TL;DR
- 1inch has fallen victim to a significant supply chain attack, compromising its website and posing severe risks to users’ funds and personal data.
- The breach occurred via a compromise of Lottie Player’s content server, where hackers injected unauthorized scripts into websites using Lottie Player versions 2.0.5 and above.
- Users are advised to avoid interactions with affected websites until security issues are resolved and follow best practices for crypto wallet security to protect their assets.
1inch has fallen victim to a significant supply chain attack, compromising its website and posing severe risks to users’ funds and personal data. The breach, which also affected other platforms like TEN Finance, originated from malicious code injected into the Lottie Player frontend library, a widely-used animation tool.
On Oct 30, 9:12 PM – 11:22 PM CET, 1inch dApp users may have encountered a malicious wallet connect and signature request.
This signature allows an attacker to drain user's funds.
Only the 1inch web dApp was affected; the 1inch Wallet, API, and protocols were never compromised.
— 1inch (@1inch) October 31, 2024
This attack has raised alarms across the crypto community, highlighting the vulnerabilities in the supply chain of decentralized applications.
How the 1inch Attack Happened
The breach occurred via a compromise of Lottie Player’s content server, where a harmful npm package was employed to spread modified code. Hackers injected unauthorized scripts into the front-end JSON files of websites using Lottie Player versions 2.0.5 and above.
This malicious code enables the compromised sites to perform unauthorized transactions, posing a severe threat to users’ assets and data. Reports from Blockaid indicate that the attack has been active for at least 12 hours, affecting multiple Web3 projects and front-facing sites.
Immediate Impact and Response
As of now, no user wallets have been reportedly compromised, but the potential for unauthorized transactions remains high. Users are advised to avoid any interactions with the affected websites until the security issues are fully resolved.
The Lottie Player team has announced that they have pinpointed the source of the breach and are currently taking steps to eliminate the compromised versions. However, the extent of the damage and the number of affected platforms could be much higher than initially reported.
Security Measures and Recommendations
In response to the attack, security firms like Blockaid have confirmed the injection of unauthorized scripts within the Lottie Player package. It is highly recommended that users refrain from linking their wallets or engaging with the impacted platforms until all security concerns have been completely addressed.
Additionally, users should follow best practices for crypto wallet security, such as using hardware wallets, enabling two-factor authentication, and regularly updating software to protect their assets.
The 1inch supply chain attack underscores the importance of robust security measures and vigilance in the cryptocurrency space. As the investigation continues, users must stay informed and take necessary precautions to safeguard their funds and personal data.
