Ledger is under fire because it allegedly disclosed user seed phrases

Ledger is under fire because it allegedly disclosed user seed phrases

The crypto hardware wallet provider Ledger harvested violent counter-reactions from his online user base after he has published a controversial update, many fear that the manufacturer has large security gaps.

Ledger claimed that the new functionality is both safe and completely optional, but security experts and crypto holders are already distance from the company.

The controversial recovery service from Ledger

The concerns began to take up late Monday after the Reddit user Joe_smith _Reddit a published Post I ask for an official "yes or no", Whether Ledger has an integrated back door for access to the private keys of the users. A private key is the secret alphanumeric string that enables users access their crypto in the blockchain.

Smiths question referred to Ledger's new "Ledger Recover" service-A ABO Service A restoring phrase is one of the private key Users, expressed in a mnemonic form.

According to Ledger, the service works-activated in the firmware update 2.2.1-by duplicating the restoration phrase of the device on the device, encrypting the copy, fragmentation in three parts and securing with ledger, co-cover and a third unnamed provider. In order to be able to access the service, users must verify their identity based on an ID document and selfie recording.

subsequent Twitter thread On Tuesday, Ledger made it clear that the service is completely "optional" and is not automatically activated by a firmware update. "Your secret recovery phrase is certainly generated on your device. We have no access to it," added the company.

Can Ledger “make” the private keys of users?

Despite the assurances of Ledgers, the community continued to grow concerns about a key idea: The update demonstrated that, contrary to the manufacturer's claims, Ledger devices do not protect the private keys of its users from any external access.

"The trust that the proprietary secure element makes its contribution was the only thread that was related to this company, and now it has been severed," wrote Reddit user Stpinkie on Tuesday in response to Ledger. "I can no longer recommend Ledger to whom his digital sovereignty is important."

The popular crypto developer, author and examiner "Foobar" on Twitter repeated this reaction and asked his followers to move away from Ledger Wallets.

stop using ledger hardware wallets. Go away from them immediately. They showed nothing but gross incompetence and a complete misunderstanding of their own intentions. And now you have publicly admitted that you have deliberately provided your own proprietary hardware with a back door. Stop using ledger pic.twitter.com/llffusow4y

- Foobar (@0xfoobar) 16. May 2023

"The blatant problem with this update is that your private key can be damaged at any time by a malicious or accidental firmware update," he said added .

other users notes The contradiction between Ledger's claims on his website that the keys of the users "never leave the device", and his Ledger recover service, which "distributed" in three different providers, says CEO Pascal Gauthier.

- Chris Dunn (@Chrisdunntv) 16. May 2023

Many in the community recommended ledger to introduce a separate wallet that offers a seed recovery service instead of providing it as a firmware update for existing customers that expect maximum safety from their devices.

Ledger has compromised in the past by the fact that in July 2020 personal data was accidentally released from e-mail and e-mail SMS-phishing campaigns. This leak had no influence on the security of the private key of users.

Ledger sales Style = "Font-Weight: 400"> After the collapse of FTX in November, especially as an investor, tried to protect their own cryptocurrency safely without trusting centralized intermediaries.