Suche
Mein Konto
Ledger responds to customer fears about wallet security but deletes confusing” tweets
Online discussions continue to revolve around Ledger's new firmware update for its crypto hardware wallet, which experts say could put users' private keys at risk. Ledger posted a Twitter thread on Wednesday attempting to address concerns about the security of users' assets, but posted a contradictory and confusing tweet that further fueled the controversy. Ledger's worrying tweet In a now-deleted tweet, Ledger support acknowledged Wednesday's criticism and revealed a problematic reality about using its product: The manufacturer could technically release firmware that extracts users' private keys from their wallets. “Whether you knew it or…
Ledger responds to customer fears about wallet security but deletes confusing” tweets
Online discussions continue to revolve around Ledger's new firmware update for its crypto hardware wallet, which experts say could put users' private keys at risk.
Ledger posted a Twitter thread on Wednesday attempting to address concerns about the security of users' assets, but posted a contradictory and confusing tweet that further fueled the controversy.
Ledger's worrying tweet
In a now-deleted tweet, Ledger Support acknowledged Wednesday's criticism and revealed a problematic reality about using its product: The manufacturer could technically release firmware that extracts users' private keys from their wallets.
“Whether you knew it or not, you have always trusted Ledger not to provide such firmware,” the company wrote.
Ledger's deleted tweet. 05/17/23
This contradicts a claim made by the company Main accountlast November, in which Ledger claimed that user private keys cannot be extracted from a wallet's Secure Element chip through a firmware update.
At the time, Ledger and other wallet makers saw record sales following the collapse of FTX as crypto investors sought the security of self-custody and cold storage of their crypto assets.
On Thursday, Ledger calledthat it had decided to delete his Wednesday tweet due to its “confusing wording.” However, Ledger CTO Charles Guillemet posted a follow-up thread explaining that wallets in general have “many ways” to implement a backdoor and that a certain level of trust is required with any third-party wallet purchase.
22/
If you want to be completely trustworthy, you need to learn electronics to build your computer, learn ASM to build your compiler, then build a wallet stack, your own node and synchronizer, you need to learn cryptography to build your own signature stack.
— Charles Guillemet (@P3b7_) May 18, 2023
“Open source doesn’t really solve this problem,” he added. “There is no guarantee that the electronics themselves are not backdoored or that the firmware running in the wallet is the one you have tested.”
Ledger recovery
Criticism of Ledger increased on Wednesday after the company announced its new hardware wallet service, “Ledger Recover.” With user permission, the service splits a wallet's private keys into three shards, encrypts them and stores them at three separate central providers - one of which is Ledger.
The subscription service requires users to provide personal identification information before use. In return, users are given the opportunity to recover their private keys in the event they lose both their hardware device and their seed phrase paper backup.
The crypto community criticized the service and its associated firmware update because it added a code path that can send private keys to third parties. Many experts, including developers and reviewers “foobar,” recommended that followers stop using the company’s devices.
If you have a ledger, your keys are not at risk (yet). However, when you update to the latest firmware, it gets stuck in a code path that can send your private key to third parties. Given that Ledger has a history of torturing its own customers, it is unlikely that they will keep this information safe
— foobar (@0xfoobar) May 16, 2023
.