Introduction
Over the last 2 weeks Ledger, the world’s leading hardware wallet company, recently sparked a huge controversy after they launched a huge controversial new feature called Ledger Recovery. This paid opt-in feature, acting as an ID-based recovery option, will help users to back up their crucial seed phrase to their personal identity. The seed phrase is to be divided among three independent custodians for added safety, helping a wallet owner restore his private key on a different wallet even if he loses his recovery seed.
So far so good. However, people soon enough began to connect to dots. Ledger later admitted in a Reddit post that if your seed phrase were sharded via Ledger Recovery, a government could subpoena the custodians and gain access to your funds. The Internet exploded soon enough with Ledger receiving an avalanche of outrage.
The outrage is justified. Ledger overlooked a key principle of crypto ownership: the values and responsibilities of self-custody and maintaining complete control over one’s seed phrase and private keys. Digitally storing a seed phrase, especially with a third party, challenges the fundamental purpose of a cold storage device, which is to keep your keys offline at all times and under your sole control. Even worse, Know-Your-Customer (KYC) verification is required, another centralized custodial feature that is hated by most of the industry.
In an effort to put out fires, the Ledger CEO announced that it will first publish its code, which is closed source until now, for the service before later launching the Ledger Recovery service, which will go ahead.
CoolWallet CEO Michael Ou weighs in
CoolWallet CEO Michael Ou was one of the many industry heavyweights to weigh in on the matter, and made it clear that he felt Ledger overplayed its hand and betrayed its own values in an effort to make recurring income from users.
“The Ledger Recover service goes against the core principles of cryptography, concentrating asset security risks in a few centralized entities. CoolWallet firmly believes in self-custody, advocating user autonomy and asset security, and is committed to providing the safest wallet solutions. The blockchain industry requires constant improvement in understanding and commitment to digital asset security.”
In response, CoolWallet made a big announcement this week to help mitigate the fallout from Ledger’s misstep, which is bad for the whole hardware wallet sector due to the misconceptions and mistrust it created, which then spread across social media.
The announcement is that CoolWallet’s secure element code will soon become open-source and can be independently tested by anyone. We believe that this will build greater transparency and trust with our loyal community. We will simply never allow third parties to gain access to your sensitive information.
Remember, the importance of a secure element remains as high as always. Make sure your hardware wallet has one to ensure that your private key cannot be extracted through side-channel attacks and more.
Ledger Recovery: Marketing Blunder or Calculated Mistake?
Let’s go over what happened again. The introduction of Ledger Recovery has sparked a massive controversy within the crypto community. A number of customers have voiced their worries about potential security risks, fearing that allowing private key data to be sent over the internet might create new vulnerabilities. Despite these concerns, Ledger’s co-founder, Nicolas Bacca, assured his customers that the feature doesn’t increase any security risks and emphasized that no actions would be taken without the user’s consent on their device.
Ledger also said that a white paper on the Recover Protocol would become open source along with technical blog posts to “explain the principles of Recover” and how the process works in detail.
It’s important to remember that Ledger has previously faced security issues. In 2021, the company dealt with a phishing scandal that led to an exodus of users as they were targeted by hackers and scammers in subsequent months. Manufacturing data was leaked to hacker websites that revealed the private information of their customers. This past incident might be influencing the current apprehension within the crypto community about the new feature.
Despite recent debates surrounding Ledger’s new feature, Ledger Recovery, it’s vital to remember the fundamental security of hardware wallets. Particularly, private keys remain securely protected by a robust mechanism known as the secure element, an essential feature also featured in CoolWallet devices that put you, the user, in complete control of your device and assets within it.
The Secure Element: Your Wallet Protector
At the heart of private key security is the secure element. This is a chip that offers a highly secure environment for sensitive data, such as private keys. These keys are never exposed, even when transactions are processed, providing a robust defense against online threats.
The secure element is a resilient chip that functions as a digital fortress for sensitive data, including private cryptographic keys essential for cryptocurrency transactions. It only allows verified, authorized apps to operate, and unauthorized apps are prevented from being installed or accessing the device, offering a strong layer of defense against undetected threats.
Why is a Secure Element important in a Hardware Wallet?
Contrary to popular belief, your digital assets, like cryptocurrencies, are not physically stored within your hardware wallet. They always remain on the blockchain, the digital ledger of all transactions.
Your hardware wallet acts more like a secure key to a digital safe. Your cryptocurrencies stay secure on the blockchain, and the hardware wallet is the tool you use to access and manage them.
If the hardware wallet, or “key,” is compromised, your digital assets could be at risk because the wallet holds the unique private key needed to authorize transactions. If someone else gets hold of this private key, they can access and therefore steal ALL your digital assets in that wallet.
This is where the secure element proves its worth. It serves as a robust safeguard, shielding your private key from theft and replication on another device. Thanks to the secure element, your hardware wallet can effectively protect your digital assets.
Conclusion
Soon both CoolWallet’s Bluetooth encryption and secure element code will be open source for public verification. Moreover, we are unable to access your private key or recovery seed (as it should!) and can therefore never pass your details to law enforcement in your country.
While we are not trying to capitalize on the troubles facing Ledger, a competitor we admire for the role it plays in the sector, we cannot simply stay quiet in this matter.
Ultimately the power stays in your hands as a consumer. Your money matters, so use it to vote on the behavior of crypto companies you interact with, or choose to use no longer. Do your own research and make sure you pick the right wallet that matches the trust and transparency you deserve, no matter who they are.
DELIVERED EVERY WEEK
