1inch and multiple platforms that utilize the Lottie Player frontend library were been hit by a supply chain breach on 30 October.
The perpetrator injected malicious code into the Lottie Player – a popular animation library adopted by various decentralized applications (dApps) and non-cryptocurrency websites.
1inch team revealed that the attack affected the 1NCH web decentralized application, while the 1inch wallet, API, and protocols remained safe.
On Oct 30, 9:12 PM – 11:22 PM CET, 1inch dApp users may have encountered a malicious wallet connect and signature request. This signature allows an attacker to drain user’s funds. Only the 1inch web dApp was affected; the 1inch Wallet, API, and protocols were never compromised.
The project added that it would refund all losses from the attack. Moreover, 1inch added that its team resolved the issues in less than an hour:
Our mobilized team of 10 experts fully resolved the issue in 50 minutes.
Further, Lottie Player stated that their team identified the attack’s origin and is working to eradicate the struck versions.
1NCH users: stay cautious!
Multiple X posts have confirmed 1inch and TEN Finance as the victims of the latest cryptocurrency hack.
Nonetheless, the number might increase as the attack targeted Lottie Player’s top versions – 2.0.5 and beyond.
Reports suggest the perpetrators used these versions to put malicious code into websites’ front-end JavaScript Object Notation files.
With the code, breached websites can conduct unauthorized transactions, making user data and assets vulnerable.
The hackers compromised Lottie Player’s servers and used a harmful npm package to dispense the modified code.
While 1inch guaranteed funds and data safety, security firms have urged users to refrain from connecting their wallets or using the affected networks until complete resolutions of the security issues.
Meanwhile, the latest attack comes as 1inch aims to boost cryptocurrency adoption with its latest collaboration with martial artist Bruce Lee.
1inch partners with the Bruce Lee Family
In a recent statement, the crypto project confirmed plans to collaborate with the Bruce Lee Estate to enhance Web3 and DeFi adoption.
The official statement added:
Under this partnership, 1inch and the Bruce Lee Family Company are running an ad campaign with the slogan “Take crypto seriousLee.” The campaign aims to shift the perception of crypto from being seen as unserious or purely speculative and to convey to the mass audiences that it represents the financial system of the future.
The collaboration aims to popularize Web3 and DeFi like Bruce Lee helped send martial arts mainstream in the 1970s.
The campaign has released the first video featuring the legendary martial artist urging individuals to take everything seriously, especially digital assets, while advertising 1inch as among the platforms with a top-notch experience.
Meanwhile, 1inch has been connected to Bruce Lee since its debut, even drawing its name from the artist’s iconic 1-inch punch.
Thus, the project has valued Lee’s innovativeness, agility, and versatility –qualities that have guided the blockchain in developing top-notch products like Fusion+.
1inch price outlook
1NCH has struggled with bearish tendencies lately, underperforming even as the bellwether Bitcoin approached its ATHs in the latest upswing.
The altcoin has failed to move despite optimistic updates such as collaborating with Bruce Lee and the latest bullish wave in the broad crypto market.
The altcoin lost 11% and 5% over the past month and week. It trades at $0.2562 after losing nearly 3% in the last 24 hours.
In the meantime, 1inch signals notable bearish bias, potentially catalyzed by the latest hacking event. The price sways beneath the 50-day and 200-day Exponential Moving Averages on the daily chart, highlighting significant selling pressure.
The post 1NCH momentum weakens as supply chain attack hits 1inch Network appeared first on Invezz