Cryptocurrency experts, including popular on-chain investigator ZachXBT, took notice of an ongoing vulnerability associated with various Web3 interactions.

It turns out that the problem had to do with the library of Ledger – the popular hardware wallet provider.

In an official tweet, the company confirmed the vulnerability:

We have identified and removed a malicious version of the Ledger Connect Kit. A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.

The company also confirmed that Ledger devices and the Ledger Live app were not compromised.

Meanwhile, ZachXBT outlined that some $610K appears to have already been drained.

looks like $610K+ drained drainer customer

0x658729879fca881d9526480b82ae00efc54b5c2d

drainer fee address

0x412f10AAd96fD78da6736387e2C84931Ac20313f pic.twitter.com/Rld2BsKNDo — ZachXBT (@zachxbt) December 14, 2023

MetaMask also warned of the issue and updated its users:

If you’re a MetaMask user: Please ensure that you have the Blockaid feature turned on in MetaMask Extension before performing any transactions on MetaMask Portfolio. The MetaMask Portfolio team is on it and has a fix in place that will be rolled out today. — MetaMask 🦊🫰 (@MetaMask) December 14, 2023

According to the latest MetaMask update, users with MetaMask Portfolio version v.2.121.0 will reportedly be safe to transact.

📢🦊 Update: The recent hack affects all users, not just @Ledger users. We’ve deployed a fix for MetaMask Portfolio. Users on the latest version v2.121.0 will be able to transact again & will be updated automatically. If you’re not on this version, please refresh your site data. pic.twitter.com/QzV1vcwTtT — MetaMask 🦊🫰 (@MetaMask) December 14, 2023