A series of devastating cyberattacks reportedly hit several online crypto applications on October 30th, through malicious pop-ups that had been set to trick users into connecting their wallets to a dangerous application called “Ace Drainer.” This Ace Drainer attack was made possible by an update in the Lottie Player animations library, a common feature utilized to add animations on web pages and applications throughout the internet. This vulnerability has made several popular DeFi applications, such as 1inch and TEN Finance, display malicious popups in an attempt to trick users into connecting their crypto wallets, putting them at risk of theft of their funds.
Lottie Player as a Vulnerable Entry Point
There’s an Ace Drainer attack with some bad actors that just drained a GitHub account in just three hours. One, I can say Ace Drainer, which went across various platforms, so platforms are high-profile, by embedding animated graphics- from animated emojis to full features used on Apple, Spotify, or Disney,” security professionals pointed out.
These updates involved the code responsible for making the attackers pop up and saying that users’ wallets must join acceptable crypto apps before they spam/reroute such users to Ace Drainer. It was unusual in scope and magnitude since it affected several websites without infecting them with malware. In this campaign, hackers reportedly exploited the Lottie Player library and injected bad popups on various crypto platforms, as Gal Nagli, a security lead.
Unique Nature of the Attack
Typically, Ace Drainer attackers attempt to gain control over social media accounts with large followings, posting phishing links to deceive followers. In contrast, this particular Ace Drainer attack introduced malicious popups on genuine crypto websites using an otherwise legitimate and popular animation library. This indirect approach caught many off guard, as users likely felt reassured by the websites they were visiting.
The Ace Drainer attackers effectively blended into these platforms by exploiting an integral part of the sites’ user interface, the animation library, which is trusted and widely adopted across industries. This strategy underscores the growing sophistication of cyberattacks targeting crypto platforms and decentralized finance, particularly by using indirect methods that leverage trusted third-party resources.
Security Measures Taken by LottieFiles
After the breach was discovered, the Vice President of Engineering at LottieFiles-the, the company that makes the animation library-Jawish Hameed, immediately put a stop to the possible damage. He confirmed on GitHub that the broken library versions have been revoked, and he requested each user to update to their latest, not compromised, versions. The compromised account on GitHub that performed this malicious update was disabled. He advised all users of Lottie Player to upgrade their version to 2.0.4 or 2.0.8, which is the latest version and safe.
Nagli has advised users and developers to be vigilant, especially when their platforms depend on the Lottie Player library. He further warned that websites that are still using the compromised versions of the library are still vulnerable, and users need to check if their platforms are using non-malicious packages. Due to the fact that most users of cryptocurrencies do not have control over the libraries on which their favourite platforms draw, they are advised to look for pop-up wallet connections and be cautious about any prompt that asks them for sensitive information or permission.
Ace Drainer attack is one of the latest attacks against the Lottie Player animations library in a line of increasingly sophisticated cyberattacks on crypto and DeFi platforms. Through a trusted resource, attackers could reach an extensive audience across various platforms and inject malicious popups into thousands of crypto users’ devices. This gives a reminder to the crypto community of security diligence: from end users to developers, this is where the need comes in. Keeping software up-to-date, with robust security protocols in place, and educating yourself on vulnerabilities you face can help developers and users be less vulnerable.
Stay connected with TurkishNY Radio by following us on Twitter and LinkedIn, and join our Telegram channel for more news.