It was a classic case of putting their foot in their mouth for crypto wallet firm Ledger thanks to its support team’s claim that, technically, it has always been possible to develop firmware that can be used for key extraction. This essentially allows Ledger to extract users’ keys.
Ledger’s tech people made the claim in a now-deleted post on Twitter.
The support team made the claim when it replied to customer concerns about how the company could make client assets vulnerable if it wants to.
In the now-deleted statement, Ledger representatives declared that customers have long trusted the firm not to deploy potentially harmful firmware whether they knew it or not. The statement went on to say that, at the end of the day, anyone using hardware or digital wallet solutions needs to trust developers to build and maintain security solutions for their assets.
Charles Guillemet, Ledger’s chief technology officer, quickly had the posts deleted, going on Twitter to clear the situation and essentially downplay what was previously said.
Likewise, a spokesperson for the company reached out to media outlets to explain that Ledger cannot extract user keys. Likewise, any action related to accessing such keys requires prior approval from customers.
A Questionable Service
The main point of contention here is the company’s new service Recover, following claims that the service goes against Ledger’s privacy and security standards.
While entirely optional, this recovery service allows users to back up a string of words called a seed recovery phrase with third parties, encrypting the phrase in fragments for improved security.
Users have since expressed concerns about how splitting such keys with third-party providers could make them more vulnerable. In turn, this goes against the main reason why people use hardware wallets in the first place.
Ledger execs say that this is actually a popular backup option, as the possibility of such assets becoming irrecoverable through the misplacement of random words may be a deterrent to those interested in getting into crypto.
Ledge chief executive Pascal Gauthier has argued that such solutions are what customers will expect in the future and will be what serve as a gateway for more people to invest in cryptocurrencies.