Cryptocurrency experts, including popular on-chain investigator ZachXBT, took notice of an ongoing vulnerability associated with various Web3 interactions.
It turns out that the problem had to do with the library of Ledger – the popular hardware wallet provider.
In an official tweet, the company confirmed the vulnerability:
We have identified and removed a malicious version of the Ledger Connect Kit.
A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.
The company also confirmed that Ledger devices and the Ledger Live app were not compromised.
Meanwhile, ZachXBT outlined that some $610K appears to have already been drained.
MetaMask also warned of the issue and updated its users:
According to the latest MetaMask update, users with MetaMask Portfolio version v.2.121.0 will reportedly be safe to transact.