TechFlow reported, Ledger announced on its official X account that the legitimate version of Ledger Connect Kit 1.1.8 has now been rolled out. Ledger and WalletConnect have confirmed that the malicious code has been disabled.
Users can now safely use Ledger Connect Kit, but are advised to wait 24 hours and clear their browser cache.
Earlier report, SushiSwap CTO @MatthewLilley stated that any dApp using LedgerHQ/connect-kit is vulnerable to attack. Do not use any dApp until further notice. This is not an isolated incident, but a widespread attack targeting multiple dApps.




