As a seasoned cybersecurity researcher with over a decade of experience, I have seen my fair share of breaches and attacks. The recent incident involving 1inch is yet another stark reminder of the complex nature of crypto scams and the constant cat-and-mouse game between attackers and defenders.
1inch, a platform that collects decentralized exchanges, suffered an attack when hackers inserted harmful code into an updated animation library. This led users to unknowingly link their digital wallets to a tool designed for draining cryptocurrency assets.
On October 30th, unsuspecting 1inch users found themselves facing suspicious pop-ups out of nowhere, asking them to link their digital wallets. These seemingly legitimate prompts, inserted maliciously via compromised code within the widely used Lottie Player animation library, actually directed users towards a scam known as “Ace drainer,” disguised as a regular wallet connection request, as reported by web3 security company Blockaid.
1inch’s report after the incident stated that only their web decentralized application (dApp) was impacted, while all other platforms such as the mobile app and API services remained functional. Although they did not reveal the exact amount of damages, the team implied that some users might have been affected. However, they guaranteed that any losses would be compensated.
As a researcher, I’m advising all users to “withdraw ERC20 approvals from potentially harmful wallets” as part of our ongoing efforts to “improve and fortify our dependency management system for increased security.
What happened?
Based on findings by cybersecurity expert Gal Nagli, the incident was triggered by a widespread supply chain attack targeting the Lottie Player animation library.
Lottie Player, frequently employed in web animation, is commonly utilized by prominent corporations such as Apple, Spotify, and Disney to develop captivating user experiences.
First, hackers infiltrated the GitHub account belonging to a key software engineer at LottieFiles, who manages the Lottie Player library. Subsequently, they exploited this access to post three harmful updates over a period of three hours. The content of these updates carried code that surreptitiously inserted a malicious pop-up onto websites utilizing the library.
According to Nagli’s assessment, although the initial target of the attack was web3 companies, he cautioned that sites utilizing the implicated library versions may still be at risk.
Currently, the libraries that were impacted have been taken down from GitHub. Users are advised to update to the most recent version instead.
On October 31st, as reported by Scam Sniffer in a recent update, it was mentioned that at least one individual suffered a loss of approximately 10 Bitcoins, equating to around $723,436 at the given moment, following an unintended transfer due to a phishing scam.
3 hours ago, an individual unintentionally transferred 10 Bitcoins (equivalent to $723,436) after clicking on a fraudulent transaction due to a phishing scam.
This incident may be connected to the recent supply chain attack that occurred on Lottie Player earlier today.
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 31, 2024
The complex nature of crypto scams
On October 17th, according to Blockaid’s report, there was another cyber incident involving Ambient Finance, a decentralized exchange. In this case, it is believed that the attackers inserted harmful software to breach Ambient Finance’s security. Notably, they are said to have employed the Inferno Drainer toolkit in their attack.
In early January, ScamSniffer detected a phishing scheme which manipulated the operational codes common in several cryptocurrency scripting languages. This attack resulted in the theft of approximately $4.2 million in aEthWETH and aEthUNI tokens.
Previously, a security company revealed that a thief’s tool, using harmful code, was used to swindle cryptocurrencies from more than 10,000 different sites by exploiting them.
Over time, numerous cryptocurrency wallet drainers have ceased operations thanks to enhancements in the security landscape and initiatives such as SEAL 911. Yet, adversaries persistently devise innovative methods to bypass these protective measures. As a researcher studying this field, I’m constantly monitoring for new tactics employed by these attackers to ensure our defenses remain effective.
Read More
Sorry. No data so far.
2024-10-31 11:30