Self-custody is crucial for crypto, and security is a must for self-custody. Hardware wallet manufacturer, Ledger, has built its reputation on secure storage of users’ private keys. These wallets provide a secure offline environment to store keys and execute transactions. The private keys are generated and stored within the device and are never meant to leave it. This offers an unprecedented level of security compared to online wallets, but people often lose their keys.
Ledger recently introduced a seed phrase backup called Ledger Recover. It’s a paid service where customers’ seed phrases are encrypted into three shards and shared with various custodians. However, introducing a third-party centralizes control and creates a single point of failure.
Millions of normies will only start using crypto through a custodial backup approach. Nevertheless, Ledger’s backup product rollout faced reproach from its customers. Many were surprised to know that Ledger hardware updates have always had the ability to access the secret key.
Security researchers such as Andrew Miller, who discovered vulnerabilities in Secret Network, would crowdsource for security audits if Ledger open-sources more of its software and hardware. Ledger’s crisis communication has been enlightening, and it needs to address community concerns. Open-sourcing firmware would enable verification of Ledger’s claims, and a cypherpunk-branded hardware and software dimension approval would be a branding win.
Until then, consider using open-source hardware wallets that don’t have Ledger’s interoperability with emerging blockchains, build your own wallet, or the refurbished Gameboy open-source hardware wallet. To stay safe, trust Ledger for now, but be open to competing developers of open-source hardware wallets.
J.W Verret is an associate professor at George Mason University’s Antonin Scalia Law School. He is a practicing crypto forensic accountant whose writing has appeared in the New York Times, Wall Street Journal and other national publications on crypto topics.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.