Subscribe to our Telegram channel
It turned out that one of the most popular cryptocurrency wallet manufacturers has always had access to investors' funds
Talking about their new product, representatives of Ledger, a hardware cryptocurrency wallet company, caused a scandal in the cryptocurrency community.
Ledger specialists stated that the company had always had access to the keys to their customers' wallets. This message was later deleted. «It has always been possible to write firmware that will help extract the keys. You have always trusted Ledger not to install such firmware, whether you knew about it or not ,» the company said. It should be noted that Ledger is one of the leading manufacturers of hardware crypto wallets, occupying 20−25% of the market.
«Don't worry, we’ve been holding a gun to your head all this time. And see? You’re not dead, so there’s no problem with us continuing to hold a gun to your head ,» one Twitter user commented on Ledger’s statement.
Soon after, Ledger representatives deleted their message, but it had already spread online. Later, Ledger wrote that the words were «taken out of context» and that there are layers of protection and control in the firmware of devices to ensure that no attacker (even an internal one) can introduce malware.
By making statements about firmware, Ledger tried to protect its new tool for recovering lost keys, Ledger Recovery, announced on May 16, from criticism from the crypto community. The tool allows you to create a backup copy of a seed phrase (a secret key composed of a random set of words), which will help restore access to the Nano X crypto wallet in case of loss of the secret phrase.
The new service splits the seed phrase into three fragments, which are stored in encrypted form by three different parties. As Wired reported in February, these firms will be the cryptographic company Coincover, Ledger itself, and the backup service provider EscrowTech.
The main complaint of users is that the company has positioned the device as a way to store cryptocurrencies offline. By adding the ability to upload keys, even in encrypted form, Ledger has set a precedent that contradicts its initial statements. According to critics, the new tool reduces the security of the device, making it vulnerable to fraudsters.