June 5, 2023
ledger Compromised

Leaked information suggests that Ledger, a popular device used to secure cryptocurrency, may start sharing users’ passphrases with certain “trusted” companies through encrypted messages. This goes against what Ledger was designed for, which is to keep our private keys safe and not expose them to anyone.

The problem is that if Ledger releases a firmware update that allows this, it doesn’t matter if people choose to install it or not. It means that something we thought was impossible before is now becoming possible. So the main advantage of Ledger, which was its strong physical hardware protection, may not be reliable anymore.

Even the co-founder of Ledger is avoiding giving a clear answer when asked if there is a backdoor in the device. Instead, the response is vague and doesn’t provide a definite “yes” or “no.” This raises suspicions and makes people doubt the security of Ledger devices.

This leaked information has caused worry among cryptocurrency users. They relied on Ledger to keep their private keys secure, but now there are concerns that passphrases could be shared with others, even if they are encrypted.

People are waiting for an official response from Ledger to confirm if the leaked information is true and to explain their position on sharing passphrases with external companies. Until then, users are advised to be cautious and consider other ways to protect their digital assets.

Ledger needs to address these concerns openly and honestly in order to regain the trust of their customers. The security and integrity of hardware wallets are extremely important in the world of cryptocurrency.

Ledger Answering Questions

Ledger’s CTO, Charles Guillemet, introduced new features that have raised concerns among customers. Let’s clarify these features and address the concerns:

Clarification for new features:
The secure element chip in the device is a programmable computer. Its program can access and manipulate your seed, making the security of this code extremely important.

Strong security mechanisms are in place to ensure that only Ledger’s code can run on your device. Additionally, any code with access to the seed cannot be modified by attackers.

To prevent unauthorized firmware updates, mechanisms are in place that require approval from all key stakeholders within Ledger.

Ledger has always designed the code controlling the seed’s actions. This meticulous approach prioritizes security at every step.

The new firmware version 2.2.1 includes code that can split the seed into three separate encrypted shards.

The sharding feature, like any action involving the seed, requires your consent through a physical button press to create the encrypted shards. If you’re concerned, you can choose not to trigger or accept the seed sharding operation.

It’s important to emphasize that sharding cannot occur without your explicit consent, which requires a physical confirmation on the device.

The Ledger Recover service, where the shards are transported and held by three separate and independent companies, as well as the KYC process, is separate from the sharding feature. If you don’t want a secure backup of your seed phrase, you can choose not to use this service and ignore its existence.

When Ledger mentions that it’s optional, they mean you have the choice. If you never click the button to create the shards, you can completely disregard the rest of the service and be confident that you’re not interacting with it.

Despite these clarifications, customers and the general public still have concerns.

Some worry that if this feature is available without entering a passphrase, it implies there’s a backdoor in Ledger’s code. This raises concerns about whether Ledger has access to their keys, and they are not the only ones with such access.