The Lottie incidents serve as a powerful case study on the persistent and evolving nature of third-party supply chain risks in the modern web, including the Web3 ecosystem. The CoinMarketCap XSS attack demonstrated how a feature designed for animation (Lottie expressions) can be exploited to inject malicious code and deceive users. The LottieFiles npm compromise further highlighted how a single point of failure—a compromised developer token—can propagate malicious code to countless applications. These events underscore the need for a proactive, multi-layered security approach that includes rigorous content validation, robust Content Security Policies, secure dependency management (like pinning versions and using SRI), and continuous monitoring to preemptively address emerging threats.