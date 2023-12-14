Cryptocurrency experts, including popular on-chain investigator ZachXBT, took notice of an ongoing vulnerability associated with various Web3 interactions.

It turns out that the problem had to do with the library of Ledger – the popular hardware wallet provider.

In an official tweet, the company confirmed the vulnerability:

We have identified and removed a malicious version of the Ledger Connect Kit. A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.

The company also confirmed that Ledger devices and the Ledger Live app were not compromised.

Meanwhile, ZachXBT outlined that some $610K appears to have already been drained.

looks like $610K+ drained drainer customer

0x658729879fca881d9526480b82ae00efc54b5c2d

drainer fee address

0x412f10AAd96fD78da6736387e2C84931Ac20313f pic.twitter.com/Rld2BsKNDo — ZachXBT (@zachxbt) December 14, 2023