A recent supply chain compromise involving Lottie Player, a commonly used web component for playing site and app animations, has resulted in decentralized finance apps displaying pop-ups prompting users to connect their wallets, according to a report by TradingView.
Users who fell victim to this compromise had their wallets drained, highlighting the severity of the situation. Website administrators started noticing the pop-up and began seeking answers on the LottieFiles forums and the Lottie Player GitHub repository. The company behind the player confirmed that unauthorized versions with malicious code were pushed to the npm registry, causing widespread issues for users.
Versions 2.0.5, 2.0.6, and 2.0.7 of the Lottie Player were compromised, leading to the display of the pop-up and unauthorized access to users’ crypto wallets. Many users who utilized the library via third-party CDNs automatically received the compromised version, further exacerbating the issue.
Fortunately, the company reassured users that their dotLottie player, open source libraries, code, Github repositories, and SaaS services were not affected by the compromise. In response to the incident, a new secure version (v2.0.8) of the Lottie Player has been released, with the compromised package versions removed from the npm registry.
Jawish Hameed, VP of Engineering at LottieFiles, confirmed the release of the new version and recommended users to update to ensure the issue is resolved. For those unable to update, caution should be exercised when prompted to connect their crypto wallets to prevent further security breaches.
As threat actors frequently target npmjs to publish malicious packages or hijack legitimate ones, it is crucial for developers and users to remain vigilant and stay informed about potential risks. The ongoing investigation into the compromise by LottieFiles includes engaging an external incident response team to further assess the situation.
The extent of the cryptocurrency pilfered by the attackers remains unknown, highlighting the importance of addressing supply chain compromises promptly and implementing security measures to prevent future incidents. Overall, staying proactive in updating software and staying informed about security threats can help mitigate the impact of such vulnerabilities on users and businesses alike.