Representatives of the Ledger company released a statement that they were able to identify and remove the fake Ledger Connect Kit. However, hacking the wallet code put large crypto services at risk.

The code for the authorization service through the Ledger crypto wallet, which is widely used in decentralized applications (dApps), was subject to a hacker attack. After some time, the wallet development team announced that they were able to eliminate the malicious code.

“We have detected and removed a malicious version of Ledger Connect Kit. A genuine version is now being released that will replace the malicious file. Do not interact with any decentralized applications yet,” the developers warned.

Ledger and Ledger Live devices were not affected, company representatives assured. However, the hack, which lasted more than two hours, affected most popular decentralized crypto services such as Curve, SushiSwap, Zapper and Revoke.cash.

SushiSwap was the first to report the problem and advised users not to react in any way to the “Connect Wallet” pop-up window.

“We have discovered a critical issue: the Ledger connector has been compromised, potentially allowing the injection of malicious code that affects decentralized applications,” the platform warned.

The Polygon developers added that even after Ledger fixes the bad code in its library, projects using the library will need to update before it is safe to use DApps.

Tether CEO Paolo Ardoino said that his team has frozen funds in the wallet of the hacker who hacked Ledger.

Just recently, in November, Ledger users lost 16.8 Bitcoin due to a fraudulent app in the Microsoft Store

And in October, Ledger officially launched the controversial crypto wallet seed phrase recovery feature. CEO Pascal Gauthier then announced that recovery involves encrypting, duplicating and splitting users’ private keys into three parts, which are stored by three different parties: Ledger, cryptographic security specialists Coincover and an independent backup service provider.