Hacker compromises 1inch security and affects user funds
A recent hacker attack put the funds and data of users on the 1inch platform, one of the largest aggregators of decentralized exchanges, at risk. The incident is part of a type of attack known as a supply chain attack.
According to the information released, hackers inserted malicious code into the popular Lottie Player animation library, used on websites and platforms to display animated graphics.
This compromised code affected not only 1inch, but also other platforms such as TEN Finance. The breach caused serious vulnerabilities that allow unauthorized transactions and compromise personal data.
The breach, which impacts versions 2.0.5 and higher of Lottie Player, allows malicious code to carry out actions on the website without users' consent. Experts from security firm Blockaid identified the issue in Lottie Player JSON files uploaded to compromised content servers.
Blockaid confirmed that hackers were able to insert unwanted scripts into the library, including advanced techniques to bypass security measures and prevent the attack from being tracked. Even websites outside the crypto sector that use this library may have been affected by the malicious code.
1inch suffers attack
1inch, to date, has not officially commented on the attack. However, the Lottie Player team is now aware of the source of the problem and is working to remove the compromised versions of the library.
The recommendation for users of the affected platforms is to avoid any interaction until all security flaws are resolved. This attack highlights the importance of strict security measures and caution when using third-party libraries in critical applications such as cryptocurrency exchanges.
The increase in hacking attacks in the crypto sector reflects a worrying trend: security breaches have become a constant threat, and hackers are developing increasingly sophisticated methods to attack decentralized platforms.
In 2024 alone, cryptocurrency-related thefts have already surpassed the $2.1 billion mark. Recent attacks include the theft of $20 million from the United States government linked to funds seized from Bitfinex hackers, as well as a $50 million loss suffered by Radiant Capital after attackers accessed the company's private keys.
As investigations into cybercrime advance, the FBI has intensified its operations to combat this type of crime. Authorities recently arrested Eric Council Jr., accused of hacking the SEC's X (formerly Twitter) account and spreading fake news about Bitcoin ETF approvals, which generated a wave of speculation and influenced the market.