In a comment to Incrypted, Hacken experts explained:
“The Ledger Connect Kit library has been compromised. Accordingly, every website (dApp) that uses it is also compromised. Malicious code is loaded onto it and begins to work on the principle of phishing. If the user does not interact with these sites, then he is not in any danger at all. But we can’t say for sure who uses them besides SushiSwap, Zapper and RevokeCash. Therefore, for your own safety, you need to wait until this problem is fixed. It’s unlikely that it will take very long.”
Representatives of the team of the analytical company HAPI noted in a conversation with Incrypted that as a result of compromise, the modal window for connecting the wallet during authorization is replaced:
“This is a popular Web3 connector, it puts a lot of protocols and wallets at risk. It’s better not to do anything to anyone for now. Do not interact with any dApp. Users of any dApp and any wallet that interacts with them are at risk. Not only Ledger Live" .
Update: Ledger announced that it had discovered and removed a malicious version of the Ledger Connect Kit:
“Now a real version is being released to replace the malicious file. Do not interact with any applications for now. We will keep you informed as the situation develops. Your Ledger and Ledger Live device have not been compromised."
Update 2: Tether CEO Paolo Ardoino reported that the hacker's address has been frozen.
Incrypted will continue to monitor developments. We will update the material when new details become available.