October 30, 2024

Fix hacked crypto wallet popup on your website

Justin Golden

Problem

Lottie Files was recently hacked with malware displaying a crypto wallet popup on websites. This seems to target websites with React, which also includes WordPress websites.

Solution

Downgrade to version 2.0.4 of lottie files.

If you have a newer version or @latest (which is bad security practice for reasons now obvious), downgrade to 2.0.4 or earlier.

https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://unpkg.com/@lottiefiles/lottie-player@2.0.4/dist/lottie-player.js