Online discussions are ongoing regarding Ledger’s recent firmware update for its crypto hardware wallet, with experts claiming that it could jeopardize users’ private keys.
On Wednesday, Ledger attempted to address concerns around users’ asset safety with a Twitter thread, but one of its tweets contradicted itself, resulting in more controversy.
Ledger’s problematic tweet
Ledger support validated criticisms from Wednesday about its product in a now-deleted tweet, which revealed a concerning fact: the company could release firmware that extracts users’ private keys from their wallets.
“You have always trusted Ledger not to deploy such firmware whether you knew it or not,” the company stated.
This contradicts a claim that Ledger’s main account made last November, in which the company stated that user private keys cannot be extracted from a wallet’s secure element chip through a firmware update.
At the time of the claim, Ledger and other wallet manufacturers experienced surging sales after the collapse of FTX since crypto investors looked for self-custody and cold storage for their crypto assets.
On Thursday, Ledger cited “confusing wording” as the reason for deleting its Wednesday tweet. Nevertheless, Ledger’s CTO Charles Guillemet wrote a follow-up thread stating that wallets, in general, can implement a backdoor in many ways, and that third-party wallet purchases require some degree of trust.
If you want to be completely trustless, you’ll have to learn electronics to build your computer, learn ASM to build your compiler, then build a wallet stack, your own node and synchronizer, you’ll have to learn cryptography to build your own signature stack.
— Charles Guillemet (@P3b7_) May 18, 2023
“Open source doesn’t really solve this,” he added. “It’s impossible to have guarantees that the electronic itself is not backdoored, nor that the firmware that runs inside the wallet is the one you audited.”
Criticism of Ledger escalated on Wednesday after the company introduced its new hardware wallet service, “Ledger Recover.” With the user’s permission, the service splits a wallet’s private keys into three shards, encrypts them, and saves them with three different centralized providers, one of which is Ledger.
Before using the subscription service, users must provide personal identifying information. In return, users receive a means of recovering their private keys if they lose both their hardware device and seed phrase paper backup.
Many experts, including developer and auditor “foobar,” criticized the service and its associated firmware update for creating a code path that enables the sending of private keys to third parties. They advised followers to stop using the company’s devices.
If you have a ledger, your keys are not compromised (yet). But if you upgrade to the latest firmware, it’ll stick in a code path that can send your private key to third parties. Given ledger doxxed their own customers in the past, it’s unlikely that they’ll keep this info safe
— foobar (@0xfoobar) May 16, 2023