According to ZachXBT, this individual discovered a vulnerability related to the library of the cryptocurrency wallet provider Ledger. They shared that approximately $610,000 seems to have been taken as a result of this incident. In another development, as reported by Lookonchain, the hacker behind the attack on Ledger’s connection kit library has stolen assets worth nearly $484,000. Ledger has not confirmed these figures yet, but it is estimated that this security breach involving Ledger hardware wallets could result in losses of hundreds of thousands of USD.
In an official tweet, Ledger also confirmed the vulnerability and removed the malicious version of the Ledger Connect Kit. The company also advises users not to interact with any Dapps at this time. Furthermore, they confirmed that Ledger devices and the Ledger Live application were not compromised. The protocols affected by this security incident include Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash. According to reports, at least Zapper and SushiSwap have been warned about being affected by this hack.
Not only Ledger users but also MetaMask users have been affected by this hack, according to MetaMask. The MetaMask wallet provider has implemented a bug fix for its platform, stating that users should use the latest version, v2.121.0. This update will take place automatically.
In another development, some protocols quickly disabled the library following the Ledger wallet hack. Tether (USDT), the leading stablecoin issuer, has also frozen the wallet address of the attacker.