Ledger has always been able to access users' private keys
Cryptocurrency purse maker Ledger said it has always been able to access users' private keys
A hardware cryptocurrency wallet maker claimed it had always been able to install firmware on the devices that allowed it to retrieve customer passwords. That message was later removed
Defending its new product, hardware cryptocurrency wallet maker Ledger caused an uproar in the cryptocurrency community by claiming that it has technically always been possible to get users' keys that give access to their crypto assets.
"Don't worry about us holding a gun to your head the whole time. And see? It's not like you're dead, so there's no problem with us continuing to hold a gun to your head," Ledger commented on the social media site's statements.
The company soon deleted its message, but it had already made its way around the Web. Ledger later wrote that its words were "taken out of context," and that its devices' firmware has layers of protection and control to ensure that no attacker (even internal) can introduce malicious firmware.
In response to this, one user noted that when he bought a Ledger device, he was not buying "layers of control," he was simply buying a cold wallet that the seed phrase could not leave under any circumstances. Never before has a real-time company ruined its reputation like this, another commenter stated.
With its firmware statements, Ledger tried to protect its new Ledger Recovery tool for recovering lost keys, announced on May 16, from attacks by the cryptocurrency community. The tool allows you to create a backup copy of a seed phrase (a secret key made up of a random set of words) to help restore access to a Nano X cryptocurrency wallet in the event of losing a secret phrase.
The new service breaks down the seed phrase into three fragments that encrypt the three different sides. As Wired reported in February, these firms will be the cryptographic company Coincover, Ledger itself, and backup service provider EscrowTech.
If a key is lost, the owner of the wallet will have access to its backup by authenticating it. The Ledger Recover service will be paid and voluntary.
The ledger tool was accepted by the cryptocurrency community "with hostility". The main complaint of users is that the company positioned the device as a way to autonomously store cryptocurrencies, that is, access keys could only be on it and should not leave it.
By adding the ability to upload keys, albeit, in encrypted form, Ledger has set a precedent that goes against its original claims. Critics say the new tool reduces the security of the device, making it vulnerable to fraudsters.
"This is a terrible idea, do not enable this feature," wrote Polygon Labs Director of Information Security Mudit Gupta.
"To recover your keys in this way, the company requires you to provide personal information, allowing anyone with your credentials (such as from other data breaches) to take your funds. This seems... ill-conceived," said a representative of the Chainlink crypto platform under the nickname ChainlinkGod.eth.
Ledger says this backup option will be popular because the possibility that assets could become inaccessible simply due to the loss of a key is a deterrent to investing in cryptocurrencies.
"This is what future customers want. It's a way for the next hundreds of millions of people to really move to cryptocurrencies," Ledger CEO Pascal Gauthier was quoted in CoinDesk.
At the end of March, it became known that Ledger attracted funding of up to $100 million. Gauthier said that the company will use the funds received to develop its business, expand its distribution network, increase productivity, and improve its products.
- Bloomberg reports growing faith in Bitcoin among investors who fear default
- Musk's advanced LADYS token brought its 10 largest holders $20 million in profits
- EU adopts common rules for all countries to regulate cryptocurrencies
- Conflux rises 14% after news of blockchain sim card launch
- Jump Trading earned more than $1 billion for supporting the TerraUSD token rate
- U.S. exchange regulator asks court to dismiss Coinbase lawsuit
- Hackers stole $15 million in cryptocurrencies through a fake cryptocurrency exchange website