Ledger Trends as Deleted Tweet Fuels Crypto Wallet Fears

The hardware wallet manufacturer has inadvertently heightened concerns in an attempt to remedy the situation.

by Okoya David. Fact checked by: Ciaran Lawler, Editor: Stefan Trapp

Published: May 19, 2023 │ 1:40 PM GMT

Man looking at his empty wallet concerned. A man behind him standing on a ledge fished out a gold key. — *Created by Kornelija Poderskytė from DailyCoin*

Ledger has had a rough week.
One of the hardware wallet manufacturer’s attempts to remedy the situation has heightened concerns.
Recent events have renewed calls for the firm to go open source.

This week has been one to forget for Parisian crypto hardware wallet company Ledger. The firm found itself at the center of unwanted attention over its Ledger Recover service that launched with its latest firmware update, which sparked speculation of a backdoor in the technology. Read my colleague Kyle Calvert’s deep dive to find out more.

While Ledger has asserted that there is no backdoor in its crypto wallet, the discussions and the fears persist, fueled by a now-deleted tweet that suggests that the firm may not have been forthcoming in previous statements to customers.

“Confusing Wording”

In a tweet on Friday, May 19, Crypto market intelligence platform Santiment Feed revealed that “Ledger” was the top trending word in online crypto communities in the last 24 hours.

🔐 One of the primary signs of fear is when the top trending #crypto keywords are almost all related to hardware wallets & security. We saw similar safety concerns from traders in November 2021 after the @FTX_Official collapse. That marked a market bottom. https://t.co/0MIfQq1TSd pic.twitter.com/nFIeAwmVPf
— Santiment (@santimentfeed) May 19, 2023

Ledger continues to dominate discussions over its Ledger Recover service, as a recent attempt at damage control further muddled the situation.

Sponsored

In a now-deleted tweet on Wednesday, May 17, the firm’s customer service account, Ledger Support, noted that it has always been possible for the firm to gain access to user seed phrases through firmware updates, inadvertently providing fodder for arguments raised by critics earlier in the week.

"Technically speaking it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not," the deleted tweet read.

Ledger's deleted tweet asserting that it could always access customer seed phrases with a firmware update. — *Ledger’s deleted tweet*. *Source:* *Twitter*

In a statement on Thursday, May 18, Ledger Support argued that the deleted tweet contained “confusing wording,” a claim some community members have countered.

Did someone at #Ledger got fired for telling the truth?

Don't think there was any confusing wording to me.

Ledger is now in damage control. pic.twitter.com/OdSVVSRAtm
— Duo Nine ⚡ discord.gg/ycc (@DU09BTC) May 19, 2023

As many users quickly pointed out, the deleted tweet contradicted statements Ledger made in November 2022 when the FTX collapse strengthened arguments for self-custody wallets. At the time, Ledger asserted that a firmware update could not give it access to customer private keys.

Hi – your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element.
— Ledger (@Ledger) November 15, 2022

Others have raised concerns that customers have little choice but to trust that the firm and its employees would continue to act in good faith as the Ledger code is not open-source.

Because Ledger is not open source, suspicion and lack of trust are baked into the cake.

If most others are open source, why isn’t Ledger?

It breeds the suspicion that something is intentionally being hidden, whether it actually is or not.
— larry block🧡⚡️ (@larryblock8) May 18, 2023

Ledger Chief Technology Officer Charles Guillemet has nonetheless argued that trust would always be required between wallet providers and customers, highlighting other ways hardware crypto wallets could be exploited even if their code is open-source.

22/
If you want to be completely trustless, you'll have to learn electronics to build your computer, learn ASM to build your compiler, then build a wallet stack, your own node and synchronizer, you'll have to learn cryptography to build your own signature stack.
— Charles Guillemet (@P3b7_) May 18, 2023

On the Flipside

Despite Charles Guillemet’s argument that there are several ways to exploit an open-source crypto wallet, making the Ledger code open-source would likely improve trust.
Hoping to capitalize on Ledger’s public relations crisis, Trezor tweeted, “Did you know that the ‘O’ in ‘TREZOR’ stands for ‘open-source,'” on Wednesday, May 17.

Why This Matters

Hardware crypto wallets have long been heralded as the standard in crypto security. Concern over Ledger, one of the leaders in the field, raises questions about how users can best secure their assets.

See DailyCoin’s ranking of hardware wallets to help you decide how to store your crypto:

12 Best Crypto Hardware Wallets to Explore in 2022

The U.S. is clamping down on crypto, but Binance’s chief is optimistic. Find out why:

Binance’s CZ Optimistic U.S. Will Change Harsh Crypto Stance