There were quite a number of Ledger vulnerabilities published/fixed this year. Like this: https://cointelegraph.com/news/newly-discovered-ledger-wallet-vulnerability-could-be-disastrous-if-not-fully-patched

There's a malicious Chrome extension that still fools Ledger users.
There are complains here an there over the internet too https://www.reddit.com/r/ledgerwallet/comments/b5omei/funds_got_stolen_from_ledger_nano_s_this_is_no_fud/
Usually it's (correctly) said that it's the user fault since he didn't pay attention on what wallet he installed, so such cases don't get too much attention, but they do exist.

But we're starting to get off-topic... the whole point is that HODL funds better stay offline, not even in a HW. That's my opinion and you can clearly have a different one.