The front-end of decentralized cryptocurrency exchange aggregator 1inch has allegedly been hacked, according to a post published by cryptocurrency security firm Coinspect Security.
It is reported that the hacking incident is not limited to this, and all decentralized cryptocurrency applications using Lottie Player are affected by this security incident.
Regarding the details of the hack, another cryptocurrency security company, Blockaid, said:
“A new version of the npm package was deployed a few minutes ago and multiple real dApps are now performing malicious operations.”
In addition, there are reports that non-cryptocurrency websites using the service in question are sharing malicious content. Blockaid stated that the vulnerability currently persists and asked users to refrain from interacting with these platforms as a precaution. In addition, in its call to affected websites, it suggested the following temporarily:
“Quick fix until the issue is resolved, fix your @lottiefiles/lottie-player version to the latest non-malware version 2.0.4.”
*This is not investment advice.