack