The Ledger Drama: are your keys really secure?
Back

The Ledger Drama: are your keys really secure?


Security issues in the crypto world are very sensible, and now we have a new one, this time concerning Ledger wallets.

Ledger, probably the most renowned hardware wallet manufacturer with 6 million devices on the market, has recently faced an awkward controversy.

The release of a new feature has exposed a possible vulnerability of its key security element – and the company found nothing better than to state that it has always been this way 🤦

What has happened and should we be worried about our crypto? Let’s see.

🔐 About Ledger

Ledger hardware wallets allow storing users’ private keys within a hardware device, which is connected to the internet only when the users need to move the funds, greatly reducing the risks any online service entails.

Ledger wallets rely on the Secure Element chip to ensure that users’ private keys cannot be hacked or leaked, they can only sign transactions.

This is what the crypto community believed.

This is also what the company has affirmed for many years, stating plainly that “private keys never leave the Secure Element chip” and that “a firmware update cannot extract the private keys from the Secure Element”

⚙️ The update

Recently, Ledger has presented a Recovery service – an opt-in subscription designed to help users retrieve their funds if they lose their seed phrase or Ledger device.

The idea is to split the private key into 3 “shards”, entrusted to 3 custodians: Ledger itself, a custody firm Coincover, and a software company EscrowTech. This service is tied to an ID, which can then be used to recover the private key.

🚩 The problem

The update was introduced in the latest Ledger Nano X firmware update, nonchalantly implying that private keys can indeed leave the wallet.

What? 🫢

We thought the Secure Element was somewhat like Apple’s Secure Enclave, which the company cannot access even under law enforcement pressure.

Yes, the Recovery is an opt-in service, and it is up to the users to enable it or not, but its very existence dismantles the myth of the Secure Element chip being totally isolated.

The company made a clumsy effort to save face, saying that every software needs updates, but it only worsened the situation.

😟 Should we be concerned?

No, Ledger is not Fort Knox of crypto wallets.

If Ledger the company is compromised or in some way obligated to exfiltrate your key, they could theoretically do it via a firmware update.

This goes against the core principle of crypto – not your keys, not your money 🔑, but as often, between the white and the black there’s an ocean of grey.

The probability of the above events and the related risks should be evaluated individually, and for many crypto users, especially beginners or institutions, this risk could be acceptable.

All things considered, we believe Ledger is still a more secure solution than keeping your crypto on an exchange or a hot wallet. But there’s definitely room for improvement.