Ledger's Shocking Move: Has Our Trust Been Betrayed?

The Breakdown


Every Saturday, I ask what the week before will be remembered for when it comes to crypto and the larger economy. And to me, there are two big things that stand out this week. The first is, of course, ledger. For those of you who haven't listened to the ledger episode from earlier this week, the TLDR is that on Tuesday they announced a feature called ledger recover. Now ledger recover was a way for people who were maybe new to the space or who are just generally insecure about keeping their own seed phrase on a piece of paper, which is how ledger normally does things. This new feature ledger recover would allow them to effectively have a backup. And the way that it would work is that the ledger device would send out a copy of the seed phrase split into three parts. It would go to ledger and two other companies, and the person would have to use ID verification services to request to have it come back. Now you might already have spotted some of the issues here. All of a sudden, a hardware wallet which is supposed to be a self sovereign device and totally outside of the realm of tamper ability, has introduced a whole slew of new weaknesses. There's a KYC and identity verification process, there's these three companies that are involved, but the biggest thing that had people upset was that in the past, ledger had made it seem like there was no way for the device to ever send out a seed phrase, however that seemed to be changing. Because of the device could copy that seed phrase and then encrypt it to send it out in these three parts, didn't that break the relationship that people thought they had with their ledgers? Now, over the next couple of days, ledger really dug itself into a deeper and deeper hole. At one point, it's team tweeted technically speaking it is and has always been possible to write firmware that facilitates key extraction. You've always trusted ledger not to deploy such firmware, whether you knew it or not. It's important to understand that at the end of the day, any hardware wallet solution to user chooses to go with will always require that person to trust the developer to build and maintain a secure device to store your assets. This was exactly the wrong thing to say. And just further outrage the community.

Coming up next