I would read this article about the man in the middle attack!
https://news.bitcoin.com/ledger-addresses-man-in-the-middle-attack-that-threatens-millions-of-hardware-wallets/https://ledgerwallet.us2.list-manage.com/track/click?u=bcc2126fb4bf3e02256d6c188&id=271fdbe596&e=d0d7444049Dear Ledger user,
Protecting your security is of paramount importance to us. The Ledger Wallet Bitcoin Chrome application has just been updated to give you more control over the security of your transactions. The update is automatic and enables an essential new feature: verification of the reception address directly on the device.
This new feature is addressing a specific issue known in the crypto-community as the "Man in the Middle Attack". There has been a recent announcement of a malware proof of concept that could potentially infect the user’s computer - including, the Ledger Chrome application. In this scenario, an attacker could theoretically change the ‘receive’ address displayed on the (infected) computer’s screen within the Ledger Chrome application.
By enabling you to verify the receive address on your device (the only source you can trust), the updated Chrome app provides an additional peace-of-mind. Always verify the receive address on your device before communicating it to a third party.
Your current funds are not at risk and do not require any action.
Besides this important software update, we are taking 3 specific actions to make sure our users are safe and secure, while remaining alert:
• Software updates: the Ledger Wallet Bitcoin Chrome application is the first to benefit from the on device receive address verification feature. It is available for Bitcoin and all other coins managed by the Chrome app. ETH and XRP apps will benefit from that new feature in the upcoming desktop global release.
• Upgraded Bug Bounty program: we are growing quickly - and we are still developing and strengthening some of our behind the scenes processes. We value contributions from security researchers and the community, and will be making our Bug Bounty programs faster and more efficient.
• Prevention: we are continuously working on developing resources and materials to help our user base better understand the threats they face and how they can best secure their assets. If not done already, we urge you to read our basic security principles ruleset.
Security is an arms race. We’re in it for the long haul and are prepared for it. At Ledger, we take our mission seriously and that mission is to protect you.
Thank you for your trust.
Eric Larcheveque
Ledger, CEO