“The Ledger Donjon has recently discovered a critical vulnerability in this browser extension, allowing an attacker to steal all the assets of any wallet created with this extension, without any user interaction.

By knowing the address of an account, it is possible to immediately compute its private key, then access all its funds.”