TechFlow news, on October 31, according to Scam Sniffer monitoring, the animation library Lottie Player suffered a supply chain attack earlier today. Affected projects include the decentralized exchange aggregator 1inch and Movement, among other Web3 projects. Scam Sniffer stated that its system has automatically blocked the affected domains to protect user security.
Yu Xian, founder of SlowMist, commented: "Another supply chain poisoning attack, carried out by the Ace Drainer-related phishing group, which poisoned a front-end script module widely used by prominent Web3 projects. Fortunately, it was detected in time, so the impact should be limited. If your project uses the Lottie Player module, please check whether any malicious code has been introduced (currently known safe versions are 2.0.4 and the latest 2.0.8, which do not contain malicious code)."
