Mitrade Insights is dedicated to providing investors with rich, timely and most valuable financial information to help investors grasp the market situation and find timely trading opportunities.

2021

Best News & Analysis Provider

FxDailyInfo

2022

Best Forex Educational Resources Global

International Business Magazine

Insights

News

Cryptocurrencies

Lottie Player hit with a supply chain attack, stealing 10 wrapped BTC from Avalanche wallet

Source Cryptopolitan

Lottie Player was hit with a supply chain attack, affecting one wallet with 10 Bitcoin (BTC). The Wordpress tool has been abused to send malicious links to Web3 users, effectively draining wallets.

Lottie Player, the Wordpress animation library, has been used as a vector of attack for Web3 users. Through malicious links, at least one wallet has been drained of 10 Bitcoin (BTC).

The Lottie Player attack has affected widely used projects like 1inch and Mover. The 1inch attack may be especially harmful, as the DEX trading service is among the most widely used ones on Ethereum.

Blockaid has also reported it has been spreading malicious wallet connections through its website. Bubble was another front-facing website affected by the malicious popups, and became one of the first to be reported. Bubble is also the source for building third-party apps, which could have been affected in the hours when the old versions were active.

Researchers from Blockaid have identified Ace Drainer as the most probable source of the attack. The malicious version of Lottie Player has been removed, but not before spreading fake links for signing with widely used Web3 wallets. The attack has been active for at least 12 hours, increasing the balances in several identified attack wallets.

Lottie player hit with a supply chain attack, stealing 10 wrapped BTC from Avalanche wallet — *Lottie Player launched a popup asking to connect a crypto wallet. | Source: GitHub*

The attack was first noted when a wallet got drained of 10 BTC, leading to the source of fake links. The risk was in quickly signing all requests, including permanent access to wallets. This allowed the attackers to even drain Avalanche C-Chain addresses, stealing a form of wrapped BTC. The attack itself did not ask for a self-custodial Bitcoin wallet, but relied on the need for Web3 connectivity.

⚠️ 3 hours ago, a victim lost 10 BTC ($723,436) due to signing a phishing transaction.

This theft is likely related to the supply chain attack on Lottie Player earlier today. https://t.co/Puq5zUnKO9 pic.twitter.com/STYgRGgyK9

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 31, 2024

Users also noted the Lottie Player would populate a Web3 route with a malicious transaction when used for websites in the usual way. Analysts noted the attack targeted Ethereum and EVM-compatible chains.

The attackers’ addresses continue to show activity, affecting small holdings of various Web3 tokens. For now, the entire size of the attack has not been accounted, and may have affected other tokens. The attackers are swapping the tokens quickly through Uniswap, or even through MetaMask swap.

Lottie Player attack spread to multiple sites

The Lottie Player attack displayed a very familiar screen for Web3 users, urging them to connect some of the top wallets, including MetaMask, WalletConnect, and others.

Even the TryHackMe platform experienced the popup, but moved to an older version. The issue has been reported by other users of popular websites.

The attack affected two versions of Lottie Player, first noticed late on October 30. The attacks originated from versions 2.0.5 or higher. Website owners had to clear the attack themselves in the initial hours, by reverting to other tools or older versions of Lottie Player. Some have chosen to delete the scripts as a precaution.

Wallet owners may still have to revoke permissions, if they have connected to any of the injected links. Sites like 1inch draw in more than 590K monthly users, and may have affected multiple undetected wallets.

Lottie Player team publishes safe version

The Lottie Player team reacted by uploading a legitimate new version 2.0.8, while unpublishing the contaminated scripts. The team noted the faulty versions were three in total, published directly to NPM using a compromised access token from a developer with the required publishing privileges. The team notes no other repositories or libraries have been affected.

Lottie Player is widely used for animations and minor features on websites, but has been added to the list of distributors for malicious links. Those types of attacks target individual wallets, adding to the risk of poisoned addresses, direct targeting in email and messages, and fake website versions.

The attack happens during the next stage of a crypto bull market, accelerating attempts to steal more valuable tokens. Connecting a wallet is best done for a specific purpose, avoiding full-time permissions for signing transactions. Launching a wallet connection immediately after entering a website may be a red flag.

Disclaimer: For information purposes only. Past performance is not indicative of future results.

Recommended Articles

Bitcoin CME gaps at $35,000, $27,000 and $21,000, which one gets filled first?Prioritize filling the $27,000 gap and even try higher.

Author FXStreet

Aug 22, 2023

Prioritize filling the $27,000 gap and even try higher.

Pinduoduo Earnings Incoming: Morgan Stanley Sees Long-Term Profit Potential Insights – On November 21, Chinese e-commerce giant Pinduoduo (PDD) will release its Q3 2024 earnings.

