LottieFiles, a popular platform for animation design and development, has expressed concern that a vulnerability in the npm package could expose users to serious risks.

This breach occurred in Lottie Web Player versions 2.0.5, 2.0.6, and 2.0.7, released on October 30, 2024, causing users of these versions to become targets of the malware.

With these affected versions, users started encountering pop-ups injected with malicious code. This led to users encountering misleading requests to connect to their crypto wallets.

LottieFiles announced in a statement on October 31 that they took action upon increasing complaints from users and quickly released version 2.0.8 to ensure security and removed the malicious code in previous versions.

For users unable to update, LottieFiles advised them to notify end users of possible fraudulent wallet connection prompts associated with Lottie-player. Another option was offered to users to stay on version 2.0.4 in order to avoid risks.

LottieFiles warned that applications using the affected npm package may direct users to unintentionally connect their crypto wallets. This could potentially lead to theft and other security breaches.

Such security breaches raise concerns about the security of crypto assets and direct users to be careful. It is emphasized that users should pay more attention, especially when connecting crypto wallets and making transactions on various platforms.

Ensuring security in the cryptocurrency ecosystem is of critical importance in terms of protecting users. Therefore, platforms need to increase security measures and inform users of possible threats.

LottieFiles reported that following this security breach, the affected developer account was deprived of access and the tokens used by this account were cancelled. However, they added that they did not yet have clear information about the full extent and effects of the attack. This uncertainty can lead to distrust among crypto users.

Supply chain security is becoming increasingly important in the crypto world. Software developers must take proactive steps to ensure users’ security and continually provide updates to minimize potential security vulnerabilities.

This is of vital importance not only for individual users, but also for maintaining trust in the entire industry.

This breach experienced by LottieFiles once again reveals the critical importance of supply chain security. Keeping up to date with the current versions of the software and tools they use can help users protect themselves against such threats.

Additionally, software developers and platforms need to take more effective and proactive measures to ensure users’ security.

More robust security protocols and user training are required to prevent similar attacks in the future. Raising awareness of users and increasing their knowledge about security is of great importance in ensuring the security of crypto assets.

In this context, minimizing security vulnerabilities and keeping users alert against possible frauds stand out as a critical element for the healthy growth of the cryptocurrency ecosystem.