SALES, RENTALS & LAYAWAYS

PROTECTING EVERYTHING THAT HAS EVER BEEN OF VALUE TO YOU

Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

Ultimate Resource On Ledger Hardware Wallet (#GotBitcoin)

French hardware wallets manufacturer Ledger announced that its cryptocurrency management software Ledger Live now supports Ethereum (ETH) ERC-20 tokens. Ultimate Resource On Ledger Hardware Wallet (#GotBitcoin)


In a blog post published on Sept. 5, Ledger announced the version 1.14.0 of its Ledger Live software that now supports over 1,250 Ethereum-based ERC-20 tokens. The update has already been released for both mobile and desktop versions of the software.

Related:

Ultimate Resource On Trezor Hardware Wallets (#GotBitcoin)

Next Bitcoin Core Release To Finally Connect Hardware Wallets To Full Nodes

Ultimate Resource On Crypto Hardware (And Other) Wallets

Wallets Are Over. Your Phone Is Your Everything Now

Survey Shows Many BTC Holders Use Hardware Wallet, Have Backup Keys

What Are Lightning Wallets Doing To Help Onboard New Users?

Introducing BTCPay Vault – Use Any Hardware Wallet With BTCPay And Its Full Node

Inheritance Planning For Cryptocurrencies

How To Securely Transfer Crypto To Your Heirs

 

More Assets To Be Supported In The Future

The Ledger Live application allows users of the company’s hardware wallets such as Ledger Nano S or Ledger X to manage their devices and cryptocurrencies. The firm also promises to add support for more assets in the future:

“While the ERC-20 token integration has brought a plethora of new cryptocurrencies to Ledger Live, we still aim to add even more crypto assets to the platform.”

As Cointelegraph reported, in March Ledger has unveiled vulnerabilities in its direct competitor Trezor’s devices. Prague-based crypto wallet manufacturer Trezor, on the other hand, has responded to Ledger’s report by claiming that none of these weaknesses are critical.

Updated: 12-10-2019

Ledger Live Adds Support For Tezos And Staking, Adds Features To Hardware Wallets

Hardware wallet manufacturer Ledger has announced the latest version of its Ledger Live application, adding support for Tezos (XTZ) and Tezos staking.

Unveiled last year, Ledger Live is a software solution that allows Ledger hardware wallet users the ability to manage their digital assets via a smartphone or computer. Ledger Live lets users check their cryptocurrency balance and send or receive tokens, while maintaining control of their private keys. Ledger CEO Pascal Gauthier told Cointelegraph:

“Ledger aims to combine security with a seamless user experience. The announcement with Tezos is exactly part of this mission. Ledger Live makes it easy to use crypto, while Ledger hardware wallets provide a high level of security. Ledger Live users can now create or import Tezos accounts, stake XTZ and passively earn rewards.”

From Hardware to Software

While adding support for XTZ creates an additional layer of security for token holders, it is noteworthy that Ledger Live lets users grow their digital assets through staking, which is a way for crypto holders to earn passive income.

XTZ operates on a proof-of-stake blockchain protocol. While Bitcoin and other cryptocurrencies operate using proof-of-work systems — in which miners compete against each other to complete transactions on the network to get rewarded — the Tezos blockchain requires all token holders to participate in securing and maintaining the network.

The aim of Tezos is to help token holders work together to make decisions that will improve the protocol over time. In turn, Tezos rewards users for contributing to the network’s security, a process known as staking (or “baking” in Tezos terminology).

Although staking Tezos is important for maintaining the network, this feature is typically available to users through major cryptocurrency exchanges, like Binance and Coinbase. Yet, according to Gauthier, this has been problematic due to the questionable level of security on these exchanges.

Gauthier pointed out that storing XTZ on a Ledger hardware wallet and then providing users with a platform to stake Tezos creates a much more secure solution. Moreover, he noted that the cryptocurrency industry is heading in a direction where hardware capabilities are being combined with software features:

“Hardware will always be important. Our customers like being able to store their crypto on a Nano, which remains the most secure hardware wallet on the market. But we have to think about where the industry is growing and going – and offering Tezos staking on Ledger Live is a signal that we are moving in a direction where strong UX coupled with less friction, allows customers to interact and transact with their crypto easily, quickly and still securely.”

Staking Tezos is an example of how Ledger Live aims to integrate new services seamlessly within a single application on a smartphone or computer.

“We expect to bring more prominent features via software to our users in the future,” noted Gauthier.

Giving Users More Control

Additionally, since Tezos operates on a proof-of-stake consensus model, users can either participate by staking or by delegating their tokens to those who can stake for them. In order to stake Tezos, users must have at least 8,000 XTZ tokens. However, users can delegate their tokens to a delegation service — known as “bakers” in the Tezos community — without transferring their ownership. This allows all participants the ability to earn the rewards generated, minus the validator’s commission.

Major exchanges that provide Tezos staking also offer a delegation service and typically charge commission fees on all rewards received. Unlike those exchanges, Ledger Live lets users choose who to delegate their tokens to without applying additional fees.

“We’ve been working closely with the Tezos community to make staking more convenient. On major exchanges, users have to do everything themselves, meaning they have to find someone to delegate their coins to or go through a custodian. Ledger Live empowers users to make their own choices by allowing them to choose who to delegate their tokens to. This is part of the nature of our open platform. We want to make sure users can access their entire crypto journey through Ledger Live,” said Gauthier.

How Will The Community React?

While the integration of Tezos is important for Ledger Live to widen the array of services offered on its platform, which currently supports 1,250 ERC-20 tokens, the impact of the development will be measured by its resonance with the Tezos community.

“It will be interesting to see how the Tezos community receives the Ledger partnership,”

President and Founder of TQ Tezos, Alison Mangiero, told Cointelegraph. “Right now we have external development teams working on applications that have been integrated into Ledger, but this makes for a much more seamless user experience. It will also be interesting to see new features incorporated into Ledger Live when upgrades are made to the Tezos protocol.”

Updated: 3-6-2020

Ledger Wallet Warns of Fake Google Chrome Extension Stealing Crypto

Major cryptocurrency hardware wallet supplier Ledger has warned its users about another phishing attack trying to steal their crypto — this one using a Google Chrome extension.

In a March 5 tweet, the French crypto company specified that there is a fake extension on Google Chrome browser that attempts to steal users’ crypto by asking them to enter their 24-word recovery phrase to access their wallet.

Ledger Live Gets Removed From The Chrome Web Store

The phishing attack was reported by Catalin Cimpanu, a cybersecurity reporter at business technology news website ZDNet on March 4. According to Cimpanu, the malicious Chrome extension was first discovered by Harry Denley, director of security at blockchain interface platform MyCrypto.

According to the report, the fake Chrome extension is called Ledger Live. It tries to mimic the real mobile and desktop application Ledger Live that allows Ledger wallet users to approve transactions by syncing their hardware wallet with a trusted device.

As of press time, the fake Ledger Live extension had apparently been removed from the Chrome Web Store. According to the report, the phishing extension was downloaded at least 120 times before it was taken down.

Fake Extension Was Advertised By Google Ads

As reported by ZDNet, the malicious extension was trying to mislead users into thinking that it represented the Chrome version of the original Ledger Live app, which would allow them to check balances and approve transactions via Chrome. Users were apparently offered to install the extension and connect their Ledger wallet to it by entering the wallet’s seed phrase — a backup phrase or word seed used to get access to their wallets.

MyCrypto exec Denley, who first uncovered the phishing attack, reportedly ridiculed the malicious extension by claiming that it makes no sense to install and use such an extension with a hardware wallet that is meant to protect funds by storing cryptocurrency offline.

However, Denley still admitted that he would not be surprised if the fake extension has tricked people, adding that it’s a “big problem in the cryptocurrency area, to teach people their private keys/mnemonics should stay offline.” The malicious extension could apparently have misled some users, taking into account the fact that it was advertised by Google’s online advertising platform Google Ads, as reported by Denley.

In the warning announcement, Ledger emphasized that the platform would never ask its users for their recovery phrase, urging that to never share the 24-word seed phrase or enter it into any device connected to the Internet. This is, however, not the first time that Ledger users encountered a fake Chrome extension. As reported by Cointelegraph in early January, another malicious Chrome extension stole about $16,000 in privacy-focused cryptocurrency Zcash (ZEC).

Updated; 7-6-2020

Ledger Crypto Wallet Claims Purported Vulnerability Is User Experience Flaw

Ledger’s chief technology officer Charles Guillemet said that the recently revealed vulnerability is nothing more than a user experience flaw.

Leading crypto hardware wallet producer Ledger has denied that its product’s transaction management software featured a double-spend vulnerability.

According to Ledger’s CTO Charles Guillemet, the vulnerability recently revealed by software wallet ZenGo is — in fact — nothing more than a user experience flaw. He illustrated the nature of its hardware wallet companion software Ledger Live to Cointelegraph:

“It’s important to understand that rather than an attack, the actual flaw may be seen more as a clever piece of trickery. Trickery is not a vulnerability. However, we do want to prevent anyone from falling victim to these kinds of clever schemes. […] It’s just a UX issue that could be used by a dishonest product buyer. ”

The Claims Are Not New

ZenGo’s claims are closely related to those released by Bitcoin Cash (BCH)-focused firm BitcoinBCH at the end of 2019. At the time, the firm’s CEO Hayden Otto explained in a video how a Bitcoin (BTC) point-of-sale solution misled merchants into believing non-confirmed transactions were final and accepting them.

Like BitcoinBCH, ZenGo noted that Bitcoin’s replace-by-fee (RBF) feature can easily allow users to replace an unconfirmed transaction with a new one with a different target address that has a higher fee. It is worth noting that this feature only makes it easier to leverage the non-finality of unconfirmed transactions, a thing that is harder, but still possible without RBF.

Furthermore, ZenGo’s report also points out that RBF “does not introduce any new vulnerabilities in itself” and instead “it explicitly puts the responsibility on wallet applications and users’ to identify unconfirmed transactions as unsafe.” This is confirmed by Guillemet:

“We want to thank ZenGo for having responsibly disclosed this issue to us. […] We do want to prevent anyone from falling victim to these kinds of clever schemes. A way to prevent this is of course to make sure that any transaction is first confirmed. Ledger Live is releasing an update on July 2nd. A warning is now displayed on pending transactions.”

ZenGo said that it was awarded a bug bounty for bringing attention to the issue.

Updated: 7-29-2020

Data Breach At Crypto Wallet Firm Ledger Exposes User’s Personal Info

Hardware wallet provider Ledger said its marketing database was breached between June and July.

Major cryptocurrency hardware wallet provider Ledger has alerted customers to a data breach it faced in June and July.

In an email on July 29, the company said it was made aware of the breach on July 14 when a researcher participating in its bounty program reached out with details of a potential vulnerability on their website.

While they were able to fix the breach immediately, a further investigation by the team found that an authorized third party carried out a similar action on June 25.

The individual used an API key to access the marketing and e-commerce database the company used to send promotional emails.

According to Ledger, this compromised the email addresses of almost one million people. The firm added that, for a subset of 9,500 customers, details such as first and last name, postal address and phone number were also exposed.

The company claimed the API key used to access the database has since been deactivated.

After investigating the matter in tandem with third parties and confirming the breach, Ledger said it notified the French Data Protection Authority, CNIL. Reassuring their users of their funds’ security, Ledger wrote in a blog post:

“Your payment information and crypto funds are safe […] Regarding your e-commerce data, no payment information, no credentials (passwords), were concerned by this data breach. It solely affected our customers’ contact details.”

The company also said that it is monitoring online marketplaces to find evidence of the stolen data being sold, but has found none so far.

Ledger advised users to be vigilant regarding phishing attempts by malicious scammers and said it would never ask them for their recovery phrases.

Updated: 8-5-2020

A Newly Discovered Vulnerability In Ledger Wallet Could Be Disastrous If Not Properly Fixed

Ledger has failed to fully fix a major vulnerability that allows for a “Bitcoin Fork” attack.

A recent report contends that the Ledger app has failed to fix a major vulnerability that allows for a “Bitcoin Fork” attack.

Mo Nokhbeh has claimed that Ledger’s wallet fails to properly isolate the apps responsible for authorizing the transactions of different assets. This creates a vulnerability where a user’s wallet can be fooled into authorizing a transaction for a less valuable asset — such as Litecoin (LTC), Bitcoin Cash (BCH) or any other Bitcoin fork coin — when in reality, a Bitcoin (BTC) transaction is being released. Nokhbeh told Cointelegraph:

“This app should be isolated such that it only signs for testnet derivation paths. However, sending it a regular mainnet bitcoin transaction will pass. In addition, it will present the TX as if it’s testnet bitcoin, to a testnet bitcoin address.”

According to Nokhbeh, he made Ledger fully aware of this vulnerability, and despite acknowledging it, the company has failed to fix it. Instead, they have chosen to release an update to their existing app that will provide users with a warning prompt if such an exploit is detected.

Updated: 8-30-2020

Ledger CTO Discusses Wallet’s Safety After Multiple Security Setbacks

What’s behind Ledger’s tough stint recently? Charles Guillemet, the company’s CTO, responds to all the questions and criticism.

Ledger, one of the crypto industry’s most popular hardware wallet providers, has faced multiple difficulties in recent weeks, including a breach in the company’s customer contact database and a wallet vulnerability putting users’ Bitcoin (BTC) at risk.

Are the recent events simply a summation of a few difficult weeks, or is a larger unraveling at play?

Charles Guillemet, the chief technology officer of Ledger, told Cointelegraph: “As far as the database breach, an attacker got access to a portion of our e-commerce and marketing database through a third party’s API key that was misconfigured on our website, which allowed unauthorized access to our customers’ contact details and order data.”

Ledger’s Data Breached

The breach dates back to June and July 2020. Ledger received a tip on July 14 mentioning the firm’s website and a possible associated weakness, as the report by Cointelegraph detailed.

Although Ledger repaired the issue following the tip, the company discovered that someone had already exploited the weakness on June 25, leading to nearly 1 million leaked email addresses — with 9,500 affected customers seeing other private data leaked, such as their phone numbers and names.

Guillemet said Ledger repaired the issue and disabled the troublesome API key that same day. “In addition, no payment information, credentials (passwords) or crypto funds were impacted,” he added. “This data breach has no link nor impact on our hardware wallets and the Ledger Live application,” he explained.

“Customer crypto assets have always been safe and are not in peril,” he said, crediting Ledger’s device makeup for its security, as it gives authority over funds back to the users.

Jake Yocom-Piatt, the project lead at cryptocurrency Decred, said he was not surprised by the incident, noting companies usually give less attention to their e-commerce database defenses.

“When your core product is secure hardware, it is easy to forget that the security of your e-commerce software system is also important,” he told Cointelegraph, adding: “Many larger organizations view software security as a sunk cost because it falls outside their core product offering, so they cannot market it and extract profit.”

Wallets Had A Software Vulnerability

Shortly following the data breach, Ledger device holders read about another difficulty surrounding their wallet of choice on Aug. 5, as a software vulnerability surfaced. The hole essentially provided a bridge between Bitcoin and its various forks, such as Litecoin (LTC).

Harnessing the flaw, attackers could make a transaction seem associated with one asset, while confirming the transaction on the device would approve a separate transaction for a different asset — unbeknownst to the wallet owner.

Ledger issued a software update the same day, correcting the issue. On Aug. 26, when asked for additional comments, a Ledger public relations representative pointed toward an explanation of the situation on the company’s blog posted on Aug. 5, which explained that a bounty hunter found the vulnerability, leading to Ledger’s mentioned update in response.

“We’d like to assure you that this vulnerability cannot be used to obtain sensitive data like your private keys or recovery phrase,” Ledger clarified in the write-up.

Ledger Wallets Still Effective

Despite the recent difficulties, Ledger wallets remain a popular option for crypto storage. “Ledger and other hardware wallets are a major security upgrade for the average cryptocurrency user because it prevents remote access attacks — e.g., keylogging — from succeeding,” Yocom-Piatt said, adding:

“However, the protection against remote theft that comes with a hardware wallet is typically paired with a distinct decrease in privacy since the hardware wallet supplier can see exactly which coins a wallet controls.”

Twitter user CryptoGainz tweeted out difficulties he faced when working with his Ledger wallets on Aug. 13, citing unreliable software. Although the comment came shortly after the Aug. 5 vulnerability issue, the situation proved unrelated, with CryptoGainz still expressing faith in the wallet company as a crypto storage option.

“They’re a safe way to store crypto, they just suck for trading via metamask on Uniswap,” CryptoGainz told Cointelegraph in a Twitter DM chat, citing an online wallet provider/decentralized application avenue and the latest decentralized exchange trading craze, Uniswap.

Ledger Customer Protection

Although Ledger’s wallets provide parameters for enhanced security, users still must know best practices and tactics for the protection of their assets. “We’re most worried about phishing attempts — emails from scammers pretending to be us,” Guillemet explained.

A phishing scam occurs when a malicious party sends an email, or another form of communication, disguising itself as a different person or company in an attempt to gain private information from the target.

“We’ll never ask our clients for the 24 words of their recovery phrase,” Guillemet said, urging customers to harness two-factor authentication, while also pointing toward educational information on security found on Ledger’s website.

Aside from phishing attacks, Ledger holds safeguards against malware. “Ledger devices are designed to protect users’ funds against malware on users’ computers, including fake Ledger Live applications,” Guillemet explained, referencing Ledger’s desktop application for interacting with wallet devices.

He specified that users should make sure to get the app from Ledger’s official online site or app store.

Yocom-Piatt also spoke on protection against company data breaches, such as the one Ledger suffered. “Since e-commerce systems typically have weak security, I recommend that users ordering these devices have them sent to an address that is not their primary residence,” he said.

Using a different physical address shields customers from exposure of their residence, should such a breach occur, helping guard against potential in-person Ledger wallet device theft. “Also, when possible, you should avoid using the wallet software supplied by the hardware wallet vendor to maximize your privacy,” he added.

Self-custody over assets is a major selling point in the crypto industry, although it requires knowledge and technical prowess. The complexity involved might explain the push for mainstream crypto trading products, such as exchange-traded funds in which companies custody assets for investors.

Updated: 9-18-2020

Ledger Wallet Upgrade Can Prevent ‘Dusting Attacks’

Cold wallet maker Ledger adds more privacy protection to its software suite.

Hardware wallet maker Ledger has recently upgraded its software suite to include more privacy and control over crypto transfers to help prevent ‘dusting attacks’.

A dusting attack is where a malicious actor sends small amounts of Bitcoin to a wallet to break the privacy of users for further attacks.

Ledger Live version 2.11.1 introduces a new feature called Coin Control which gives users the ability to adjust transaction settings to include more privacy or optimal fee usage.

The announcement added that the feature works through its ability to manage Hierarchical Deterministic (HD) wallets, or multiple different Bitcoin addresses. Now, users can select the addresses they want to use for transactions using Coin Control instead of the previous default First-in, First-out (FIFO) method of automatically using the oldest address.

This matters because it prevents third parties tracking those transactions through tiny amounts of BTC, called dust, which are worth less than the transaction fees. This dust can be used to trace the identity of the owner through analysis since these tiny unspent transaction outputs (UTXOs) can accumulate. A large scale dusting attack was carried out on Litecoin users in August 2019.

Ledger Stated That With Coin Control, Users Can Simply Choose To Not Use This Tiny UTXO, Adding;

“As such, they cannot track any movements. In short: it can be a game changer when it comes to your privacy.”

Other features on the software upgrade include an optimization of the network fee structure by allowing users to choose UTXOs with higher value, thus reducing the byte size of the transaction. It also has the ability to select specific addresses for transfers should there be a need to keep payments separated.

Reddit Users Applauded The Upgrade With One Adding;

“This will make dust attacks useless. Also having the ability not to include small inputs when fees are high is great. I’ve been waiting for this feature. Thumbs up!”

Others asked for more functionality such as the addition of TOR, which is open-source software that facilitates anonymous communications. The addition of personal nodes was also requested as some users have trust issues when using a centralized company like Ledger.

Updated: 10-10-2020

Ledger Wallet Company Passes Official Security Audit

The process was meant to ensure that customer information is handled properly by the company.

Ledger, a crypto company providing a number of hardware wallet solutions, has obtained a successful System and Organization Controls, or SOC, Type 1 test.

Friedman LLP, a New York-based accounting firm, ran the SOC 2 Type 1 test on Ledger, according to a statement provided to Cointelegraph:

“By obtaining the SOC 2 Type 1 report, we are now able to provide an additional layer of verified security to our clients, assuring that the Vault solution is secured at all times and that we have the processes in place to ensure availability.”

A crypto storage solution for larger players and companies, Ledger Vault operates as a custody wing under the broader Ledger company.

The SOC 2 exam analyzes a company’s security by way of an audit, verifying the proper handling of customer information by service-based entities. “As a proof of compliance to the AICPA auditing procedure, SOC 2 Type 1 report shows that a SaaS [software-as-a-service] firm has best practices in place,” a blog post from RSI security explained.

“It gives potential customers the assurance that a service organization has passed the said auditing procedure, and that their data is safe if they work with the SOC 2-compliant company,” the post added.

In contrast, a SOC 2 Type 2 exam raises the bar, testing against more in-depth standards while requiring a longer time horizon for a green light.

During the SOC 2 Type 1 analysis, Friedman investigated Ledger on a number of levels, including its disaster recovery strategy and its security, as well as a host of other technical specifics.

“Receiving this attestation is an achievement as it shows our processes and systems are streamlined, documented and overall secure,” Ledger’s chief technology officer, Charles Guillemet, said in the statement. Next year, the company aims toward securing a SOC 2 Type 2 approval, according to comments in the statement from Ledger CEO Pascal Gauthier.

The exam green light comes after Ledger suffered a database leak several months ago, which exposed customers’ information. The popular hardware wallet company fixed the root of the problem following the incident.

Crypto exchange Gemini announced that it had similarly passed its SOC 2 Type 2 test in January 2020.

Updated: 10-12-2020

Ledger Wants To Help MicroStrategy Secure Its $400M Bitcoin Treasury

Square’s SubZero cold wallet is great, but Ledger Vault is better says the company’s VP of Product.

Ledger is mostly known for its consumer-facing hardware wallets, but since last year, a number of enterprises have also begun to use Ledger Vault, according to the company’s vice president of product, Jean-Michel Pailhon.

This product is focused on providing custody solutions to enterprise clients. In fact, the Ledger team is currently trying to sell MicroStrategy on the advantages of its product.

MicroStrategy is a business intelligence company that made a splash in August 2020 by converting a large portion of its treasury into Bitcoin (BTC). More recently Square, who just acquired $50 million worth of Bitcoin, developed an in-house open-source SubZero framework to secure its assets.

Pailhon said that both employ HSMs, or Hardware Security Modules, for the management of digital assets. HSMs have been used for decades for securing critical data and are generally considered invulnerable.

Though SubZero may be a great framework, Pailhon opined that its best suited for tech companies like Square that know how to deploy and manage HSMs. He said that Ledger will set these up for its clients, and that “they don’t necessarily need to know how it works. They just need to use the solution.”

We asked Paihon to walk us through onboarding a company like MicroStrategy. He said that one of the first steps would be to decide how many people will be involved in authorizing transactions, a typical setup would require 2-of-3 signatures; where perhaps, the CEO, chief financial officer, and general counsel hold one signature each.

All the private keys would be stored on an HSM. At the same time, parts of the private keys may be stored in several physical vaults.

When a company officer wants to initiate a transaction, he would log into Ledger Vault and input the desired transaction. Then, a notification would be sent to all three signatories. To approve it, they would have to log in and connect their Ledger Blue hard wallet to their computer.

Finally, they would enter their unique Ledger Blue pin to sign the transaction. There is also an additional layer of protection, which involves one of the signatories choosing to abort the transaction altogether, provided that the minimum number of signatures had not yet been authorized.

Pailhon elaborated that though Ledger provides the backend and takes care of the HSM infrastructure, the client acts as its own custodian. This may present a problem as some companies may be required by law to use a regulated custodian. He explained that this does not present a real challenge though:

“If you need a regulated custodian, you can ask a regulated entity to become one of the signees in the transaction process.”

Meanwhile, MicroStrategy has not named its Bitcoin custodians, though it publicly acknowledged the associated risks:

“While we hold the bulk of our BTC assets with established cryptocurrency custodians, a successful security breach or cyberattack could result in a partial or total loss of our BTC assets in a manner that may not be covered by insurance or indemnity provisions of our custody agreements with those custodians.”

Updated: 10-16-2020

Ledger’s Recent Security Audit Was Unconnected To Their Data Breach In June

It seems the review was already in process before the attack ever occurred.

Popular hardware wallet company Ledger recently announced that they had passed a notable security evaluation, known as SOC 2 Type 1. This certification came following a significant data breach the company suffered in June. Ledger did not, however, decide to conduct its security audit because of the breach, according to comments from a Ledger representative.

“Ledger is always seeking to raise the security standards and has been working on getting the attestation prior to the data breach,” the representative told Cointelegraph.

News of Ledger’s completed SOC 2 Type 1 audit came in October, essentially giving the market a level of confidence based on a trusted mainstream security benchmark.

“The SOC II attestation refers both to the System, in this case, Ledger Vault only, and the Organization: Ledger as a whole,” the representative explained. “Hence, if the SOC 2 Type 1 only applies to Ledger Vault, the Ledger organization as a whole has been audited (onboarding of collaborators, third party interactions, etc.).”

Ledger was made aware of a database weakness in July, which they quickly patched. The company, however, also uncovered a previous large data breach that occurred in June, which leaked thousands customers’ names, addresses, and other potentially sensitive information.

Kristy-Leigh Minehan, Former CTO of Core Scientific, told Cointelegraph “SOC2 Type 1 is about assessing the design of a security process (or processes) at a specific point in time (or, as of a specified date).” She clarified:

“They would only be evaluated up until the point when they executed it, not necessarily when they were awarded it.”

Updated: 11-6-2020

Ledger Owners Lose 1.1 Million XRP To Scam Site

After a major leak of email and personal information earlier this year, Ledger customers are experiencing a surge in phishing attempts.

Phishing attempts and scams against Ledger wallet owners are on the increase with one such scam netting more than 1,150,000 XRP from its victims.

The scam used a phishing email that directed users to a fake version of the Ledger website that substituted a homoglyph in the URL — in this case a letter that looked like the letter ‘e’ but wasn’t. On the fake site, victims were fooled into downloading malware posing as a security update which drained the balance from their Ledger wallet.

According to community run fraud awareness site xrplorer, the XRP collected from the scam was sent to Bittrex across five deposits, but the exchange was “unable to seize [the XRP] in time.”

In a similar ongoing scam, a phishing email that appears to be sent from the official account for “Team Ripple” appeals to Ledger users by offering an XRP giveaway to “whitelisted addresses” as part of a “Community Support Program.” The registration process involves handing over your Ledger seed phrase or crypto private key in order to qualify for the non-existent program.

In an email to customers sent on Jul. 29th of this year, Ledger acknowledged that it had been the victim of a data breach in which close to a million email addresses were compromised, along with the personal details of a subset of 9,500 customers.

Although the vulnerability leading to the leak on the Ledger website was quickly patched, the damage had already been done, and scammers appear to be coming up with creative ways to use the addresses to trick Ledger users into giving up their coins.

The idea of crypto credential phishing via homoglyph-containing URLs is not new and scams employing this tactic have been targeting XRP holders across the course of the entire year, even before the email leak.

In 2018, scammers set up a fake Binance site, complete with an SSL certificate. However eagle eyed users noticed the ‘n’ had been replaced with a version that included an underdot (ṇ).

In March, creators of a fake Google Chrome extension for Ledger managed to steal 1.4 million XRP in less than a month.

Updated: 11-30-2020

Former Digital Head At Luxury Brand Group LVMH Takes Role At Ledger

Ian Rogers, newly appointed as a chief experience officer at Ledger, says digital assets are moving from “science fiction” to the mainstream.

The revolving door between traditional finance and the crypto space is well established. Now, executives from the luxury goods sector appear to be following in their steps.

Ian Rogers, formerly the chief digital officer at LMVH, is taking on a new role as “chief experience officer” at Ledger, the well-known French crypto hardware and software maker. LMVH was formed in 1987 from the merger of high fashion house Louis Vuitton and Moët Hennessy, which itself formed from a merger of champagne maker Moët & Chandon and cognac producer Hennessey, back in 1971.

The newly-created role of chief experience officer involves taking charge of business-to-consumer operations and “reinventing the user experience” of Ledger’s products.

