Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
On October 30, users of the 1inch decentralized application faced a malicious request to connect and sign the wallet, which allowed the attackers to steal assets. The incident was confirmed by representatives of the project.
According to them, only 1inch dapp was affected - 1inch Wallet, APIs and protocols were not compromised. The team guaranteed the return of the stolen funds.
All affected users are advised to revoke ERC-20 approvals from malicious addresses using the Revoke.cash tool to prevent further access.
The number of victims and the amount of stolen funds are not reported.
The reason for the hack was an attack on the supply chain in the popular Lottie Player UI animation library. The ultimate goal was the websites of large cryptocurrency projects.
According to cybersecurity experts, the compromise led to the fact that the data in the pop-ups of connecting to the Web3 wallet on legitimate sites was automatically replaced with the address of the attackers.
According to the preliminary findings of the investigation, hackers compromised the account token of one of the maintainers, which allowed malicious code to be injected into about three versions of the NPM package manager.
At the time of writing, the issue has been fixed, the original infected package has been removed from NPM and most of the leading CDNs. However, sites that use the affected library must update to secure versions.
According to them, only 1inch dapp was affected - 1inch Wallet, APIs and protocols were not compromised. The team guaranteed the return of the stolen funds.
All affected users are advised to revoke ERC-20 approvals from malicious addresses using the Revoke.cash tool to prevent further access.
The number of victims and the amount of stolen funds are not reported.
The reason for the hack was an attack on the supply chain in the popular Lottie Player UI animation library. The ultimate goal was the websites of large cryptocurrency projects.
According to cybersecurity experts, the compromise led to the fact that the data in the pop-ups of connecting to the Web3 wallet on legitimate sites was automatically replaced with the address of the attackers.
According to the preliminary findings of the investigation, hackers compromised the account token of one of the maintainers, which allowed malicious code to be injected into about three versions of the NPM package manager.
At the time of writing, the issue has been fixed, the original infected package has been removed from NPM and most of the leading CDNs. However, sites that use the affected library must update to secure versions.
