On December 15th, Ledger announced that a new secure version of Ledger Connect Kit 1.1.8 has been released. It has been confirmed that Ledger and WalletConnect malicious code have been disabled. Users can now safely use Ledger Connect Kit, but it is recommended to wait for 24 hours and clear the browser cache.

As previously reported by BlockBeats, on December 14th, the ledgerconnect suite was hit by a supply chain attack, and the attacker injected a payload that drained wallets into a popular NPM package. Later, Ledger officials stated that they had identified and deleted the malicious version of Ledger Connect Kit, and are now pushing the legitimate version to replace the malicious file.