Skip to content

Ledger Stumbled, Trezor Mumbled: Hardware Wallet Troubles

The top hardware wallets Ledger and Trezor are among the strongest advocates for the self-custody of assets. Is absolute self-custody actually possible though?

Hardware wallets are considered one of the safest ways to keep crypto. Their users not only own the keys to their crypto assets but also keep them on dedicated devices that benefit from various protection measures.

The two leaders in this market, Ledger and Trezor faced some negative publicity in May.

Ledger was rolling out a new feature, Recovery Service, that would help users to recover their funds in case they forget the seed phrase. This is a real user experience (UX) issue for crypto, which results in around 20% of funds being lost.

The additional feature was planned for the mid-range Ledger Nano X wallet, for  users who opted-in for ID verification, meaning that the company targeted people who wouldn't mind trading a little privacy and security for more convenience.

Ledger's website explains the mechanics of the Recovery Service as follows:

...your Ledger Nano X will duplicate, encrypt and fragment your private key into three parts ... these encrypted fragments are securely sent to three independent providers – Ledger, Coincover, and EscrowTech that will store them in Hardware Security Modules (HSMs). Each encrypted fragment is useless on its own.

The concept behind the proposed Recovery Service is not new. Vitalik Buterin proposed a similar design in his 'social recovery' post. However, the idea of 'sending keys somewhere' didn't go down well with users.

Furthermore, there were many miscommunications from the CEO and company representatives that resulted in a wave of outrage across the whole crypto community. A tweet from Ledger Support, which was then deleted, devalued the whole concept of self-custody.

Deleted tweet from Ledger Support.
Deleted tweet from Ledger Support. Source: Twitter

And if that wasn't already bad enough, Ledger's CEO, Pascal Gauthier, stated that the three pieces of the private key could be revealed to government agencies following a subpoena.

After all these reputational failures, it appeared that the company's 'work-from-home' (while drunk) policy was finally cancelled, when Ledger brought the situation back under the control. The CEO published an emotional post, apologizing for the miscommunication:

We apologize for the way this was communicated. We never meant to surprise you. In fact, this is exactly why we have been talking about this product publicly for well over a year. We have learned a lot from this experience and you will see that in future communications.

The company also promised to make the code of the recovery function as transparent as possible by open sourcing it. The launch of the service will be postponed until then. Ledger has also published a massive FAQ to make sure users understand Ledger Recovery better.

Ledger's main competitor Trezor, tried to capitalize on the blunder.

According to CryptoSlate, Trezor wallet sales shot up 900% during the period.

Unfortunately, at around the same time, and adding a bitter pill to Trezor's sweet sweet joy, crypto-security company Unciphered released a video of someone physically hacking a Trezor T wallet using an 'unpatchable hardware vulnerability'  that allows an attacker to retrieve the stored seed phrase and OTP pin.

Trezor responded that it was an “RDP downgrade attack,” which had been publicly flagged as a risk three years ago and that “even with the above, Trezors could be protected by a strong passphrase, which adds another layer of security that renders an RDP downgrade useless.”

So perhaps the infrastructure for decentralized, middleman-free money and banking isn't quite ready just yet. The UX and security/privacy tradeoff may see tailored versions of these products come onto the market, and we will be Observing and reporting, as usual.