The biggest Crypto Hardware wallet, Ledger is under some serious allegations. On Tuesday, May 16th, Ledger released a highly controversial update that has led to many users abandoning the platform. This upgrade goes against the fundamental purpose of a hardware wallet. Does that mean your Ledger has a backdoor now? Is your crypto no longer safe on Ledger?
It’s a matter of urgent concern. So me and my team of researchers took a deep dive and found out something outrageous. And we also looked out at some Ledger alternatives. Let’s talk about it now.
What Happened to Ledger?
Ledger is one of the most secure crypto wallets in existence or was it? As you know Ledger is a hardware wallet that acts as a “cold storage” device to link your crypto to a USB thumb drive unlike “hot wallets” like MetaMask, which stay connected to the internet at all times. That means in Ledger your crypto is off-limit from the internet keeping it safe.
1/ Ledger "Recover," a thread 🧵
Last night Ledger accidentally leaked some info on their new recovery subscription service, and today they revealed the details.
Let's walk through their proposed "solution" to cryptocurrency custody and how dangerous it is. pic.twitter.com/8GnCKv7hTH
— Seth For Privacy (@sethforprivacy) May 16, 2023
But on Tuesday, Ledger announced its seed phrase backup and recovery service called Ledger Recover. This attracted massive crypto community criticism. Even Ripple CTO called it a “Massive Loss of Security” But wait before you go out and trash your Ledger, let us first understand the update.
What is the Ledger Update About?
The Ledger update offers you an opt-in “recovery services” feature. While it is good for someone who tends to lose his seed phrases, it can potentially expose your seed phrases. But I would want to emphasize it is an optional service. That means you can choose it if you want it.
Exciting update, Ledger has a new product, Ledger Recover, that’s launching soon: https://t.co/nT1VHnnSYz
🧵Here’s what Ledger Recover is and what it isn’t, explained by @P3b7_ & in the thread below. pic.twitter.com/RW1w07H6pK
— Ledger (@Ledger) May 16, 2023
I can’t actually believe it. This seems absolutely crazy for a hardware wallet provider to encourage you to back up your seed phrase online AND give them your ID.
I will not go into the details of how this new “Recovery Services” works in this article. But let me tell you this is a subscription-based service. Exclusively offered at a price of $9.99 per month and is limited to Ledger Nano X devices. So, users from the European Union, the United Kingdom, Canada, and the United States are required to provide an identity card as part of the subscription process.
Ok, so this is an optional service. You can choose to stay out. Then why am I or the community outraged by this “Optional Recovery service”? Make sure you don’t miss that part of the video.
Crypto Community Outrage
Well, the crypto community is furious about the upgrade. Because in previous incidents security of the Ledger Wallet has been compromised. So I am not at all happy to let them create a recovery backup of my “Seed Phrase”.
Chief Information Security Officer at Polygon Labs raised some concerns over this new feature. Mudit Gupta said in a Twitter thread, Gupta expressed his belief that enabling this feature is a “horrendous idea” and advised against it. He elaborated on his concerns, stating that the encrypted key fragments are sent to three corporations, which possess the capability to reconstruct users’ keys.
Oh but it is secured by ID verification!
You know what else is secured by ID verification? Mobile number porting.
Do you know how many high profile sim jacking cases happen every day? Too many.
Anything secured by "ID verification" is inherently insecure. Too easy to fake.
— Mudit Gupta (@Mudit__Gupta) May 16, 2023
Even Binance CEO seems to be in complete disbelief of the fact that “Seed can now leave the device”. But what if I don’t upgrade my Ledger? Then I don’t opt for a recovery upgrade and my seed remains with me. Unfortunately, that is not the case. Why?
What if I don’t Upgrade my Ledger?
Why do I need to upgrade my Ledger Wallet? Because if I don’t, my seed will be safe with me. But you need to think it through. Apart from Bitcoin, all other blockchains are evolving. They keep incorporating new signing algorithms, key derivatives, and so on. For example, Ethereum now requires BLS signatures. If you cannot upgrade your Ledger wallet that means your Ledger wallet will not include the latest algorithms and features of new blockchains, you might need to just throw it away and buy a newer model.
