Ledger denies being able to extract users' private keys without their consent

On May 17, a tweet, which was later deleted, revealed intriguing information about Ledger, sparking controversy. Indeed, it indicated that Ledger could write firmware to extract users’ private keys without their knowledge. The next day, Charles Guillemet, the crypto wallet provider’s CTO, posted a thread. In the latter, he clarified how Ledger firmware works in a way that reassures users. Here is what it is.

Charles Guillemet invites users to trust Ledger

Ledger recently sparked a controversy with its new Ledger Recover service. It was then that on May 17, its customer service published: “ Technically speaking, it is and always has been possible to write firmware that makes key mining easier. You always trusted Ledger not to deploy such firmware, whether you knew it or not “. But, on May 18, Charles Guillemet reported that Ledger firmware cannot access a user’s keys without the user’s consent.

In fact, no third-party app should be able to gain such access without the consent of the device owner. It turns out that the operating system (OS) of the wallet still requires the user’s consent in such circumstances. The technical director underlined: Using a wallet requires a minimum of trust. If your assumption is that your wallet provider is the attacker, you’re doomed “.

Furthermore, Charles Guillemet has explained : “ If the wallet wants to set up a backdoor, there are many ways to do it, in the random number generation, in the crypto library, in the hardware itself. It is even possible to create signatures so that the private key can only be recovered by monitoring the blockchain “.

For Ledger’s CTO, there’s only one real way to protect against dishonesty from a crypto wallet developer. It’s about building your own digital wallet system, which represents ” a trip of a lifetime “. That said, to avoid any risk, the CEO of Binance has previously recommended holding your own crypto keys. Indeed, last December, Changpeng Zhao gave several tips to follow to keep your private keys yourself.

Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of newsletter daily and weekly so you don’t miss any of the essential Tremplin.io!

Similar Posts