Top online animation tool LottieFiles hacked to target victim crypto wallets

Cryptocurrencies
Migliori Bitcoin wallet (Image credit: Shutterstock / Wit Olszewksi)

A popular online animation tool was abused to trick people into handing over access to their cryptocurrency wallets, with at least one individual losing close to $700,000.

LottieFiles is a platform that provides tools and a library for creating, editing, and sharing lightweight, scalable animations in the Lottie format. These animations, together with the plugin LottiePlayer, are commonly used in websites and mobile applications with 94,000 weekly downloads and has been downloaded more than 4 million times since its launch.

Recently, an unnamed threat actor somehow obtained a session cookie from one of the developers of LottieFiles, and used that access to push three new versions of LottiePlayer (2.0.5, 2.0.6, and 2.0.7) to npmjs. Websites that use LottiePlayer and were configured to always use the latest version have had the malicious versions downloaded automatically.

New version released

These new versions prompted website visitors to connect their cryptocurrency wallets, which basically gives the site access to the stored funds. We don’t know how many people fell for the trick and connected their wallets, but we do know that at least one person did, and it cost them 10 BTC, which is $696,960 at press time. This information came from Scam Sniffer, a Web3 anti-scam platform.

"On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code," the project’s co-founder and CTO, Nattu Adnan, wrote on GitHub. "This does not impact our dotlottie player and/or SaaS services. Our incident response plans were activated as a result. We apologize for this inconvenience and are committed to ensuring safety and security of our users, customers, their end-users, developers, and our employees."

The attacker was quickly ousted, and a new version - 2.0.8, pushed live. This is a copy of the last safe version, which was 2.0.4.

"We have confirmed that our other open source libraries, open source code, GitHub repositories, and our SaaS were not affected."

Via The Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Ethereum
Hackers steal over $1bn in one of the biggest crypto thefts ever
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Fake Reddit sites found pushing Lumma Stealer malware
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software
North Korean flag with a hooded hacker
FBI says North Korean Lazarus hackers were behind $1.5 billion Bybit crypto hack
Latest in Security
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Latest in News
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about Avengers: Doomsday's cast on YouTube, and I think it's going to be a long-winded reveal
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch