Ledger could always access the private keys of users

Ledger, a company that makes hardware cryptocurrencies, said it had always been able to install firmware on the devices that would allow customer passwords to be extracted. This message was later removed

Protecting its new product, hardware cryptocurrency wallet maker Ledger caused a scandal in the cryptocurrency community. With its statement that it has technically always been able to get users’ keys giving access to their crypto-assets.

“Don’t worry about us holding a gun to your head the whole time. And see? It’s not like you’re dead, so there’s no problem with us continuing to hold a gun to your head,” Ledger commented on Ledger’s social media statements.

The company soon deleted its message. But it had already made its way around the web. Ledger later wrote that her words were misunderstood. And there are layers of protection and control in the firmware of its devices to ensure that no hacker (even internal) can introduce malicious firmware.

In response to this, one user noted that when he bought a Ledger device, he was not buying “layers of control”. He was simply buying a cold wallet in which the seed phrase could not leave under any circumstances. Never before has a real-time company ruined its reputation like this, another commenter stated.

Protection from critics

Ledger tried to protect its new lost key recovery tool Ledger Recovery, announced on May 16, from criticism from the cryptocurrency community with its firmware statements. The tool allows you to create a backup copy of a seed phrase. And that will help restore access to the Nano X cryptocurrency wallet in the event that a secret phrase is lost.

The new service breaks the seed phrase into three fragments. Which in encrypted form store three different sides. As Wired reported in February. Those firms would be crypto company Coincover, Ledger itself. And backup service provider EscrowTech.

If a key is lost, the owner of the wallet will have access to its backup by authenticating themselves. The Ledger Recover service will be paid for and voluntary.

The Ledger tool has been very badly received by the cryptocurrency community. The main complaint of users is that the company positioned its cold wallet as a way to autonomously store cryptocurrencies. That is, access keys could only reside on it and not be allowed to leave it.

By adding the ability to upload keys, albeit in encrypted form, Ledger set a precedent. Which completely contradicts its initial claims. According to critics, the new tool reduces the security of the device, making it vulnerable to scammers.

“This is a terrible idea, do not enable this feature,” wrote Polygon Labs Director of Information Security Mudit Gupta.

Also Ledger says this backup option will be popular. That’s because the possibility that assets could become inaccessible simply because a key is lost is a deterrent to investing in cryptocurrencies.

“That’s what future customers want. It’s a way for the next hundreds of millions of people to really move to cryptocurrencies,” Ledger CEO Pascal Gauthier was quoted by CoinDesk.

Our experts point out that at the end of March it became known that Ledger attracted funding of up to $100 million. Gauthier said that the company will use the funds received to develop its business, expand its network of distributors. As well as increasing production and improving products.