In An Official Statement Rogers Gave An Insight Into How He Plans To Approach This New Role:

“I remember when you couldn’t simply say ‘go to my website’ […] You had to first explain the concept of the internet […] I love those moments when technology moves from science fiction to mainstream. Digital assets are standing on the verge of this move.”

Rogers further referred to the “inevitable transformation” from marginal, geek technology to mass product, and to the cryptocurrency “revolution” when speaking of Ledger and the nascent digital assets industry.

At LMVH, where he worked from 2015 onwards, Rogers’s work involved overhauling the e-commerce strategy at luxury brands and implementing new technologies, such as big data and AI, to help with this goal. Prior to his time at LMVH, he worked at Apple Music, Yahoo Music and Beats music, having begun his career as a website developer for the American band The Beastie Boys.

Cryptocurrencies have often been described as a finance “counterculture,” both in academic papers and the mainstream press, due to their origins in libertarian and cypherpunk movements. Now that their appeal has broadened, and their relationship to mainstream finance has become ever more intertwined, Ledger’s move to onboard luxury brand executives is, perhaps, not as surprising as it would have been in the industry’s earlier, more offbeat days.

Updated: 12-20-2020

Ledger Users Threaten Legal Action After Hacker Dumps Personal Data

A cybersecurity expert claimed the affected users would be targeted online and in person now that their personal information had been made public.

The hacker that breached hardware wallet provider Ledger’s marketing database earlier this year has released personal data for thousands of users, prompting many to threaten the firm with a class-action lawsuit.

According to a tweet from network security firm Hudson Rock’s Alon Gal, a hacker allegedly behind the breach of personal data from hardware wallet Ledger in June has made all the information they obtained available online. This reportedly includes 1,075,382 email addresses from users subscribed to the Ledger newsletter, and 272,853 hardware wallet orders with information including email addresses, physical addresses, and phone numbers.

“This leak holds major risk to the people affected by it,” said Gal. “Individuals who purchased a Ledger tend to have high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments in a larger scale than experienced before.”

In a response on Twitter, Ledger said “early signs” seemed to confirm that the released information was from the June data breach that compromised the personal data of many of its users. Following news of the hack, many Ledger users reported being targeted through phishing attempts. Some said they received convincing-looking emails asking them to download a new version of the Ledger software.

“We are continuously working with law enforcement to prosecute hackers and stop these scammers,” said Ledger. “We have taken down more than 170 phishing websites since the original breach.”

After experiencing months of reports on phishing attacks, many users were seemingly unsatisfied with Ledger’s response.

“If any lawyers want to start a class action suit, I’m sure many of us will jump on board,” said Twitter user Ryan Olah. “This has just gotten 10,000x worse now.”

Though someone’s tokens are most likely not in danger of being siphoned out of Ledger wallets, users could potentially compromise their own funds by falling for such phishing attempts sent to the affected emails or phone numbers. Many have reported that such attacks have been trying to trick them into giving up their seed phrases, prompting Ledger to reiterate:

“Never share the 24 words of your recovery phrase with anyone, even if they are pretending to be a representative of Ledger. Ledger will never ask you for them. Ledger will never contact you via text messages or phone call.”

However, some Ledger users pointed out that phishing attacks are just one possible threat they may face now that their physical addresses are public. People with a large amount of crypto holdings run the risk of being kidnapped and held until they give up their tokens, as was the case with Singaporean entrepreneur Mark Cheng in January.

“This is a serious breach and I am concerned that people now have our addresses,” said Twitter user Paul Smith. “What’s stopping them from knocking on our doors? Saying sorry, frankly, isn’t enough.”

Updated: 12-21-2020

Ledger Users Threaten Legal Action After Hacker Dumps Personal Data

A cybersecurity expert claimed the affected users would be targeted online and in person now that their personal information had been made public.

The hacker that breached hardware wallet provider Ledger’s marketing database earlier this year has released personal data for thousands of users, prompting many to threaten the firm with a class-action lawsuit.

According to a tweet from network security firm Hudson Rock’s Alon Gal, a hacker allegedly behind the breach of personal data from hardware wallet Ledger in June has made all the information they obtained available online.

This reportedly includes 1,075,382 email addresses from users subscribed to the Ledger newsletter, and 272,853 hardware wallet orders with information including email addresses, physical addresses, and phone numbers.

“This leak holds major risk to the people affected by it,” said Gal. “Individuals who purchased a Ledger tend to have high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments in a larger scale than experienced before.”

In a response on Twitter, Ledger said “early signs” seemed to confirm that the released information was from the June data breach that compromised the personal data of many of its users. Following news of the hack, many Ledger users reported being targeted through phishing attempts. Some said they received convincing-looking emails asking them to download a new version of the Ledger software.

“We are continuously working with law enforcement to prosecute hackers and stop these scammers,” said Ledger. “We have taken down more than 170 phishing websites since the original breach.”

After experiencing months of reports on phishing attacks, many users were seemingly unsatisfied with Ledger’s response.

“If any lawyers want to start a class action suit, I’m sure many of us will jump on board,” said Twitter user Ryan Olah. “This has just gotten 10,000x worse now.”

Though someone’s tokens are most likely not in danger of being siphoned out of Ledger wallets, users could potentially compromise their own funds by falling for such phishing attempts sent to the affected emails or phone numbers. Many have reported that such attacks have been trying to trick them into giving up their seed phrases, prompting Ledger to reiterate:

“Never share the 24 words of your recovery phrase with anyone, even if they are pretending to be a representative of Ledger. Ledger will never ask you for them. Ledger will never contact you via text messages or phone call.”

However, some Ledger users pointed out that phishing attacks are just one possible threat they may face now that their physical addresses are public. People with a large amount of crypto holdings run the risk of being kidnapped and held until they give up their tokens, as was the case with Singaporean entrepreneur Mark Cheng in January.

“This is a serious breach and I am concerned that people now have our addresses,” said Twitter user Paul Smith. “What’s stopping them from knocking on our doors? Saying sorry, frankly, isn’t enough.”

Updated: 12-21-2020

Doxxed Ledger Users In Danger Of Physical Harm

Ledger hardware wallet users might be in danger of physical attacks, with their addresses part of the user data dump by suspected hackers.

While users affected by the Ledger data dump are threatening legal action, some wallet owners might be at the risk of being visited by criminals. According to a Redditor named “u/relephants,” some users have begun receiving threatening emails demanding a $500 payment or else risk being attacked in their homes.

This development opens up another risk factor for Ledger users whose private information has been leaked by the hacker. Apart from home invasions, the affected Ledger owners also have to deal with phishing and SIM swapping exploits, among others.

Actual robberies connected to Bitcoin (BTC) are not uncommon, especially when the victim is known to be a holder of the popular cryptocurrency. Back in September 2019, a Norwegian millionaire was reportedly forced to jump from his second-floor balcony to escape armed robbers.

The Ledger data dump also offers in stark relief the dangers of centralized storage of customer data. Meanwhile, United States authorities are pushing for stricter Know Your Customer compliance for noncustodial wallet owners.

Updated: 12-23-2020

From SIM-Swaps To Home-Invasion Threats, Ledger Leak Has Cascading Consequences

As soon as he learned he was among the thousands of Ledger customers whose personal information had been published online Sunday, JimboChewdip, as he’s known on Twitter, acted fast. Not fast enough, however.

