Ledger was caught in a crossfire this week when the company tweeted that users “have always trusted Ledger not to deploy [key extraction] firmware whether you knew it or not”.
Ledger in hot water
The controversy arose on May 17 when the company deleted a tweet which was written by a customer support agent, who said it was possible to extract users’ private keys. The fact that Ledger hardware private keys are theoretically accessible in the first place has been wake up call for power users who now understand their hardware wallet could be one firmware upgrade away from being compromised.
This was after the company revealed an ‘optional’ recovery feature which raised questions as to how the hardware wallet feature was even possible.
One user went as far as to accuse the company of “straight up fraud”.
Stop using Ledger hardware wallets. Migrate away from them immediately. They’ve shown nothing but gross incompetence and wild misunderstanding of their own purpose. And now they’ve publicly admitted to intentionally backdooring their own proprietary hardware. Stop using Ledger pic.twitter.com/LLFFUsOW4y
— foobar (@0xfoobar) May 16, 2023
Realising how bad this looked, chief technology officer Charles Guillemet clarified in a new Twitter thread that the wallet’s operating system requires the consent of the user anytime “a private key is touched by the OS.” In other words, the OS shouldn’t be able to copy the device’s private key without the user’s consent — though Guillemet also said that using a Ledger does require “a minimal amount of trust.”
Regardless, the admission of a trust-layer means that Governments could force a backdoor to be programmed into the firmware at a later date.
Government surveillance is neither new nor unknown. The European Union actively pursues surveillance technology trough its legislative power and bureaucratic organs. In fact, bills that undermine privacy rights have been tabled in the European parliament. One attempt is the EU’s proposed Chat Control Law, which would ban open source software and install government spyware on every phone, similar to Communist China.
More pressingly, the bloc has also imposed fiat spending limits and seeks to remove physical cash, either of which can only be realistically enforced if users are not in direct control of their money.
Given a backdrop of persistent government overreach, it’s no surprise that alarm bells for crypto users are ringing.
There is no backdoor: ledger co-founders
As noted, the issue started when a seed-phrase backup feature intensified discussions about how the company had access to the sensitive wallet information in the first place. The tweet deletion riled the community even further, adding fuel to the already raging fire.
Nicolas Bacca, the co-founder of Ledger, then came forward to explain that there is no backdoor. Also, the former Ledger Chief Executive Officer tried to convey that there were no backdoors and that it was a PR failure instead of a technical failure.
Winning back trust with open-source code?
Ledger was an early pioneer of crypto hardware wallets and until recently remained within the good graces of the crypto community. However, it is hard to overlook such an incident without putting new measures in place to set users’ minds at ease. After all, if hardware wallets do not include absolute, uncompromising control over one’s own private keys, there is no point in owning one.
Ledger may have *always* been able to output your encrypted seed phrase.
We don’t actually know because it’s closed-source.
At least with Trezor, it’s open-source so we do know what it can and cannot do.
— Chris Blec (@ChrisBlec) May 16, 2023
The community is now demanding to verify the code themselves instead of relying on trusting the company, demanding the firmware be open-sourced.
One user wrote:
The only path forward is open source. Trust can only be regained if we can see the code.
Words aren’t enough, especially since there is conflicting information coming from your team.
As a long-time user, I’m already shopping for alternatives.
Ledger has open-sourced device apps and communication between clients and the application. However, the co-founder Bacca believes, “having a fully open source code wouldn’t help with that since you don’t really have a way to check what’s running inside the device.”
Alternative open-source hardware wallets include Trezor and Keystone pro.
Ledger CEO Pascal Gauthier has since rolled back the proposed recovery feature until further notice. The company has announced a commitment to promoting its long-standing open-source transparency in its endeavours. Ledger aims to mitigate concerns regarding the security of its wallet and to reassure users about the safety of their digital assets.
Ledger CEO and their CTO put out messages an hour ago saying the controversial firmware update will be postponed until further notice. They’ll also
– Open source Ledger Recover
– Publish Recover whitepaper
– Make Recover auditable
– and gradually open source most of OS
— OKHotshot (@NFTherder) May 23, 2023
Join the telegram channel for updates, charts, ideas and deals.
Did you like the article? Share it!