Crypto hardware wallet manufacturer Ledger has been the center of controversy after announcing “Ledger Recover,” an optional security feature that would allow users to recover their assets after losing their private keys.
A tweet on May 17 from a Ledger customer support agent further fueled negative public opinion of the firm.
“Technically speaking it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not,” read the tweet, which has since been deleted.
The crypto community was naturally alarmed by the message, which seemingly implied that the firm always had the option to work this firmware into their product without users knowing any better.
Ledger addressed the deleted tweet in an update a few hours later, explaining that a customer support agent had used “confusing wording” in an attempt to clarify how the firm’s hardware wallets work.
[2/3] We’ve deleted it because we don't want people to continue to be confused by this, and are replacing it with Tweet threads which address all frequently asked questions and concerns in the most understandable and accurate way possible.
— Ledger Support (@Ledger_Support) May 18, 2023
Ledger CTO Charles Guillemet also penned an extensive Twitter thread to address misconceptions and explain how the firmware works in effect.
“Using a wallet requires a minimal amount of trust. If your hypothesis is that your wallet provider is the attacker, you’re doomed,” said Guillemet.
“If the wallet wants to implement a backdoor, there are many ways to do it, in the random number generation, in the cryptographic library, in the hardware itself. It’s even possible to create signatures so that the private key can be retrieved only by monitoring the blockchain,” he added.
In his view, an open source codebase doesn’t solve the issue and it is impossible to have a guarantee that the electronic device or the firmware that runs it is not backdoored.
If you want to be completely trustless, you'll have to learn electronics to build your computer, learn ASM to build your compiler, then build a wallet stack, your own node and synchronizer, you'll have to learn cryptography to build your own signature stack.
— Charles Guillemet (@P3b7_) May 18, 2023
He concluded by telling users that a hardware wallet is mostly used as a signing device, which safeguards private keys.
“Your private keys never leave the hardware wallet. Whenever they are used, your consent is requested,” he said.