The hacker behind the Ledger library attack reportedly stole approximately $484,000, according to Lookonchain. Ledger hasn’t confirmed the exact amount but suggests potential losses in the hundreds of thousands.
On December 15th, Ledger announced that the authentic Ledger Connect Kit 1.1.8 has been completely disseminated. Both Ledger and WalletConnect have verified that the malicious code has been deactivated. Users can now safely utilize their Ledger Connect Kit. A reminder is emphasized to consistently practice clear signing for added security.
The breach affected popular protocols like Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash. MetaMask users were also impacted, prompting the deployment of a fix for version v2.121.0, ensuring transaction replay and automatic updates.