Ledger clarifies how its firmware works after deleted tweet controversy

On May 18, crypto hardware wallet provider Ledger clarified how its firmware works after a controversial May 17 tweet was deleted by the company. The deleted tweet, which Ledger said was written by a customer support agent, had stated that it was “possible” for Ledger to write firmware that could extract users’ private keys.

Ledger chief technology officer Charles Guillemet clarified in a new Twitter thread that the wallet’s operating system (OS) requires the consent of the user anytime “a private key is touched by the OS.” In other words, the OS shouldn’t be able to copy the device’s private key without the user’s consent – though Guillemet also said that using a Ledger does require “a minimal amount of trust.”

The original tweet from Ledger customer service stated, “Technically speaking, it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.”

May 17 tweet from Ledger Support, which was later deleted. Source: Twitter

The tweet ignited a firestorm of controversy on Twitter, as many users accused the company of misrepresenting the security of its wallet. Critics shared an alleged Ledger post from November that stated, “A firmware update cannot extract the private keys from the Secure Element,” implying that the company contradicted itself.

Though the deleted tweet fueled the controversy, the matter first sparked on May 16, when the company unveiled a new “Ledger Recover” service that allows users to back up their secret recovery phrase by splitting it into three shards and sending it to different data custody services. The deleted tweet was in response to the release of the new feature. 

The new Twitter thread from Guillemet states that the wallet’s firmware, or OS, is “an open platform” in the sense that “anyone can write their own app and load it on the device.” Before being allowed on the Ledger Manager software, apps are first evaluated by the team to make sure that they aren’t malicious and don’t have security flaws.

According to Ledger, even after an app is approved, the OS does not allow it to use the private key for a network it isn’t made for. The company raised the example of Bitcoin apps not being allowed to use the device’s Ethereum private keys and vice versa for Ethereum apps and Bitcoin keys. In addition, every time a private key is used by an app, Ledger says the OS requires users to confirm their consent to use the key. This seems to imply that third-party apps installed on Ledger shouldn’t be able to use a person’s private key without the user first consenting to its use.

Guillemet also confirmed that this system is part of the current OS, which could theoretically be changed if Ledger were to become dishonest or if an attacker were to somehow gain control of the company’s computers:

“If the wallet wants to implement a backdoor, there are many ways to do it, in the random number generation, in the cryptographic library, in the hardware itself. It’s even possible to create signatures so that the private key can be retrieved only by monitoring the blockchain.”

Related: “Trusted” marketplace sold fake Trezor hardware wallets stealing crypto

Yet, the Ledger chief technology officer dismissed this concern, stating, “Using a wallet requires a minimal amount of trust. If your hypothesis is that your wallet provider is the attacker, you’re doomed.” He went on to say that the only way a user can protect themselves against a dishonest wallet developer is to build their own computer, compiler, wallet stack, node and synchronizer, which the CEO said is “a lifetime journey.”

Rival hardware wallet provider GridPlus has offered to open-source its firmware in an attempt to attract Ledger users. On the other hand, Guillemet stated that open-sourcing firmware would not protect against a dishonest wallet provider since the user would have no way of knowing whether the published code was actually running on the device. 

Magazine: Joe Lubin: The truth about ETH founders split and ‘Crypto Google’

All Dutch and English crypto news!

Cryptocurrency markets’ low volatility: A curse or an opportunity?

Cryptocurrency markets are well-known for their volatility, where large price swings help investors create or lose fortunes. Yet there are often periods of relative stability...

5 free ChatGPT and generative AI courses

In the realm of technology, becoming proficient in using the most recent generation of generative artificial intelligence (AI) tools has quickly become essential. These tools, like ChatGPT...

Hack bij Atomic Wallet? Volledige crypto portfolio’s verdwenen

Een waarschuwing voor iedereen die gebruik maakt van crypto-wallet Atomic Wallet: er lijkt een hack te zijn. Gebruikers laten weten dat in sommige gevallen al...

Pro-XRP attorney’s phone hacked to promote LAW token

Pro-XRP lawyer, John Deaton, has suffered a phone hack on June 4, after a relentless cyberattack over several days.  CryptoLaw, an account created by the attorney...

Beste exchanges

Koop je crypto bij Bitvavo