LottieFiles Supply Chain Attack Drains Users' Crypto Wallets

Hackers exploited a developer account to inject malicious code into Lottie Player, affecting cryptocurrency security.

LottieFiles confirmed that versions 2.0.5 to 2.0.7 of its Lottie Player npm package were compromised with malicious code.
The attack led to fake wallet connection prompts, allowing hackers to access users' cryptocurrency wallets.
At least one user reportedly lost 10 Bitcoin, valued at approximately $723,000, due to the breach.
LottieFiles has released a secure version, 2.0.8, and revoked access from the compromised developer account.
Security experts are investigating the incident, which highlights the risks of software supply chain attacks.