Since the collapse of FTX, it’s become standard to recommend storing your crypto in hardware wallets as the most reliable option. But this week, two leading projects, Ledger and Trezor, found themselves in the midst of a scandal, shaking faith in the reliability of this type of crypto storage. Here’s a look at what really happened and how dangerous it is.
The other day, an independent company called Unciphered hacked Trezor once again. We write “once again” because this vulnerability of the STM32 chip was widely discussed three years ago. This problem is well known, and Trezor (all models are vulnerable, as are its clones, such as Keepkey) previously officially recommended using the Passphrase feature (second password) as an additional protection, which makes physical hacking senseless.
To summarize, although the STM32 chip problem is real, Trezor has presented a reliable way to counter this type of attack: using a passphrase of 15 characters or longer.
The brand new newsletter with insights, market analysis and daily opportunities.
Let’s grow together!
Things are worse with Ledger; you can’t just set a second password here and forget about the potential danger. Many people did not understand the meaning of the scandal surrounding the new Recover service, which allowed remote “seed” recovery. Ledger confirmed that government agencies would also be able to restore access to your wallets, which caused an even bigger scandal. So far, Ledger has suspended the launch of the service amid mass discontent.
Nevertheless, it became clear that on this platform, it is technically possible to remotely restore any private client key. Suddenly, it turned out that Ledger had never been a standalone hardware wallet; in other words, Ledger is a custodial wallet.
In public discussions about the Ledger Recover service, it turned out that the vendor had always been able to access its customers’ private keys remotely. The Ledger Recover service is simply a public legalization of this technical capability.
So, the critical difference is that Trezor, with all its problems, is still a cold, non-custodial wallet. Trezor cannot be controlled remotely; you have to physically grab it to try to hack it. Ledger, on the other hand, turned out to be a custodial storage service for your keys.
Yesterday, Trezor reported a 900% increase in sales in a week after Ledger announced its dubious private key recovery service. However, as it turned out later, Trezor has its own security problems, which, however, have an antidote: Passphrase, which is described by the BIP39 standard (this is a close analogue of 2-factor authentication for Bitcoin).
Hello, fellow crypto enthusiasts! 👋 As we embark on another week in the ever-evolving crypto…
EigenLayer, a protocol for Ethereum restaking, recently announced an airdrop plan that garnered both praise…
Keonne Rodriguez, a figure linked to the cryptocurrency mixing service Samourai Wallet, has entered a…
The debut of spot crypto exchange-traded funds (ETFs) on the Hong Kong stock market is…
Tether, renowned for its dominant stablecoin USDT, has embarked on a significant investment journey after…
Bitcoin analyst Willy Woo forecasts that the cryptocurrency industry could achieve its first billion users…