Ledger has had some serious difficulties, especially with Ledger ConnectKit, which is responsible for connecting Ledger Live to applications. The problem is that using the library to manage the connection to Ledger Live leaves your frontend vulnerable, exposing users to the risk of losing money after authorization. Experts recommend temporarily discontinuing use of the app. Hackers have replaced the wallet library with a malicious drainer used to steal funds. This cunning scheme is carried out through the ConnectKit package.

Important: Until the vulnerability is fixed, avoid using your Ledger cryptocurrency wallet. Here is a full list of addresses that are currently dangerous to interact with via Ledger.

Curve Finance strongly recommends NOT using Ledger to interact with their website! Balancer also advises to refrain from using Ledger at this time.

UPD: Update from Ledger team 

The cryptocurrency wallet development team has announced that a malicious version of Ledger Connect Kit has been detected and successfully removed. At the same time, they assure users that their Ledger and Ledger Live devices remain secure and have not been compromised.

However, Ledger representatives recommend that users refrain from interacting with any dApps until the situation is finally stabilized.