ledger and github logo
ledger and github logo
ledger and github logo

Ledger Prioritizes Open Source to Address Security Concerns & Enhance Transparency

BKMT Staff

May 23, 2023

Crypto & Blockchain

Crypto wallet hardware manufacturer, Ledger, has taken a significant step towards resolving the ongoing controversy surrounding a recently added feature that raised security concerns. The feature in question was accused of having a vulnerability that could expose users' seed phrases, leading several individuals to transfer their assets out of Ledger wallets. In response, the Ledger team has opted for a transparent approach to address safety concerns within the crypto market.

Pascal Gauthier, Chairman and CEO of Ledger, emphasized that the company did not intend to surprise users regarding the seed phrase recovery concerns. However, Gauthier affirmed that Ledger will prioritize security and enhance transparency moving forward. As a result, the company has decided to expedite its plans to release open-source code. This code will encompass the operating system, starting with core components, and include Ledger Recover, which will only be released upon the completion of this work.

Gauthier said in a statement, "Our unintentional communication mistake took everyone by surprise and affected our customers' ability to accurately understand Ledger Recover, its role in the growing crypto community, and Ledger's future offering. We apologize for the way this was communicated."

To bolster security and prevent unauthorized access to user funds, Ledger has introduced an additional security measure: enabling the passphrase feature.

Earlier this month, when the service was unveiled, Ledger had difficulties in its messaging on how it would protect users' private keys, particularly concerning potential government subpoenas. The service functions through a process called sharding, where a user's seed phrase is split into three pieces. These pieces are shared among Ledger and two additional companies, namely CoinCover and EscrowTech. These pieces can be combined in the event that a user loses access to their keys.

Previously, Ledger CTO Charles Guillemet had deemed the perceived security tradeoff of the new product acceptable. Gauthier attempted to alleviate concerns about possible subpoenas, emphasizing that they typically do not impact the average user.

"We believe wholeheartedly in the need for a service like Ledger Recover," Gauthier wrote on Tuesday. "The main pain point for crypto self-custody adoption is precisely the problem of seed phrase recovery."

Gauthier noted that the majority of Ledger's codebase is already open source and that the acceleration of open-sourcing will include as much of the Ledger operating system as possible, encompassing core components. He assured users that this transparency initiative does not compromise the security of their devices. Furthermore, for users seeking increased security, a passphrase feature is available, separate from Ledger Recover, which can be a fully trustless feature, Gauthier added.

By prioritizing security, transparency, and giving users more choices for self-custody, Ledger aims to regain trust and provide an enhanced user experience in the crypto community.