Follow-up on Ledger Crisis: Delay in Launching Recovery Phrase Function, Products to be Open-sourced; Competitors Introduce Promotions to Attract Users
The leading hardware wallet provider, Ledger, sparked a public relations crisis last week after introducing the "mnemonic recovery feature." The company has recently addressed user concerns multiple times, stating that the new feature will be temporarily delayed and that they will gradually open-source their products. Several cold wallet companies have also taken advantage of the situation by offering promotional schemes in an attempt to attract more users away from Ledger.
Latest Controversy on Ledger's New Feature: Dissecting the Controversy Surrounding Ledger's Mnemonic Recovery Feature | What potential risks are the community concerned about? Was this feature introduced just to "make money"?
Ledger Community: We've heard your feedback on Ledger Recover.
To share an update and discuss the top items we heard, we're holding a town hall with our leadership team @_pgauthier, @iancr, @P3b7_, & @BTChip on Tuesday at 6:30pm CEST/12:30pm EST.https://t.co/qfhxPKbHjk
— Ledger (@Ledger) May 22, 2023
Table of Contents
Controversy Surrounding Ledger's Mnemonic Recovery Feature, Open Source Issue Yet to Be Resolved
According to previous reports, Ledger's mnemonic recovery feature is an optional subscription service that allows users to store encrypted mnemonics with different third-party institutions. This helps users regain control of their wallets through identity verification in case of mnemonic loss.
However, since the release of this feature, the reliability of identity verification and Ledger's cybersecurity standards have been strongly criticized by the crypto community. Many believe that this feature is not secure enough and should not be used, as it goes against the core principle of cold wallets: "Your private keys should never leave your device."
Although Ledger has emphasized that there are no backdoors in this feature and nothing will happen without the user's consent on the device during mnemonic recovery, the code for this feature is not open source, making it impossible to audit its security.
Furthermore, according to the CEO of cybersecurity firm SlowMist, Yu Xian's Twitter, both Keystone and OneKey, two cold wallet manufacturers, have given positive responses regarding the issue of whether hardware wallet companies have the ability to extract users' wallet private keys through firmware upgrades.
From a technical perspective, hardware wallet manufacturers theoretically have the ability to extract users' wallet private keys through firmware upgrades. Therefore, the open-sourcing of the code is crucial for cold wallet companies, as it signifies that their products are auditable and can ensure wallet security.
Ledger Postpones Launch of New Feature, Plans to Gradually Open Source Operating System
According to a report by CoinDesk, following the controversy surrounding Ledger's new feature, CEO Pascal Gauthier responded to the community's concerns in a letter to users.
Pascal stated that the new feature will not be launched until the code is made public, and mentioned that some of Ledger's code has been open source previously, with a decision to accelerate the pace of open-sourcing.
Additionally, during an official AMA on the evening of the 23rd, Ledger's CTO Charles Guillemet mentioned that they have already open-sourced cryptolib in terms of firmware, and applications and SDKs have been open source for many years.
"We will start with the whitepaper of the Ledger Recover protocol, then we will release the code for the mnemonic recovery feature in the firmware. Finally, we will gradually open source more parts of the operating system," Charles Guillemet said.
Various Cold Wallet Competitors Introduce Promotional Policies to Seize Market Share
Amid Ledger's product crisis, other cold wallet companies have introduced promotional policies to capture the market share lost by Ledger. Additionally, these cold wallet companies emphasize that their products are open source, clearly highlighting the differences with Ledger.
Below are some of the recent promotions introduced by these companies, some of which have ended:
- Blockstream: 10% discount on Jade cold wallets.
- Trezor: 15% discount on cold wallets.
- Keystone: 23% discount on cold wallets.
- OneKey: Buy a large cold wallet and get a small one for free.