Succeeding the plethora of fallen fraudulent crypto companies in disappointing the industry are the likes of Ripple and Ledger. Ripple, whose ongoing legal battle with the US SEC over its XRP token is believed to influence the entire crypto industry, is preparing to be an issuer of central bank digital currencies (CBDCs) for governments, central banks, and other financial institutions. Ledger, meanwhile, is batting well founded criticisms of its potentially dangerous and deceptive new function.
Ledger: Your keys in three companies
Ledger is a cryptocurrency security and infrastructure company, which has been the go-to for hardware and cold wallets until it’s questionable new feature. The Ledger Recover is a subscription service allowing users to recover their seed phrase in case of loss.
After subscribing to Ledger Recover, your private key is “encrypted, duplicated and divided into three fragments, with each fragment secured by a separate company — Coincover, Ledger and an independent backup service provider. Each of these encrypted fragments is useless on its own. When you want to get access to your wallet, 2 of the 3 parties will send fragments back to your Ledger device reassembling them to build your private key.”
Something encrypted can be decrypted, of course. Giving away information and control to third parties negates the idea of a hardware wallet. A vulnerable wallet may not sound so bad for the new customer Ledger is trying to attract (more on that below), since the new target audience is seemingly supposed to enter the market completely clueless and anti-“crypto ideology” (read: decentralization).
With hot wallets already being a thing, why add such a feature to cold wallets, if not for the purpose of attracting the clueless with the concept of a secure wallet and none of the “threatening” responsibility of maintaining custody over it. Who fondly remembers stories of enormous sums being lost to seed phrase forgetfulness being all the rage on Facebook?
Interesting security practices
It’s not Ledger’s first time exhibiting questionable security of customer data. In 2020, 1 million email addresses and 270,000 personal information files were stolen and dumped from Ledger’s customer database. The exploitation of the company’s vulnerabilities may have gone undetected for over two months. Back then, Ledger CEO Pascal Gauthier said the company “fell victim to a large-scale data breach from an unauthorized third party”.
The breach included email addresses, full names, postal addresses and phone numbers. Now, Ledger is offering new customers give up more information for their databases.
TLDR on crypto storage
Understanding storage options is essential to owning and using crypto. Crypto wallets come in form of software programs or physical devices. They allow users to securely store, manage, receive and transfer their digital assets.
Digital wallets store private keys, which are used to access and control the ownership of cryptocurrencies on the blockchain.
Crypto wallets are essential for securely managing cryptocurrencies because they provide a way to securely store private keys and sign transactions without exposing them to third parties and other threats (online or otherwise). Private keys are long cryptographic codes that grant ownership and access to your digital assets on the blockchain.
There are many types of crypto wallets available:
- Software Wallets: These are applications or programs that can be installed on computers, smartphones, or other devices. They can be further categorized into:
Desktop Wallets: Installed on a computer or laptop.
Mobile Wallets: Designed for smartphones and tablets.
Online Wallets: Provided by cryptocurrency exchanges or third-party platforms accessible through web browsers.
- Hardware Wallets: These are physical devices specifically designed to store private keys offline. They offer increased security by keeping the private keys offline and providing protection against malware or unauthorized access.
- Paper Wallets: A paper wallet is a physical printout or written record of the public and private keys. It’s usually generated using offline tools and is considered an offline storage option.
- Custodial Wallets: These are wallets provided by cryptocurrency exchanges or other third-party service providers that hold and manage users’ private keys on their behalf. While convenient, users need to trust the custodian with the security of their assets.
Each type of wallet differs in terms of security, convenience, and accessibility. Getting well-acquainted with the basics of crypto is imperative, and as possible as it is to learn and understand how to drive or post on Facebook, or remember the password to said Facebook account.
Creating options (like the Ledger Recover) which allow users to be oblivious and feel a false sense of security, is much like if banks gave out loans and credit cards to the financially illiterate without warning them of the responsibilities and repercussions.
Ledger: In retaliation to knowledgeable users
After being flamed online, Gauthier came on Twitter to make an attempt at biting back.
“You’re saying this is not what customers want, actually, this is what future customers want,” Gauthier stated, adding, “This is the way that the next hundreds of millions of people will actually onboard to crypto.”
According to Gauthier, taking away self-custody — one of the core factors distinguishing cryptocurrency from fiat and giving crypto its privacy and security — will yield good results. That is, more people will be amenable to the idea of having crypto. This result will only be good for Gauthier & Co. (plus authorities and hackers).
Onboarded customers without self-custody will have none of the decentralization, none of the security, no privacy, no independence or financial freedom. Ledger will be left to enjoy the influx of customers while reaping the benefits of its symbiotic relationship with authorities.
If responsibility for a key is a dealbreaker, perhaps one shouldn’t be in charge of their finances at all
The Coindesk article describes the issue as a difference between “ideologically minded segments of the crypto community and blockchain-focused companies looking to attract new users”. The underlining of these segments of the crypto community is an extreme perceptiveness and knowledgeability, which the target of these new onboarding schemes lack.
In the event of forgetfulness or loss of the private key, Ledger Recover requires the provision of personal information. This identity verification, as Ledger puts it, is not KYC. “Your identity is under your control, as opposed to social Recovery which relies on another party,” says the company’s post detailing the Recover feature, “Then, a government ID is also accessible — most people in the world have one.” In other words, the user doxxes themselves, and also exposes their funds to siphoning (since anyone with access to the user’s limited identity documents can gain control of their private keys).
The “crypto community” is only too difficult for those who view it as an easy get-rich scheme. Plethora of free resources exist to provide new and experienced users with necessary footing. Beware, encroachment on your privacy posing as “secure and scalable” alternatives to decentralized digital assets are emerging all around. Giving up financial control due to fear and greed is a very stupid mistake to make.