"The attacker published a malicious version of the Ledger Connect Kit (affecting versions 1.1.5, 1.1.6, and 1.1.7)," said Gauthier. "The malicious code used a rogue WalletConnect project to reroute funds to a hacker wallet."
"Safe" may be overstating the case: According to security firm Socket, which provides algorithmic assessments of NPM packages, Connect Kit currently rates 51 out of 100 for Supply Chain Security and 55 out of 100 for Quality
[
add
]
[
|
|
...
]