Hardware Wallet Update
Can Ledger Be Trusted?
I know a lot’s been happening in the Bitcoin/crypto space as of late, and I plan to share my thoughts on these happenings in future editions of the newsletter (once some of the drama subsides).
For today, though, I wanted to share some information I recently obtained regarding Ledger hardware wallets.
Let me start with some context…
Ledger Recover
About a month ago, Ledger — the most reputable Bitcoin/crypto hardware wallet manufacturer in the world — announced that it would offer clients a service called Ledger Recover that enables them to back up their recovery seed phrase with custodians.
You can read about Ledger Recover in more detail here: What is Ledger Recover? (Ledger)
TL;DR — Ledger Recover allows you to break your recovery seed phrase up into three shards. Each of those three shards is then held with different custodians, all located in different jurisdictions.
These three custodians are Ledger, Coincover and EscrowTech, which are based in France, the UK and the US, respectively.
The purpose of Ledger Recover is to help you recover your seed phrase if you lose it. Ledger Recover allows you to identify yourself to the custodians that hold the shards in efforts to retrieve two of the three shards, which is enough to recover your private key.
Upon Ledger’s releasing information about the this feature, the Bitcoin/crypto community became outraged. Many felt that Ledger had committed a breach of trust with its almost 6 million users.
Ledger had stated in the past that it didn’t have the ability to extract your private key from your hardware device, but, now, apparently it will have this ability once new firmware for Ledger Live — the native software for Ledger devices —is introduced.
Since Ledger made the Ledger Recover announcement, the leadership at Ledger have been on a PR campaign trying to allay fears and anxieties around Ledger having access to your private keys.
Ledger’s CEO, Pascal Gauthier, made a stop on What Bitcoin Did on said PR campaign. In the episode, he was grilled by industry insiders about whether or not Ledger devices are still safe to use.
I spoke with Ledger’s CTO
While I didn’t get to sit down with Ledger’s CEO, I did attend an intimate AMA session with Charles Guillemet, Ledger’s chief technology officer (CTO), that Ledger’s PR team put together.
In the session, I asked Guillemet directly whether or not Ledger can access its clients’ private keys.
He said “Yes” and went on to explain that this is a necessary component of Ledger’s operating system.
I found this troubling to put it lightly.
I then asked him if all other hardware wallet manufacturers had the same access to their clients’ keys. I asked him specifically about Coinkite, the manufacturer of the COLDCARD Mk4, which I consider to be the most secure Bitcoin hardware wallet on the market.
You can read my review of the COLDCARD Mk4 here: COLDCARD Mk4 review (Finder)
He said “Yes” — but I didn’t believe him.
So, I took to Twitter and asked the CEO of Coinkite, Rodolfo Novak — NVK for short — myself.
Below is the response I got:
Someone else then responded with a tweet that contained a link to the following article, which breaks down what Novak shared in more detail: “Can Ledger Recover?”
So, what now?
First of all, don’t freak out. If you use a Ledger hardware wallet, I don’t think there’s any sort of immediate threat.
Ledger has been around for 10 years, and none of their wallets have ever been hacked (yet, their team has hacked wallets from their competitors at Trezor and Coinkite).
There is no perfect hardware device on the market, and there are trade-offs with all hardware wallets. Some of these trade-offs are discussed in the video below.
The biggest risk with using a Ledger in my opinion is the government seizing your digital assets.
As Bitcoin/crypto security expert Jameson Lopp said in a recent interview with OG Bitcoin/crypto educator Andreas Antonopoulos (below), “Ledger is underplaying the risk of a government seizure.”
Antonopoulos agreed.
He also shared that Ledger’s argument that sharding the seed phrase and leaving the parts of it with custodians in three different jurisdictions to help offset legal risk or confiscation in any one jurisdiction was weak.
Antonopoulos pointed out that France, the UK and the US might as well be the same jurisdiction considering the alliance between the three countries. He said that if any one of these three countries wanted to get access to your Bitcoin/crypto from Ledger, they’d be able to do so with relative ease.
I agree 100%.
Solutions
The following are two solutions to this issue:
Create a multisignature (“multisig”) setup. This type of setup requires multiple keys to access digital assets. Ledger isn’t be able to extract your funds if you have a multisig setup. Learn more about how to create a multisig setup here: “A Beginner’s Guide to Multisig” (CoinBeast)
Buy an air-gapped hardware wallet. An air-gapped hardware wallet is one in which the device that holds the private key never gets connected to the Internet. Earlier in the piece, I mentioned the COLDCARD Mk4. It’s an air-gapped wallet and, IMHO, is one best hardware wallet on the market as far as private keys security. Andreas Antonopoulos uses the COLDCARD Mk4. However, it only stores bitcoin (BTC), which might be frustrating if you own other crypto assets. The Blockstream Jade wallet is also a solid air-gapped wallet. But, again, it only stores BTC. You can read about these two wallets in further detail in this piece I wrote: “9 best crypto hardware wallets” (Finder)
Bottom Line
Ledger has access to your private keys via its operating system.
While this is disconcerting, I don’t think it’s cause for immediate alarm.
If you’d like to better secure your Bitcoin/crypto, create a multisig setup or buy an air-gapped cold wallet like the COLDCARD Mk4.
Personal bottom line: Please don’t call, text or email me in regard to how your should secure your Bitcoin/crypto. I do my best to share a lot here for free, and I ask that you respect my personal time and space. That being said, I may start an personal advisory service soon where I offer support for a fee. I’ll let you know if I choose to do so in this newsletter. Thank you!
Best,
Frank
