In their statement, the developers urged users not to interact with any decentralized applications until the genuine version of Ledger Connect Kit was released. While Ledger and Ledger Live devices were unaffected, the hack did impact popular decentralized crypto services like Curve, SushiSwap, Zapper, and Revoke.cash.
SushiSwap was the first to alert users to the issue, advising them not to engage with the compromised Connect Wallet pop-up window. The Polygon developers highlighted that even after Ledger addresses the code problem, projects utilizing the library would still need to update before it can be deemed safe for use with DApps.
Meanwhile, Tether CEO Paolo Ardoino disclosed that his team had frozen the hacker’s funds in the compromised wallet. This incident follows an earlier case in November, where Ledger users lost 16.8 Bitcoin due to a fraudulent app in the Microsoft Store.
Additionally, in October, Ledger launched a controversial feature for seed phrase recovery. CEO Pascal Gauthier explained that the recovery process involved encrypting, duplicating, and splitting users’ private keys into three parts, stored separately by Ledger, Coincover (cryptographic security specialists), and an independent backup service provider.