TLDR: Massive Supply Chain attack had been happening on the highly popular JS Library lottie-player since ~2 hours ago that populates attackers Web3 wallet connection pop-up on legitimate websites.
I'll write here what we know, what can be done and how to detect it in the wild.