Hackers pushed out a malicious version of a software library made by crypto company Ledger, which powers several web3 applications.