Sign in / up

back to article LottieFiles supply chain attack exposes users to malicious crypto wallet drainer

LottieFiles is overcoming something of a Halloween fright after battling to regain control of a compromised developer account that was used to exploit users' crypto wallets. Nattu Adnan, co-founder and CTO at LottieFiles – best known for its popular website animation plugin, LottiePlayer – confirmed on Thursday that a highly …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. tmTM

    "Please connect your wallet"

    Honestly, what sort of moron falls for something so obvious?

    Clearly, one with ten less bitcoin to their name. Gutted.

    9 0 Reply
    1. RM Myers
      Reply Icon
      Unhappy

      Re: "Please connect your wallet"

      Thank you, thank you, thank you! I was starting to believe the commentards had completely lost the talent for victim blaming and shaming. You have renewed my faith.

      Having dealt with the super old, I can think of reasons why someone would fall for something so obvious. I'm not just considering the cognitive decline, there is also an innocence that is almost childlike. Also, there are many medications which make people highly subjectable - there is a reason you are told after certain surgical procedures to avoid any financial transactions, and they require you have someone you trust take you home.

      2 3 Reply
      1. UnknownUnknown Silver badge
        Reply Icon

        Re: "Please connect your wallet"

        Stupid Old People and Crypto Wallets are streams that don’t cross:

        As I have repeated endlessly to ny Dad - *Everyone* on the Internet wants to help themselves to *YOUR* money- Esp Google, Apple and Microsoft.

        Banks, Microsoft, Apple do not call you unless you have a paid for support contract- if there is ay issue they will suspend your account.

        0 4 Reply
  2. Jedit Silver badge
    Boffin

    "Adnan didn't comment on the number of users affected by the incident"

    It definitely hit the iOS app for the Something Awful forums. That's now been patched, but all users were advised to uninstall it completely and change their passwords.

    The moral: pin your library versions until an update has been declared safe and secure.

    2 0 Reply
  3. Pascal Monett Silver badge
    Holmes

    "supply chain attack"

    That path would not exist if Agile developers would stop downloading unverified code to production servers.

    As usual, business is going to learn the hard way.

    9 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: "supply chain attack"

      Seems unlikely. It's been how many years and they still haven't?

      1 0 Reply
  4. Ian Johnston Silver badge

    The money was lost when it was used to buy crypto. What happens to the crypto is a second-order effect of no practical importance.

    11 0 Reply
  5. Nursing A Semi

    Whats your favourite?

    I really hate "malicious crypto wallet drainers" don't you? My favourites are the pythonesc crypto wallet drainers or maybe the cheeky crypto wallet drainers as still waiting for the slapstick crypto wallet drainers to be released.

    What's your favourite?

    3 0 Reply
  6. Anonymous Coward
    Anonymous Coward

    Never heard of LottieFiles, but

    If you have a crypto wallet you’ve already established that you’re a sucker.

    5 0 Reply
  7. sitta_europea Silver badge

    "... npmjs package manager. ... websites ... configured to use the latest version ..."

    Tell me I'm dreaming.

    4 0 Reply
    1. David Hicklin Silver badge
      Reply Icon

      > Tell me I'm dreaming.

      But Agile ! Cloud ! Automatically have the latest and greatest shiny !!!

      3 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like