JCD, as we’ll call him, spent Monday morning changing his passwords, only to get a notification a new device had been added to one of his two-factor authentication (2FA) accounts. He then tried to log into his email. It was locked.

“Within minutes I started getting notifications about password changes on Coinbase, Binance, Dropbox,” he later told CoinDesk. “I tried to call T-Mobile over Wi-Fi but it wouldn’t work with the SIM disabled so I reached out to them on Twitter and got someone from Support to lock my account.”

At the same time, JCD posted a Twitter thread about the situation.

“By the time I got into my Coinbase Pro account and checked the balance, there had been a sale of the coins I held to bitcoin and one withdrawal of the entirety of my account,” he said. “No response from Coinbase support.” Around $2,000 worth of cryptocurrency was gone.

While he can’t prove the SIM-swap attack executed against him was tied to the Ledger leak, “the timing is certainly suspicious,” he said.

The data dump exposed for anyone to see 1 million email addresses and 272,000 names, mailing addresses and phone numbers belonging to people who had ordered Ledger’s devices, which store the private keys for cryptocurrency wallets. The number of people affected was much higher than the 9,500 the company estimated when it disclosed a hack in July.

The incident illustrates the tangible harm such leaks can inflict, the variety of ways people’s data can be used to compromise them and raises questions about how and if certain data should be retained at all. If someone gets into a centralized repository of sensitive information, it’s all there for the taking and subsequent leaking.

Hackers are taking advantage of the situation in a variety of ways, including using the data to pursue SIM-swap attacks like one carried out against JCD. Such an attack involves tricking employees of a telecommunications provider into porting the victim’s phone numbers to the attacker’s device.

This allows the attacker to use or bypass 2FA to access crypto wallets or social media profiles, for example.

Even more ominously, some users have received physical threats. In one instance, a user allegedly received an email from someone trying to extort their cryptocurrency by saying they were “not afraid to invade their home.”

Je Regrette

With the U.S. government and some top cybersecurity companies being breached by a months-long cyber-espionage campaign, governmental mandates for data retention may be due for reconsideration.

“Data breaches are extremely common. The only difference with this [Ledger] breach is that those affected are juicy high-value targets for spear phishers and con artists,” said Jameson Lopp, the chief technology officer (CTO) at crypto custody startup Casa. “As such, criminals will go to more extreme efforts than they would with other data breaches because the potential payout is much higher per targeted user.”

On Tuesday, Ledger, based in Paris, tweeted that “there has been a new wave of phishing attacks taking place since yesterday, threatening our users physically” and that victims should never pay the ransom.

In an interview, Ledger CEO Pascal Gauthier emphasized first and foremost how sorry he was the hack and the subsequent leak had occurred in the first place.

“I want to put an emphasis on how sorry we are because I think it’s important for our clients, to know that what affects them affects us,” he said.

He said the initial hack was, in part, a result of the company scaling so quickly and that he and incoming Chief Information Security Officer Matt Johnson would be announcing a new data policy and plan to further address the leaks in January.

Gauthier said the physical threats were likely phishing attempts and that the company was allegedly seeing those emails go out in multiple languages, meaning the likelihood someone would actually attempt to physically attack a user was slim.

“When it comes to crypto, it’s much cheaper and much easier to do a phishing attack from home than to attack someone at their home,” he said. “Attackers will go for the cheapest attacks, and phishing is definitely the cheapest attack before doing anything else.”

As other companies including rival hardware wallet maker CoinKite, seemingly in response to the leak, announced they would wipe user data after a certain period, Gauthier questioned the legality of such actions, given that tax requirements mandated some subset of user data be kept for 10 years, he said. (“We are compliant with Canadian regulation,” said a representative for Toronto-based CoinKite,)

Gauthier also noted that data breaches have been steadily increasing, and this is an issue that goes beyond Ledger.

“The problem of hacking and having your data leaked is not so much a question of if, it’s more a question of when,” he said.

‘Purge It ASAP’

Crypto trader Scott Melker put JCD in touch with Haseeb Awan, the CEO of Efani, a cybersecurity company focused on preventing SIM-swap attacks. Efani offers 11 layers of authentication when it comes to SIM cards, but every account has a minimum of seven authentication steps when a user wants to replace the SIM card.

Awan helped JCD secure his number and PIN in short order. If he hadn’t, said JCD, much “more damage could have been done.”

“With the Ledger hack, we’ve noticed at least a 10-times increase in our victim helpline call volume, and we anticipate it to keep on growing as the holiday approaches since there’ll be no support for the victims from their existing carriers,” said Awan. “Criminals generally attack after-hours or on holidays since victims are generally not paying attention to their phones and can’t access support due to holidays.”

Awan said the Ledger list is a honeypot of potential targets for criminals that’ll be used over the next few months for different types of attack. The most common ones will likely include cell phone SIM swaps or email compromises. Instances of identity theft or accessing someone’s physical address were a lower risk, he said.

Lopp said his biggest takeaway from the Ledger data dump was that “information wants to be free. It is fundamentally impossible to guarantee that any data you store won’t be leaked.”

The only foolproof way to prevent leaks is to not collect data in the first place, he said. The second-best option is to only hold data as long as it’s needed and automatically purge it once you are finished using it, something Gauthier said Ledger is looking into.

Lopp added that while holding email addresses for the long term for marketing purposes is completely understandable, holding the names, physical addresses and phone numbers of customers once a delivery was complete and the return window expired is harder to justify.

And it could have been worse: The leaked data was only from the past year or two of orders, not the whole order history dating back to 2014, when Ledger released its first product.

“Don’t collect what you can’t protect. Personal information should be treated like toxic waste,” said Lopp. “If you must collect some PII [personal identifiable information] for business purposes, purge it as quickly as possible to minimize the amount of data you have on hand at any point in time.”

Updated: 12-24-2020

Ledger Data Leak: A ‘Simple Mistake’ Exposed 270K Crypto Wallet Buyers

Ledger wallet users face mounting home invasion and other scareware threats as hacker dumps private customer information online.

The hacker likely responsible for Ledger’s security breach in July recently dumped a large amount of data exposing the personal information of over 270,000 customers, including phone numbers and physical addresses. The leak also included 1 million emails of Ledger wallet owners and customers that were signed up to the company’s newsletter service.

Amid the furor caused by the incident, Ledger says its focus is on improving its security infrastructure rather than reimbursing users for any losses that may occur. Meanwhile, some affected customers are reportedly considering taking legal action against the company in the form of a class-action lawsuit.

The Ledger customer data leak also offers fresh fodder for the debate against implementing more Know Your Customer compliance protocols, critics of which argue that such measures encourage targeted cyber attacks aimed at exposing critical personal data.

Over 270,000 Personal Account Details Compromised

As mentioned, the hacker presumably responsible for breaching the Ledger e-commerce database back in July dumped the personal information of thousands of affected users online.

The company was blamed on social media for not providing better protection of user data and downplaying the extent of the initial breach. At the time, the hardware wallet maker declared that only 9,500 customers were affected by the security breach.

Addressing the disparity in the reported number of people affected, Ledger issued a statement on Dec. 21 declaring that the leak covered more material than it was able to analyze earlier in the year.

However, the company affirmed that customer funds remained safe, adding: “This data breach has no link nor impact on our hardware wallets, the app or your funds. Your crypto assets are safe. While very truly and sincerely regrettable, this breach concerns only e-commerce related information.”

