- Users of Ledger threaten to abandon their wallets after reports that the latest update exposes seed phrases.
- Pascal Gauthier, the Chairman and CEO of Ledger issues apologies to customers.
Ledger, a cryptocurrency hardware wallet manufacturer has faced several criticisms from users in the past few days following a wallet update that reportedly exposes seed phrases to the internet. The latest updates provide an opt-in “recovery services” feature. According to some comments by users, this development makes their funds less secure compared to assets stored in hot wallets like Metamask. Users on various online forums like Reddit have expressed their dissatisfaction. One user posted:
Leger, it was nice while it lasted…But it’s game over.
Other reports disclose that most users have abandoned the Ledger wallet as others are planning to purchase new ones and then transfer their assets. In response, Pascal Gauthier, the Chairman, and CEO of Ledger, has issued an apology to users clarifying that the company had no intention to surprise users with this seed phrase’s concerns.
According to him, the company would prioritize security and also improve transparency in the future. As part of this, Ledger has decided to accelerate its open-sourcing plans. This plan includes operating systems such as the core components of the OS, and Ledger Recover. For now, the team has decided to delay their release until the work is complete.
But our unintentional communication mistake took everyone by surprise and affected our customer’s ability to accurately understand Ledger Recover, its role in the growing crypto community, and Ledger’s future offering. We apologize for the way this was communicated.
We never meant to surprise you. In fact, this is exactly why we have been talking about this product publicly for well over a year. We have learned a lot from this experience and you will see that in future communications.
Ledger Chairman gives more updates
The statement released by the hardware wallet manufacturer emphasizes that most of its codebase is already open source. Gauthier further explained that open source is not necessarily a security feature, but a transparency feature that helps developers and security experts to make sure that the code is not malicious after subjecting it under review.
In another response to the ongoing concerns, the company has explained that an encrypted shard of users’ seed phrases is sent to a different company by the device once they decide to use the recovery service. In this case, seed phrases can be backed up by the users themselves.
This is not the first time customers have raised concerns about the security of Ledger. In 2020, customers had their data including physical addresses and phone numbers exposed after a security breach. Also, the hackers leaked 1 million emails of Ledger wallet owners and customers that signed up for the company’s newsletter.
At the time, Ledger stated that only 9,500 customers were affected by the breach. Gauthier explained that a “wrong API key got coded on the map client to import the database from the store that got coded in the wrong address. This was coded where it should not have, and exposed the data to a simple attack.”
Gauthier reported the team is working to take security to the next wave of crypto users.
We’ve listened to our customers; we are accelerating a roadmap that’s been in progress, and regardless, the security of your Ledger remains unchanged. Remember: we are doing this for more transparency going forward; this does not change the security of your device. If you want additional security measures enabled to prevent unauthorized access to your funds, you can enable the passphrase feature, which is not included in the Ledger Recover backup and can be a fully trustless feature.