On December 14, 2023, Ledger, the French leader in physical crypto asset wallets, warned its users of a malware version of the “Connect Kit”. The software serves as an interface between a wallet and the crypto asset management apps it contains.
“We identified and deleted a malware version of the Ledger Connect Kit. An authentic version is being rolled out to replace the malware file. Do not interact with the apps for the time being. We will keep you updated on the situation,” explained the company.
Later the same day, Ledger announced it had finished replacing the Connect Kit malware with its own, legitimate, version. The company did not provide details on how the malware spread, or its consequences, but promised to publish a full account of the incident soon.
According to the independent researcher ZachXBT, the attack led to the theft of at least 610,000 dollars (558,000 euros).