Responding to the incident via Twitter, Ledger CEO Pascal Gauthier remarked that the leak was indicative of the growing threat of cyberattacks. Appearing on the What Bitcoin Did podcast with Peter McCormack, Gauthier commented on the nature of the breach, stating that it was the result of a mistake in the company’s e-commerce stack.

“It’s a wrong API key that got coded on the map client to import the database from the store that got coded in the wrong placements and so, therefore, was coded where it should not have been coded and exposed the database to a simple attack,” explained Gauthier.

Amid the reactions to the leak, some cybersecurity experts highlighted that the incident was another pointer to the lack of encryption deployment by database administrators in storing user data. The Ledger CEO addressed the lack of encryption on the API keys, adding that it was an honest mistake and not a deliberate attempt to jeopardize customer safety by failing to hash API keys.

Commenting on the leak, Ruben Merre, CEO of hardware wallet maker NGRAVE, remarked that the incident was reflective of rapid growth among crypto firms coming at the expense of security considerations. He added: “So many online platforms get hacked, and not necessarily because of the hackers’ skill. Often, platforms just have bad security governance, let alone implementation.”

‘Scareware’ And Other Risk Factors

The data leak has triggered another round of phishing attacks as rogue actors, now armed with the emails of Ledger users, attempt to trick the wallet’s customers into revealing their 24-word seed phrase. Even before the data dump, such phony emails were a regular occurrence.

However, the exposure of phone numbers and personal addresses potentially opens up Ledger users to more risk factors.

Some users have reported attempted SIM swapping attacks on their numbers with the hacker presumably trying to compromise two-factor authorization protocols.

Crypto investors have been targets of SIM swap attacks in the past. Back in June, Richard Yuan Li was charged with conspiracy to commit wire fraud in connection with a series of SIM swap attacks that targeted over 20 individuals.

Apart from phishing and SIM swap exploits, the data leak also opens up the possibility of the risk factors moving beyond scareware into the realm of actual physical attacks. Indeed, some users affected by the incident claim to have received threatening messages asking for payments or risk possible home invasions.

The Ledger CEO has acknowledged the possibility of physical attacks as a result of the company’s oversight, and has also assured users that their hardware wallet devices contained several protective protocols to safeguard against the theft of funds.

Among these security measures is the use of incorrect pincode entries to format devices or a second password that displays a dummy account, leaving the owner’s actual funds safe from bad actors.

Additionally, the consensus among security experts on social media is that consumers should be using post office box addresses or other public pickup locations instead of their actual home addresses for sensitive items like a Ledger hard wallet.

For those with compromised phone numbers, the best line of action appears to be getting a new number and using a new email address to communicate the change to important contacts.

While affected customers continue to deal with the fallout of the leak, Ledger says it is working to prevent future occurrences. In a statement to Cointelegraph, the company stated:

“We are doing everything in our power to cease these attacks and avoid situations like this in the future. Ledger has a set of measures in place to protect our users from falling victims to phishing attacks. We have set up a webpage sharing the anatomy of phishing attacks so users can avoid falling for them and report any new attacks.”

Affected Users Threaten Legal Action

Some affected users began advocating for legal action against Ledger immediately following the reported leak. There is even a “Ledger wallet leak” subreddit on the Reddit platform, where users are discussing possible modalities for a class-action lawsuit.

With its headquarters in Paris, Ledger falls under the laws of the European Union. In November, the European Parliament adopted legislative amendments that will allow EU customers to institute class-action lawsuits against companies operating in the region within the next two years.

According to the ruling at the time, once passed into law, class-action lawsuits can be filed against companies operating in the EU for cases involving financial services, tourism and data protection, among others.

Ledger’s EU customers will require a qualified consumer protection body or some other recognized entity to represent the complainants. However, unlike U.S. laws, punitive damages from EU class-action lawsuits are restricted to the actual losses incurred by the class of plaintiffs.

Apart from customers filing a lawsuit against the company, the data leak might also constitute a breach of privacy in the eyes of European regulators, specifically under the EU General Data Protection Regulation. In such situations, the EU has the ability to fine Ledger up to 4% of its revenue.

Indeed, with the Ledger CEO having admitted to the company anonymizing user data improperly, the company could come under scrutiny from EU officials. Recital 26 of the GDPR mandates all companies to ensure complete removal of all the information that can identify users from their cache of stored or processed data.

Updated: 1-13-2021

Ledger Adds Bitcoin Bounty and New Data Security After Hack

Rogue actors at e-commerce partner Shopify exposed 20,000 new Ledger customer records, including emails, names, postal addresses and phone numbers.

Matt Johnson, Ledger’s new Chief Information Security Officer (CISO), had no choice but to hit the ground not just running but, well, sprinting. His first week of work entailed scrutinizing the fallout from an extensive data dump of customer information, among other areas such as data security and increased attacks that would come as a byproduct of bitcoin pumping.

In the aftermath of the largest hack in company history, and a little over a week after Johnson started, the hardware wallet company Ledger has announced its first measures to address the data breach and ensure such a hack doesn’t happen again.

These include working with blockchain analytics firm Chainalysis to hunt the hackers, offering a 10 BTC (+11.78%) bounty for information leading to the hacker’s arrest and creating a comprehensive review of what information the company holds onto, where it’s stored and how long it’s retained.

Simultaneously, Ledger revealed that because of rogue actors at e-commerce partner Shopify, 20,000 new customer records, including emails, names, postal addresses and phone numbers, along with what products were ordered, have been exposed.

The Ledger Hack

Ledger publicly revealed that customer information had been compromised in July 2020. At the time, the company estimated 9,500 customers had been affected by the hack. In the following months, CoinDesk documented a string of convincing phishing attempts executed by the hackers, including emails that mimicked official Ledger correspondence and text messages.

Then, in December 2020, a data dump “exposed 1 million email addresses and 272,000 names, mailing addresses and phone numbers belonging to people who had ordered Ledger’s devices, which store the private keys for cryptocurrency wallets,” as CoinDesk reported. The number of people affected was much higher than the original estimate of 9,500.

A rash of SIM swaps were reported in the days following the data dump and some customers started getting extortion emails, including threats of violence.

In an interview last December, Ledger CEO Pascal Gauthier told CoinDesk the initial hack was, in part, a result of the company scaling so quickly, and that he and incoming CISO Matt Johnson would be announcing a new data policy and plan to further address the leaks in January.

Now, Ledger has released new information about the hack, revealing that it was likely due, in part, to rogue actors at Shopify, its e-commerce partner at the time.

Shopify’s Rogue Agents

On Dec. 23, 2020, Ledger was notified by Shopify of an incident “involving merchant data in which rogue member(s) of their support team obtained customer transactional records, including Ledger’s. The agent(s) illegally exported customer transactional records in April and June 2020,” according to a blog post.

Shopify told Ledger the data breach was part of its disclosure in September 2020, which involved over 200 merchants. Until Dec. 21, 2020, though, Shopify had not “discovered that Ledger was also targeted in this attack.” Shopify told Ledger it is continuing to investigate and that the issue had been reported to law enforcement.

In conjunction with forensic firm Orange Cyberdefense, Ledger examined the 292,000 stolen data records. It found that while the database is quite similar to the personal information exposed in the previous attack, there were 20,000 new customer records compromised.

The company said it notified customers who were affected on Jan. 13.

