Ledger reacts to customer fears regarding the security of wallets, but deletes confusing tweets
Ledger reacts to customer fears regarding the security of wallets, but deletes confusing tweets
Online discussions are still about Ledger's new firmware update for its crypto hardware wallet, which, according to experts, could endanger the private key of users.
Ledger released a Twitter thread on Wednesday, in which he tried to clear concerns about the security of the assets of the users, published a contradicting and confusing tweet that further heated up the controversy.
Ledger's worrying tweet
In a tweet, now deleted, the Ledger support confirmed the criticism of Wednesday and revealed a problematic reality when using its product: The manufacturer could technically publish firmware that extracts the private keys of users from their wallets.
"whether they knew it or not, they always trusted Ledger that it does not provide such firmware," wrote the company.
Ledgers deleted tweet. 17.05.23
This contradicts an assertion of the company main account last November, in which Ledger claimed that private user key cannot be extracted by a firmware update from the secure element chip of a wallet.
Back then recorded Ledger and other Wallet manufacturers after the collapse of FTX record sales, since crypto investors were looking for the safety of self-custody and cooling from their crypto-assets.
on Thursday, ledger called that it decided to delete its Wednesday tweet due to its "confusing wording". Charles Guillemet, CTO of Ledger, published a follow-up thread in which he explained that Wallets generally have "many ways" to implement a back door and that a certain amount of trust is required each time the wallet is buying.
22/
If you want to be completely trustworthy, you have to learn electronics to build your computer, learn to build your compiler, then build a wallet stack, your own knot and synchronizer, you have to learn cryptography to build your own signature stack.
- Charles Guillemet (@p3b7_) 18. May 2023
"Open source does not really solve this problem," he added. "There is no guarantee that the electronics itself is not back door or that the firmware that runs in the wallet is the one that you have checked."
Ledger recovery
The criticism of Ledger increased on Wednesday after the company announced its new hardware wallet service "Ledger Recover". With a user permit, the service divides the private keys of a wallet into three Shards, encrypt them and saves them with three separate central providers - one of them is ledger.
For the subscription service, users must provide personal identification data before using. In return, users are given the opportunity to restore their private keys if they lose both their hardware device and their seed phrase paper backup.
The crypto community criticized the service and the associated firmware update because it added a code path that can send private keys to third parties. Many experts, including developers and examiners "Foobar", recommended that the followers no longer use the company's devices.
If you have a main register, your keys are not (yet) endangered. However, if you update the latest firmware, it sticks to a code path that can send your private key to third parties. In view of the fact that Ledger has tortured his own customers in the past, it is unlikely that you will safely store this information
- Foobar (@0xfoobar) 16. May 2023
.
Kommentare (0)