🚨 Get Your Free NFT Certificate Mint by Completing the Web3 Exam! START NOW
My Learnlist: Coming Soon!
My Learnlist: Coming Soon!

Learn by real-life examples: Select, Track & Understand any cryptos with the unique Learnlist feature!

Notify Me!
Portfolio: Coming Soon!
Portfolio: Coming Soon!

Set your wallet & get powerful insights backed by data. Easily learn how to use it for your highest rewards!

Notify Me!

Ledger Clears the Air on Firmware Operations Amid Deleted Tweet Controversy

Ledger Clears the Air on Firmware Operations Amid Deleted Tweet Controversy

Ledger CTO shares a 29-part Twitter thread explaining firmware operations.

Ledger, a leading provider of crypto hardware wallets, recently gave a detailed explanation of how its firmware functions. The move came after an alarming tweet from the company, which was promptly deleted, but sparked a whirlwind of controversy.

On May 17th, Ledger's customer support agents shared a now-deleted tweet suggesting that it was theoretically "possible" for Ledger to develop firmware that could extract users' private keys.

What is Solana in Crypto? (Beginner-Friendly Animation)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Solana in Crypto? (Beginner-Friendly Animation)

What is Solana in Crypto? (Beginner-Friendly Animation) What is Solana in Crypto? (Beginner-Friendly Animation)

In particular, the Ledger's customer service agent noted:

From a technical standpoint, it's always been feasible to devise firmware that aids in key extraction. Whether you were aware or not, you've always relied on Ledger not to create such firmware.

This tweet set the Twitter sphere on fire, with many users accusing Ledger of misrepresenting the security measures of its wallet. Some critics even brought up an alleged Ledger post from November, which stated that “a firmware update can't extract private keys from the Secure Element," suggesting that Ledger had contradicted its own statements.

In response to the uproar, Ledger's CTO, Charles Guillemet, took to Twitter to clarify the matter.

Ledger's CTO explained that whenever the wallet's operating system (OS) accesses a private key, approval from the user is needed. He emphasized that the OS shouldn't be able to duplicate a device's private key without the user's consent.

Guillemet further elaborated that the wallet’s firmware or OS is an open platform, meaning anyone can develop their own app and upload it onto the device. Prior to being allowed on the Ledger Manager software, each app is scanned by the team to ensure it isn't malicious or loaded with security vulnerabilities.

Guillemet affirmed that this system is a feature of the current OS, which could hypothetically be altered if Ledger were to act unethically or if an attacker somehow managed to take control of the company’s computers.

Addressing potential concerns about this possibility, Guillemet said:

If the wallet wants to implement a backdoor, there are many ways to do it, in the random number generation, in the cryptographic library, in the hardware itself. The private key could even be retrieved only by monitoring the blockchain.

However, he dismissed this worry, saying:

Using a wallet requires a minimal degree of trust. If you consider your wallet provider to be the attacker, you're in trouble.

He added that the only defense against a dishonest wallet developer would be for users to construct their own computer, compiler, wallet stack, node, and synchronizer, which he jokingly called "a lifetime journey."

The controversy first ignited when Ledger introduced a new service called “Ledger Recover” on May 16th. The service allows users to back up their recovery phrase by dividing it into three fragments and sending it to different data custody services.

Ledger has addressed a controversial statement and provided clarification on how its firmware works in an attempt to reaffirm trust in its user base.

Gile K., Market Sentiment Analyst
Gile is a Market Sentiment Analyst who understands what public events may form what emotions. Her experience researching Web3 news and public market messages – including cryptocurrency news reports, PRs, and social network streams – is critical to her role in helping lead the Crypto News Editorial Team.
As an intelligent professional in public relations, together with the team, she aims to determine real VS fake news patterns, and bring her findings to anyone searching for unbiased news and events happening in the FinTech markets. Her expertise is uncovering the latest trustworthy & informative Web3 announcements to the masses.
When she's not researching the trustworthiness of mainstream stories, she spends time enjoying her terrace view and taking meticulous care of her outdoor environment.



Earn Huge Exclusive Binance Learners Rewards