- Ledger has had a rough week.
- One of the hardware wallet manufacturer’s attempts to remedy the situation has heightened concerns.
- Recent events have renewed calls for the firm to go open source.
This week has been one to forget for Parisian crypto hardware wallet company Ledger. The firm found itself at the center of unwanted attention over its Ledger Recover service that launched with its latest firmware update, which sparked speculation of a backdoor in the technology. Read my colleague Kyle Calvert’s deep dive to find out more.
While Ledger has asserted that there is no backdoor in its crypto wallet, the discussions and the fears persist, fueled by a now-deleted tweet that suggests that the firm may not have been forthcoming in previous statements to customers.
In a tweet on Friday, May 19, Crypto market intelligence platform Santiment Feed revealed that “Ledger” was the top trending word in online crypto communities in the last 24 hours.
Ledger continues to dominate discussions over its Ledger Recover service, as a recent attempt at damage control further muddled the situation.
In a now-deleted tweet on Wednesday, May 17, the firm’s customer service account, Ledger Support, noted that it has always been possible for the firm to gain access to user seed phrases through firmware updates, inadvertently providing fodder for arguments raised by critics earlier in the week.
"Technically speaking it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not," the deleted tweet read.
In a statement on Thursday, May 18, Ledger Support argued that the deleted tweet contained “confusing wording,” a claim some community members have countered.
As many users quickly pointed out, the deleted tweet contradicted statements Ledger made in November 2022 when the FTX collapse strengthened arguments for self-custody wallets. At the time, Ledger asserted that a firmware update could not give it access to customer private keys.
Others have raised concerns that customers have little choice but to trust that the firm and its employees would continue to act in good faith as the Ledger code is not open-source.
Ledger Chief Technology Officer Charles Guillemet has nonetheless argued that trust would always be required between wallet providers and customers, highlighting other ways hardware crypto wallets could be exploited even if their code is open-source.
On the Flipside
- Despite Charles Guillemet’s argument that there are several ways to exploit an open-source crypto wallet, making the Ledger code open-source would likely improve trust.
- Hoping to capitalize on Ledger’s public relations crisis, Trezor tweeted, “Did you know that the ‘O’ in ‘TREZOR’ stands for ‘open-source,'” on Wednesday, May 17.
Why This Matters
Hardware crypto wallets have long been heralded as the standard in crypto security. Concern over Ledger, one of the leaders in the field, raises questions about how users can best secure their assets.
See DailyCoin’s ranking of hardware wallets to help you decide how to store your crypto:
12 Best Crypto Hardware Wallets to Explore in 2022
The U.S. is clamping down on crypto, but Binance’s chief is optimistic. Find out why:
Binance’s CZ Optimistic U.S. Will Change Harsh Crypto Stance