LottieFiles hacked in supply chain attack to steal users’ crypto

October 31, 2024 at 04:10PM LottieFiles’ Lotti-Player project was compromised in a supply chain attack, injecting a crypto drainer into websites, potentially costing one victim $723,000 in Bitcoin. Affected versions were quickly replaced with a secure update. Users are advised to upgrade or be cautious of fraudulent wallet connection requests amid ongoing investigations into the … Read more

Ethereum mailing list breach exposes 35,000 to crypto draining attack

July 4, 2024 at 12:18PM A threat actor compromised Ethereum’s mailing list provider and sent a phishing email to over 35,000 addresses, luring recipients to a malicious site offering investment returns. Ethereum disclosed the incident, stating it had no material impact. The internal security team launched an investigation, blocked the attacker, and warned the community. … Read more

Fake Leather wallet app on Apple App Store is a crypto drainer

March 11, 2024 at 10:58AM The Leather cryptocurrency wallet developers warned of a fake app on the Apple App Store, labeled as a wallet drainer, targeting users to steal their digital assets. The app impersonates the genuine product, prompting users to enter their secret passphrases and subsequently draining their wallets. Despite reports, the app remains … Read more

Hundreds of thousands of dollars in crypto stolen after Ledger code poisoned

December 15, 2023 at 07:21PM Ledger, a cryptocurrency wallet maker, was targeted by a malicious code inserted into its Connect Kit JavaScript library. The code rerouted funds to a hacker’s wallet, resulting in a loss of over $610,000. Despite security measures, a former employee’s compromised credentials were exploited. Ledger asserts the issue has been addressed, … Read more

Crypto Hardware Wallet Ledger’s Supply Chain Breach Results in $600,000 Theft

December 15, 2023 at 08:18AM Ledger, a crypto hardware wallet maker, faced a security breach after former employee fell victim to a phishing attack, leading to theft of $600,000 in virtual assets. Malicious code from the compromised npm account was used to propagate crypto drainer malware to other applications. Ledger has since removed the malicious … Read more