Ledger’s new firmware update for its crypto hardware wallet has come under scrutiny for potentially putting users’ private keys at risk. This has led to a lot of discussion online amongst experts and users alike. The company tried to alleviate concerns on Wednesday with a Twitter thread, but a tweet that was later deleted only added to the confusion and controversy. The tweet from Ledger support confirmed criticisms that the manufacturer could release firmware that extracts users’ private keys from their wallets. This is a contradiction to a claim the company made on its main account last November, stating that user private keys could not be extracted from a wallet’s secure element chip through firmware updates.
This contradiction has led to confusion on the part of users, as there is now a lack of clarity about the security of the hardware wallet. This confusion has not been helped by the fact that the company continues to delete tweets and issue statements that are self-contradictory or confusing. Ledger’s CTO Charles Guillemet tried to explain the situation in a follow-up thread on Twitter, saying that wallets in general have “many ways” to implement a backdoor, and that some level of trust is required with any third-party wallet purchase. He also added that open source technology does not necessarily solve the issue, as there are no guarantees that the hardware or firmware is not backdoored or compromised.
Criticism of Ledger has been growing since the announcement of its new hardware wallet service, “Ledger Recover”. The service allows users to break their wallet’s private keys into three shards, encrypt them, and store them with three separate centralized providers, one of which is Ledger. However, users are required to provide personal identifying information before using the service, which has raised concerns about privacy and security.
Overall, the situation with Ledger’s new firmware update and hardware wallet service has caused a lot of confusion and raised serious questions about the security of the hardware wallet. The fact that the company has contradicted itself and issued confusing statements has only added to the uncertainty. While some level of trust is necessary with any third-party wallet purchase, the lack of clarity around security risks in Ledger’s products is a cause for concern. Users should be cautious and consider all available options before using this particular hardware wallet or firmware update.