Another main problem is that In Nov 2022, Ledger claimed that firmware updates should never extract private keys. Does this mean there always has been a code running on your ledger designed to send? And now they’re saying it technically always has been possible to write firmware that facilitates key extraction.
Long story short:
* Don't update your ledger firmware. Wait until Ledger withdraws and issues a new upgrade without the misfeature.
* Nano S seems not to be affected anyway.
* Your coins are infinitely safer in a hw wallet compared to a software wallet.
— Emin Gün Sirer🔺 (@el33th4xor) May 16, 2023
The other main problem here is their firmware is closed source, it’s basically a black box, and its capabilities cannot be verified, requiring us to fully trust the manufacturer. This is extremely important as no one but they can verify what the firmware actually does. All this puts me in a tough spot and now am looking at Potential Ledger alternatives.
Potential Ledger Alternatives
Developed by Shift Cryptosecurity. BitBox is an open-source hardware wallet that offers multiple key features to ensure the security of your cryptocurrency assets. Supports Bitcoin, Litecoin, Cardano, Ethereum, and 1500+ ERC-20 tokens.
Main features of BitBox:
- Open-source design: BitBox is an open-source hardware wallet, that allows users to review the code and ensure transparency and security.
- Secure chip technology: BitBox uses a secure chip to store private keys and conduct transactions securely, mitigating the risk of attacks.
- Multi-platform compatibility: BitBox is compatible with various operating systems, including Windows, macOS, and Linux, providing flexibility for users.
Did you know that you can use the BitBox02 as a 'stateless' signer?
The microSD card slot makes it incredible easy to switch between different wallets!
While this is not the intended use case of the BitBox02, it's certainly possible to use it that way! pic.twitter.com/kC0KNoUGDM
— Shift Crypto (@ShiftCryptoHQ) May 18, 2023
- Limited Supported Assets – Over 1500 different ERC-20 tokens,
While these stats are just decent could honestly be a bit better.
- No iOS support.
Trezor is one of the top hardware wallets of today
- Enhanced Security: Advanced security measures such as two-factor authentication and passphrase encryption to keep funds safe from unauthorized access.
- Wide cryptocurrency support:** compatibility with various blockchain networks.
- The Trezor wallets can cost quite a bit more.
- Bulky design.
Shamir backup is:
Fully transparent ✅
No KYC ✅
Get 15% off hardware wallets and Shamir HODL packs until Sunday, May 21🔒
Buy now 👉 https://t.co/2uNoszrLrV pic.twitter.com/6NUW1hUfC3
— Trezor (@Trezor) May 16, 2023
- An air-gapped wallet that does not need to connect to an online device.
- Multiple cryptocurrency support.
- Matched pricing with Coldcard but both are more expensive than competitors.
- Within the default Keystone app, adding new addresses manually for transactions may be cumbersome if someone sends Bitcoin frequently. Auto-generated addresses would be a nice option in a software update. The user also has the option to use any of the other supported apps with the Keystone device.
🤩 Bonus points if you also include:
🔹 Details about the recent backlash on Ledger's recent recovery feature
🔹 How to migrate from using a Ledger to Keystone 🔥
🔹 Attention grabbing images/screenshots
🔹 Tutorial videos pic.twitter.com/j3plo4On4b
— Keystone | Open Source Blockchain Hardware Wallet (@KeystoneWallet) May 17, 2023
This wallet was founded by the same guy who established ShapeShift, an exchange platform for crypto assets. When he created KeepKey, he integrated ShapeShift directly into the device so that users can exchange their assets from within the KeepKey wallet using Shapeshift.
- Multi-Currency support.
- Sleek design.
- Highly secure.
- Not intuitive like others.
📢In light of recent decisions made by #Ledger, it is our stance that users' private key data should never leave the device, #encrypted or otherwise. #KeepKey will never release firmware that allows for the exfiltration of users' private key data in any…
— KeepKey (@KeepKeyDevs) May 16, 2023
⬆️ For more cryptocurrency news, check out the Altcoin Buzz YouTube channel.
⬆️ Check out our most up-to-date research, NFT and Metaverse buy, and how to protect your portfolio in this market by checking out our Altcoin Buzz Access group, which for a limited time, is FREE. Try it today.