Sunday , December 22 2024
Home / Crypto news / Ledger Responds to Customer Fears On Wallet Safety, But Deletes “Confusing” Tweet

Ledger Responds to Customer Fears On Wallet Safety, But Deletes “Confusing” Tweet

Summary:
Online discussions continue to swirl around Ledger’s new firmware update for its crypto hardware wallet, which experts have claimed could put users’ private keys at risk.  Ledger published a Twitter thread on Wednesday attempting to alleviate concerns around the safety of users’ assets, but published a self-contradictory and confusing tweet that stoked the flames of controversy even further.  Ledger’s Worrying Tweet In a now-deleted tweet, Ledger support verified criticisms from Wednesday exposing a troublesome reality of using their product: the manufacturer could, technically, release firmware that extracts users’ private keys from their wallets. “You have always trusted Ledger not to deploy such firmware whether you knew it or not,” wrote the company. Ledger’s Deleted

Topics:
Andrew Throuvalas considers the following as important: ,

This could be interesting, too:

Wayne Jones writes Argentina’s Mining Sector Pioneers Lithium Tokenization by Tapping Cardano

Wayne Jones writes Chinese Auto Dealer Dives Into Bitcoin Mining With 6M Investment

Wayne Jones writes Nigeria Arrests 792 in Landmark Crypto-Romance Scam Raid

Wayne Jones writes NFT Gaming Project CyberKongz Receives Wells Notice from SEC

Online discussions continue to swirl around Ledger’s new firmware update for its crypto hardware wallet, which experts have claimed could put users’ private keys at risk. 

Ledger published a Twitter thread on Wednesday attempting to alleviate concerns around the safety of users’ assets, but published a self-contradictory and confusing tweet that stoked the flames of controversy even further. 

Ledger’s Worrying Tweet

In a now-deleted tweet, Ledger support verified criticisms from Wednesday exposing a troublesome reality of using their product: the manufacturer could, technically, release firmware that extracts users’ private keys from their wallets.

“You have always trusted Ledger not to deploy such firmware whether you knew it or not,” wrote the company.

Ledger’s Deleted Tweet. 05/17/23

This contradicts a claim from the company’s main account last November, in which Ledger claimed that user private keys cannot be extracted from a wallet’s secure element chip through a firmware update. 

At the time, Ledger and other wallet manufacturers were recording record sales in the aftermath of FTX’s collapse, as crypto investors sought the security of self-custody and cold storage for their crypto assets. 

On Thursday, Ledger said that it decided to delete its Wednesday tweet due to its “confusing wording.” However, Ledger’s CTO Charles Guillemet published a follow-up thread explaining that wallets, in general, have “many ways” to implement a backdoor, and that some level of trust is required with any third-party wallet purchase. 

“Open source doesn’t really solve this,” he added. “It’s impossible to have guarantees that the electronic itself is not backdoored, nor that the firmware that runs inside the wallet is the one you audited.”

Ledger Recover

Criticism around Ledger swelled on Wednesday after the company announced its new hardware wallet service “Ledger Recover.” With user permission, the service breaks a wallet’s private keys into three shards, encrypts them, and stores them with three separate centralized providers – one of which is Ledger. 

The subscription service requires users to provide personal identifying information before using it. In return, users are granted a method of recovering their private keys in case they lose both their hardware device and seed phrase paper backup. 

The crypto community blasted the service and its associated firmware update for adding a code path that can send private keys to third parties. Many experts including developer and auditor “foobar” recommended that followers stop using the company’s devices.

You Might Also Like:

Leave a Reply

Your email address will not be published. Required fields are marked *