It has been a wild couple of days regarding Ledger and the disastrous PR they have engaged in. In case you are out of the loop just days ago Ledger announced their new feature called “Ledger Recovery” which essentially is a paid 10$/month subscription that basically stores your seed phrases into fragments, to understand better here is a direct quote from their website.
Ledger Nano X will duplicate, encrypt and fragment your private key into three pieces within the Secure Element chip. These fragments become the backup of your Secret Recovery Phrase. Ledger, Coincover, and EscrowTech that will store them in Hardware Security Modules (HSMs). Each encrypted fragment is useless on its own. When you request access to your wallet, two of the three encrypted fragments will be sent back to your Ledger device, reassembling them to build your private key. The backup for your Secret Recovery Phrase is linked to your verified identity.
Now this obviously flags the question of who is storing your identities and where it’s being stored, that’s something that lot of people try to avoid in crypto in general. This makes me believe that Ledger is infiltrated by intelligence agencies possibly who are trying to collect info.
thanks #ledger i'm out 🫡 #LedgerIsDead #LedgerGate pic.twitter.com/icMtbqnrZQ
— Based ALF (@b_belgian) May 18, 2023
The majority of the issue however didn’t necessarily stem from the aspect of this Trojan horse style KYC, but the slip-up that Ledger made regarding their firmware updates for their wallets, which was later deleted by the Ledger support team. This directly contradicts the earlier statement that they made back in November 2022 regarding firmware updates that their devices may have.
Nov 2022: A firmware update cannot extract the private keys from the Secure Element — Ledger
May 2023: Technically speaking it is and always has been possible to write firmware that facilitates key extraction — Ledger@Ledger, do you now understand the problem? pic.twitter.com/czG53SuCOu
— olimpio (@OlimpioCrypto) May 17, 2023
This started out a massive hashtag like #LedgerGate and others on Twitter, which basically made a lot of people abandon their Ledger nano wallets altogether, despite statements made by the current CEO of Ledger.
The solution isn’t Trezor Either
Now some people jumped the gun on saying that Trezor was going to be the better alternative now that Nano has lost the trust of its consumers. While it is correct that Trezor has a fully open-source hardware wallet and firmware updates (Nano ledgers device isn’t open source) that doesn’t mean they aren’t susceptible to issues.
For example, back in February 2020, the Kraken team managed to crack one of the Trezor hardware wallets actually in 15 minutes, which sounds very bad that such a vulnerability would end up on a hardware device.
Another Big issue that Trezor has is the active censorship campaign that they have participated in on Twitter for example about the CoinJoin update they started to support last month. What is coinjoin? Well here is a brief explanation
CoinJoin is an anonymization strategy that protects the privacy of Bitcoin users when they conduct transactions with each other, obscuring the sources and destinations of BTC used in transactions. CoinJoin requires multiple parties to jointly sign a digital smart contract to mix their coins in a new Bitcoin transaction, where the output of the transaction leaves the participants with the same number of coins, but the addresses have been mixed to make external tracking difficult.
Now the issue with this technology as broken down by Chris Blech is as follows and to sum it up yeah government censorship may happen to people who are using the Wasabi Wallet tech and how it can block certain transactions from happening.
Wondering what all the fuss is over Trezor + Wasabi censorship lately?
Below is an excerpt from the TOS of Wasabi Wallet (zkSNACKs), which will be providing Trezor's new CoinJoin feature.
Tldr: Wasabi's tool is a total capitulation to government censorship. It blocks BTC txs…
— Chris Blec (@ChrisBlec) April 19, 2023
Both Trezor and Ledger are European-based companies, meaning they are under the AML/Anti-terrorist laws of the European Union, which are actively being abused by the EU and can be used in almost any circumstance to privy into private details of any wallet user essentially. I’ve always been very skeptical of basing companies in European Union and America for instance because they are the biggest anti-crypto movements that currently exist in the world.
What Other Hardware Wallet Options I should consider?
Now we did write about Best Hardware wallets last month, but that article is definitely outdated as of right now in terms of security reasons at least. My general advice is that you want to have generally open-sourced hardware wallets and companies that don’t have killswitch and aren’t based on countries that are usually cucked.
- SecuX – Taiwanese-based hardware wallet company with open source hardware (Not extended to firmware, however) has multiple hardware wallet options including Nifty which is made for NFTs that I reviewed earlier.
- KeyStone – Hong Kong-based hardware wallet manufacturer that has fully open-source firmware and wallet tech with very slick designs and multiple altcoins supported.
- OneKey – A fully open source wallet that is based in Hong Kong, which offers also the tech that can be used as a basis for web wallets too not limited to hardware stuff
Now if you have other good alternatives for ledger and trezor you may share them in comments below and we can take a look at them later.
Onekey is based in Hong Kong not Germany??
yeah you’re right i was fixing the lines in wrong order