{"id":18218,"date":"2024-10-31T11:00:20","date_gmt":"2024-10-31T09:00:20","guid":{"rendered":"https:\/\/forklog.com\/en\/1inch-responds-to-app-breach-and-promises-fund-recovery\/"},"modified":"2024-10-31T11:00:20","modified_gmt":"2024-10-31T09:00:20","slug":"1inch-responds-to-app-breach-and-promises-fund-recovery","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/1inch-responds-to-app-breach-and-promises-fund-recovery\/","title":{"rendered":"1inch Responds to App Breach and Promises Fund Recovery"},"content":{"rendered":"<p>On October 30, users of the decentralized application 1inch encountered a malicious request to connect and sign their wallets, enabling attackers to steal assets. Representatives of the project confirmed the incident.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">On Oct 30, 9:12 PM \u2014 11:22 PM CET, 1inch dApp users may have encountered a malicious wallet connect and signature request.<\/p>\n<p>This signature allows an attacker to drain user&#8217;s funds.<\/p>\n<p>Only the 1inch web dApp was affected; the 1inch Wallet, API, and protocols were never compromised.<\/p>\n<p>\u2014 1inch (@1inch) <a href=\"https:\/\/twitter.com\/1inch\/status\/1851832307746742686?ref_src=twsrc%5Etfw\">October 31, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to them, only the 1inch dApp was affected\u2014the 1inch Wallet, API, and protocols remained uncompromised. The team has guaranteed the return of stolen funds. <\/p>\n<p>All affected users are advised to revoke ERC-20 approvals from malicious addresses using the Revoke.cash tool to prevent further access.<\/p>\n<p>The number of affected users and the amount of stolen funds have not been disclosed.<\/p>\n<p>The breach was caused by a supply chain attack on the popular user interface animation library Lottie Player. The ultimate targets were the websites of major cryptocurrency projects. <\/p>\n<p>Cybersecurity experts noted that the compromise led to the automatic replacement of data in Web3 wallet connection pop-ups on legitimate sites with the attackers&#8217; address.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">TLDR: Massive Supply Chain attack had been happening on the highly popular JS Library lottie-player since ~2 hours ago that populates attackers Web3 wallet connection pop-up on legitimate websites.<\/p>\n<p>I&#8217;ll write here what we know, what can be done and how to detect it in the wild.\u2026 <a href=\"https:\/\/t.co\/aX4DIj7Olp\">pic.twitter.com\/aX4DIj7Olp<\/a><\/p>\n<p>\u2014 Nagli (@galnagli) <a href=\"https:\/\/twitter.com\/galnagli\/status\/1851779972639363076?ref_src=twsrc%5Etfw\">October 31, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Preliminary investigation findings suggest hackers compromised the account token of one of the maintainers, allowing them to inject malicious code into approximately three versions of the NPM package manager.<\/p>\n<p>At the time of writing, the issue has been resolved, and the original infected package has been removed from NPM and most leading <span data-descr=\"Content Delivery Network \u2014\u00a0\u0441\u0435\u0442\u044c \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e\" class=\"old_tooltip\">CDN<\/span>. However, sites using the vulnerable library must update to secure versions.<\/p>\n<p>Earlier, cryptocurrency payment provider Transak confirmed partial third-party access to user data. The company claims that financially sensitive or critically important information was not compromised.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On October 30, users of the decentralized application 1inch encountered a malicious request to connect and sign their wallets, enabling attackers to steal assets. Representatives of the project confirmed the incident. On Oct 30, 9:12 PM \u2014 11:22 PM CET, 1inch dApp users may have encountered a malicious wallet connect and signature request. This signature [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":18217,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1487,44],"class_list":["post-18218","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-1inch","tag-cybercrime"],"aioseo_notices":[],"amp_enabled":true,"views":"24","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/18218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=18218"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/18218\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/18217"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=18218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=18218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=18218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}