Ledger unable to extract users' private keys without consent
On May 17, a now-deleted tweet revealed intriguing information about Ledger, sparking controversy. It suggested that Ledger could develop firmware to extract users’ private keys without their knowledge. The following day, Charles Guillemet, the Chief Technology Officer of the cryptocurrency wallet provider, posted a thread to clarify how Ledger’s firmware works, aiming to reassure users. Here’s what it entails.
Charles Guillemet encourages users to trust Ledger
Ledger recently stirred up controversy with its new service, Ledger Recover. On May 17, their customer service stated, “Technically speaking, it is and has always been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware, whether you knew it or not.” However, on May 18, Charles Guillemet stated that Ledger’s firmware cannot access a user’s keys without their consent.
In fact, no third-party application should be able to gain such access without the owner’s agreement. The wallet’s operating system (OS) always requires user consent in such circumstances. The Chief Technology Officer emphasized, “Using a wallet requires a minimal amount of trust. If your hypothesis is that your wallet provider is the attacker, you’re doomed.”
Furthermore, Charles Guillemet explained, “If the wallet wants to implement a backdoor, there are many ways to do it, in the random number generation, in the cryptographic library, in the hardware itself. It’s even possible to create signatures so that the private key can be retrieved only by monitoring the blockchain.”
According to Ledger’s Chief Technology Officer, there is only one true way to protect against the dishonesty of a cryptocurrency wallet developer. That is to build your own digital wallet system, which represents “a lifetime journey.” That being said, to avoid any risks, Binance CEO previously recommended holding one’s own crypto keys. In fact, in December last year, Changpeng Zhao provided several guidelines to follow in order to personally safeguard private keys.
Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
L'équipe éditoriale de Cointribune unit ses voix pour s’exprimer sur des thématiques propres aux cryptomonnaies, à l'investissement, au métaverse et aux NFT, tout en s’efforçant de répondre au mieux à vos interrogations.
The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.