Attackers were able to inject malicious code into the popular “LottieFiles” JavaScript animations library. Visitors to websites using the library saw a prompt to connect their crypto wallets to what was ultimately a cryptocurrency wallet drainer. This affected some crypto platforms that used the library, including the 1inch decentralized exchange aggregator. One victim who connected their wallet suffered the loss of 10 BTC (~$723,000).Other crypto platforms affected included TEN Finance and Movement. Because the animations library is widely used, other non-crypto-related websites also showed the prompt.

Total loss estimated at $723,000.