Quote
Update:
The malicious version of the file was replaced with the genuine version at around 2:35pm CET.
The new genuine version should be propagated soon.
We will provide a comprehensive report as soon as it’s ready.
In the meantime, we’d like to remind the community to always Clear Sign your transactions - remember that the addresses and the information presented on your Ledger screen is the only genuine information.
If there’s a difference between the screen shown on your Ledger device and your computer/phone screen, stop that transaction immediately.
Source: https://twitter.com/Ledger/status/1735298142118072512The malicious version of the file was replaced with the genuine version at around 2:35pm CET.
The new genuine version should be propagated soon.
We will provide a comprehensive report as soon as it’s ready.
In the meantime, we’d like to remind the community to always Clear Sign your transactions - remember that the addresses and the information presented on your Ledger screen is the only genuine information.
If there’s a difference between the screen shown on your Ledger device and your computer/phone screen, stop that transaction immediately.
Also found this tweet on how to check if you have the malicious library cached
Quote
The ledger issue is now fixed.
To make sure you don't have the malicious library cached, go to https://cdn.jsdelivr.net/npm/@ledgerhq/connect-kit@1 and ensure the version is 1.1.8.
If it's not, clear your cache. chrome- F12> Chrome Developer Tools > Application tab > Storage in left tree> Clear site data.
Source: https://twitter.com/Mudit__Gupta/status/1735301007188406681To make sure you don't have the malicious library cached, go to https://cdn.jsdelivr.net/npm/@ledgerhq/connect-kit@1 and ensure the version is 1.1.8.
If it's not, clear your cache. chrome- F12> Chrome Developer Tools > Application tab > Storage in left tree> Clear site data.