Author Mitrade

Nov 20, 2024

Insights – On November 21, Chinese e-commerce giant Pinduoduo (PDD) will release its Q3 2024 earnings.

Elon Musk’s xAI and Neuralink Launch New Funding Rounds Billionaire Elon Musk recently raised funds for his two high-profile tech companies, xAI and Neuralink.

Author Insights

Jun 03, 2025

Billionaire Elon Musk recently raised funds for his two high-profile tech companies, xAI and Neuralink.

Bitcoin briefly loses 2025 gains as crypto plunges over the weekend.Bitcoin experienced a sharp decline this weekend, briefly erasing its 2025 gains and dipping below its year-opening value of $93,507. The cryptocurrency fell to a low of $93,029 on Sunday, representing a 25% drop from its all-time high in October. Although it has rebounded slightly to around $94,209, the pressures on the market remain significant. The downturn occurred despite the reopening of the U.S. government on Thursday, which many had hoped would provide essential support for crypto markets. This year initially appeared promising for cryptocurrencies, particularly after the inauguration of President Donald Trump, who has established the most pro-crypto administration thus far. However, ongoing political tensions—including Trump's tariff strategies and the recent government shutdown, lasting a historic 43 days—have contributed to several rapid price pullbacks for Bitcoin throughout the year. Market dynamics are also being influenced by Bitcoin whales—investors holding large amounts of Bitcoin—who have been offloading portions of their assets, consequently stalling price rallies even as positive regulatory developments emerge. Despite these sell-offs, analysts from Glassnode argue that this behavior aligns with typical patterns seen among long-term investors during the concluding stages of bull markets, suggesting it is not indicative of a mass exodus. Notably, Bitcoin is not alone in its struggles, as Ethereum and Solana have also recorded declines of 7.95% and 28.3%, respectively, since the start of the year, while numerous altcoins have faced even steeper losses. Looking ahead, questions linger regarding the viability of the four-year cycle thesis, particularly given the increasing institutional support and regulatory frameworks now in place in the crypto landscape. Matt Hougan, chief investment officer at Bitwise, remains optimistic, suggesting a potential Bitcoin resurgence in 2026 driven by the “debasement trade” thesis and a broader trend toward increased adoption of stablecoins, tokenization, and decentralized finance. Hougan emphasized the soundness of the underlying fundamentals, pointing to a positive outlook for the sector in the longer term.

Author Mitrade

Nov 17, 2025

Bitcoin experienced a sharp decline this weekend, briefly erasing its 2025 gains and dipping below its year-opening value of $93,507. The cryptocurrency fell to a low of $93,029 on Sunday, representing a 25% drop from its all-time high in October. Although it has rebounded slightly to around $94,209, the pressures on the market remain significant. The downturn occurred despite the reopening of the U.S. government on Thursday, which many had hoped would provide essential support for crypto markets. This year initially appeared promising for cryptocurrencies, particularly after the inauguration of President Donald Trump, who has established the most pro-crypto administration thus far. However, ongoing political tensions—including Trump's tariff strategies and the recent government shutdown, lasting a historic 43 days—have contributed to several rapid price pullbacks for Bitcoin throughout the year. Market dynamics are also being influenced by Bitcoin whales—investors holding large amounts of Bitcoin—who have been offloading portions of their assets, consequently stalling price rallies even as positive regulatory developments emerge. Despite these sell-offs, analysts from Glassnode argue that this behavior aligns with typical patterns seen among long-term investors during the concluding stages of bull markets, suggesting it is not indicative of a mass exodus. Notably, Bitcoin is not alone in its struggles, as Ethereum and Solana have also recorded declines of 7.95% and 28.3%, respectively, since the start of the year, while numerous altcoins have faced even steeper losses. Looking ahead, questions linger regarding the viability of the four-year cycle thesis, particularly given the increasing institutional support and regulatory frameworks now in place in the crypto landscape. Matt Hougan, chief investment officer at Bitwise, remains optimistic, suggesting a potential Bitcoin resurgence in 2026 driven by the “debasement trade” thesis and a broader trend toward increased adoption of stablecoins, tokenization, and decentralized finance. Hougan emphasized the soundness of the underlying fundamentals, pointing to a positive outlook for the sector in the longer term.

Gold declines below $4,500 on stalled US-Iran ceasefire talks, US NFP data looms Gold price (XAU/USD) edges lower to near $4,470 during the early Asian session on Friday. The precious metal remains volatile amid ongoing geopolitical turmoil. Traders will closely monitor the developments surrounding the US-Iran peace deal and the US May employment report later on Friday.

Author FXStreet

Jun 05, Fri

Gold price (XAU/USD) edges lower to near $4,470 during the early Asian session on Friday. The precious metal remains volatile amid ongoing geopolitical turmoil. Traders will closely monitor the developments surrounding the US-Iran peace deal and the US May employment report later on Friday.

Popular Symbols