Ledger Scandal: Should You Trust? Seed And Security

Ledger Scandal: Should You Trust? Seed And Security


A few days ago Ledger announced a very controversial new service called Ledger Recover. It provides backup with the possibility of restoring the seed phrase even if it is lost.
The backup is done in the cloud, by fragmenting the seed phrase into three parts, encrypting it with the Shamir Shared Secret and uploading the fragments to three online servers. Other key points: Charles Guillemet (Thread)
To use the service you also need the KYC and the payment of a monthly fee. This has caused a great scandal: first of all this goes against the concept of self-custody, as a component of trust towards third parties is established in the management of private keys. Secondly, many fear that there is a backdoor in the firmware, which allows Ledger (therefore potentially also third parties) to access the user's seed phrase at any time.

 

ARE THE FUNDS AT RISK?
If you are using Ledger, you are a lover of self custody so you should definitely not use the Recovery function.
The reason is related to security and privacy: a hardware wallet is used precisely to avoid any risk related to custody by third parties. Furthermore, the seed is associated with the KYC so you would also give up privacy.
If I don't use Recovery, are my funds at risk?
You all know that the firmware (the software installed in the Ledger's internal chip) is closed source, i.e. not verifiable by third parties, therefore it is not possible to verify if there are backdoors or vulnerabilities.
Could Ledger then extract the seed phrase from the Secure Element (the chip responsible for generating it and signing transactions)?
This second thing, in particular, could be an attack vector for any hackers who could exploit it to steal the seed phrase.

According to Ledger:
"For users who decide not to join Ledger Recover nothing changes compared to before. The seed phrase is not extracted from the Secure Element, but is generated from it and encrypted"

Subsequently, a Ledger Support operator tweeted saying that in fact those who use Ledger must trust them, since they could at any time issue a firmware that allows the extraction of the seed.

433349dc174c0d86882a9687bba4b6ca94c3ea90cabc3435ed44ca2d17e2e7d9.png

The tweet was removed after it went viral generating yet another shitstorm, citing the fact that it was poorly written and confusing. The CTO intervenes again, explaining how a hardware wallet works: Charles Guillemet (Thread)
What is explained is that the hardware wallet is a device that signs transactions, and uses its operating system (which has access to private keys) and applications for each chain (which interface with the operating system).
Applications, in Ledger's case, are already open source.
Even if it were all open source, if the manufacturer wanted to introduce a backdoor it could do it for example in the hardware. The only way to truly be 100% trustless would be to build your own hardware and software. Alternatively, there will always be a component of trust in the manufacturer.

12196b44a18e59eaf71c4c65bb43bd880a8955230e751843cbef15585becf1e6.png
In other words, if you don't trust the manufacturer (in this case Ledger, but it also applies to other hardware wallets), you shouldn't buy their products. According to this thread replies, the attack surface may have changed (due to the new functionality, which happens with every new update), but that doesn't actually change the core of the matter: you use Ledger (or any other wallet) if you think the firmware and the device are safe and trust the manufacturer. Security side for the single user who does not adhere to the new service, nothing changes compared to before.

71b030177b0b56f15f5586fa24198d0b2992991ebe57f0f94f1f066d7b4f0d24.png

 

This is what they say, obviously being "closed source" it's up to us to decide whether to trust it or not. Just the trust.
But weren't these devices created to solve the concept of "Trustless"? The narrative has always been wrong, IMO. The seed can be safe but there will always be any attack vectors because you always have to trust those who build the hardware: Ledger in this case. Clearly even when you connect a credit card to Amazon, to Apple or on Android you are trusting whoever makes that hardware.
If you are thinking of building a hardware wallet using a PC without an internet network, the matter does not change: you still have to trust whoever built the hardware. If you are an electronic engineer who can build everything yourself (transistors included), perhaps you may be more likely to have a 99.99% safe device. You think that a few years ago there was some malware that spread through the audio speakers! Maximum security does not exist.

05e34a9668011ba307291b7b30b0cf9a3c590f9afe392ad9853e0cf59e8e6cc7.png

 

Are you interested in ways to earn crypto bonus? Check it out here: Some Sites To Earn Crypto Bonus (Old & New)

How do you rate this article?

138


☑️0🆇D̺͈͙͕̿ͧ̑ͣ🅰🆅🅸🅳eͤ
☑️0🆇D̺͈͙͕̿ͧ̑ͣ🅰🆅🅸🅳eͤ Verified Member

I love Bitcoin since 2012. I also love NFT. #BTC #ETH #MLBSorare


Darknet
Darknet

The topics will be 🅒🅡🅨🅟🅣🅞, of course. BTC and Degen crypto since 2012.⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.