Ledger’s Data Security After The Hack

First and foremost, in a blog post, Ledger reiterated the company will never ask customers for their 24 recovery words, which can be used to access bitcoin and crypto wallets. They also stressed that as long as customers had not shared these words, their Ledger hardware devices were secure.

“We are announcing changes in the way Ledger will collect and handle customer data: keeping personal data for as short a time as legally possible, minimizing the display of personal data in emails, moving needed data in a further segregated environment as soon as possible, and creating a secure channel for communicating 1:1 with our customers via Ledger Live,” the authors, including new CISO Matt Johnson, wrote.

First, Ledger is changing the way it stores data. In an interview, Johnson said that while he would prefer not to have to hold user data at all, the company is legally obligated to do so for a period of time.

But Ledger is looking to go beyond what privacy is required by the European Union’s General Protection Data Regulation, according to Johnson.

“By going beyond the GDPR, what we mean is not ‘holding data longer than GDPR requires’, but quite the opposite,” said Johnson.

“Our goal is to delete data such as name, address, and phone number as soon as possible, even if we would be allowed to keep them under the GDPR. Some data, however, we will need to keep to fulfill our legal obligations such as accounting or tax requirements, and this data will be further segregated to limit its access.”

Delete, Delete, Delete

Moving forward, Ledger will delete data from its e-commerce partner as well as move customer data to a database that can’t be accessed from the internet as soon as your order is fulfilled, before deleting it as soon as they’re legally able.

The company will also be deleting names, addresses and phone numbers from confirmation emails sent to customers so that this data is not passed through third-party e-commerce email providers.

The email and social media will only be used for marketing messages and announcements, Ledger Live accounts are being set up to communicate technical and security information, seemingly to avoid instances of previous phishing scams, in which scammers encouraged Ledger users to download important security updates via genuine-looking emails.

Finally, Johnson will be doing a comprehensive review of third parties handling the data.

“I will be going through and doing an examination of every single one of our third parties that we have to share or have the transmission of the data with as part of the supply chain,” said Johnson in a Zoom call.

“We’ll be going through and looking at making sure that all of their processes are appropriate and rigorous, because if we’re entrusting our data to them, we need to be 100% sure that they are actually operating to the best of their capability to meet all of those minimal requirements, and preferably push them to go beyond that.”

A Bitcoin Bounty And Law Enforcement

Ledger is working with various law enforcement agencies as well as the blockchain analytics firm Chainalysis. It has even set up a bitcoin bounty for information related to those responsible for the hack.

“We’re running down leads so we can actually be able to recover, if that’s at all possible, stolen funds if it’s landing on exchanges,” said Johnson. “We want to make sure information is all being obtained in a legal way and shared directly with law enforcement agencies.”

Johnson said Ledger wants to make sure all information gathering is done legally and “above board” with the goal of prosecuting the individuals responsible.

The blog post qualified the bitcoin bounty, stating that the BTC will be disbursed at the discretion of Ledger and will take a variety of factors into consideration.

In echoing Johnson’s comments, these include whether the information has been obtained legally, whether it’s new, how substantial it is and how far it would go toward furthering the investigation and successful prosecution.

The company also hopes it can collaborate with other companies and individuals in the crypto industry to fund this bounty. It envisions a general purpose bounty fund, a sort of foundation to fight scamming and phishing attacks across the industry.

“We are actively trying to do things to protect and improve that ecosystem,” said Johnson.

Protecting Your Bitcoin Even When Recovery Phrase Is Shared

The Ledger engineering team is also developing a product that “will protect the funds of a user even if they had shared their recovery seed with an attacker.”

Jerôme De Tychey, Global Head of Client Success at Ledger, said in an email the majority of the phishing attacks rely on making the Ledger Nano owners reveal their 24-word phrase.

Scammers seize on that opportune moment of panic where the owners believe their funds to be at risk. Remembering crucial safety measures at that moment is not always possible, especially when the scammers pose as Ledger support staff.

“We are acknowledging this problem and we will soon release a technical solution that will remove the 24 words as the single pillar of the security of our hardware wallets and will open the door to funds insurance as well,” said De Tychey in an email to CoinDesk.

Moving ahead, how and when these changes are clarified and implemented will go a long way toward regaining users’ trust. But they represent a step forward for Ledger’s security in the aftermath of an extensive data breach, and just may work for the crypto community more generally.

With bitcoin and other altcoins booming, the security around crypto tools and products is an iterative process.

“There are always these new avenues that people attempt to exploit,” said Johnson. “So we have to do that continual reassessment and ask what else we can do to make this even more secure than what it is today.

Ledger wallets haven’t been compromised, so they’re going after the human elements time and time and time again. So what else can we do? What else can we do to help protect the end customer? Because these are real people.”

Updated: 3-16-2016

Ledger Doubles Down On Institutional Crypto With New Business Unit And Hiring Push

Banks used to tell Ledger they wanted to do “blockchain, not bitcoin.” Not anymore.

Ledger, the brand most people associate with hardware wallets, is doubling down on institutional business with a new unit and an aggressive hiring plan.

Announced Tuesday, Ledger Enterprise Solutions will drive forth the firm’s institution-focused Ledger Vault, the first crypto custody technology to be publicly linked to a major bank in the form of Nomura and the Komainu consortium, which recently raised $25 million.

As large financial institutions look to enter the new realm of digital assets, a handful of specialized custody technology firms, such as Anchorage, BitGo, Fireblocks and Curv (recently acquired by PayPal), are hoovering up this hand-holding business. Meanwhile, large corporate entities are also joining the party, following the likes of Tesla and MicroStrategy.

“We took the decision to create an independent business unit with around 50-60 people, aiming to grow that to about 120 people by the end of the year,” said Ledger Vice President of Business Solutions Jean-Michel Pailhon, who is leading the new division. “The Leger Vault solution we created in 2018 has lived within the larger group, and now it needs to come into the light a little bit more.”

Joining Pailhon’s leadership team is newly appointed VP of Sales and Partnerships Alexandre Lemarchand. Beefing up things on the engineering side, Ledger Enterprise has hired former SIX Digital (SDX) developer Alex Zinder as VP of engineering and former Thales engineer Laurent Castillo as VP of technical architecture.

Ledger’s institutional custody tech clients include Komainu, Crypto.com, Uphold, Bank Frick, BitStamp and Nexo.

Komainu, a joint venture between Ledger, Nomura and CoinShares, went live in June after a two-year test period. Komainu’s recent $25 million seed round was led by hedge fund billionaire Alan Howard.

“We were a little ahead of the curve when we launched Komainu during a bearish market cycle, but that also gave us time to grow and develop and we have learned a lot,” Pailhon said in an interview.

Two or three years back, big banks would tell Ledger they wanted to do “blockchain and not bitcoin,” Pailhon said.

“The good news is that it’s now time for all the banks and institutional players to enter this market,” said Pailhon. “And guess what? Most of them are not equipped to build this from scratch and are looking for partners.”

Updated: 4-9-2021

Ledger Faces Class Action From Phishing Scam Victims

Ledger and Shopify are facing a class-action lawsuit over sensitive information regarding 270,000 of Ledger’s customers that was stolen by Shopify employees.

Ledger and Shopify have been hit by a class-action lawsuit over a major data breach that saw the personal data of 270,000 hard wallet customers stolen between April and June 2020.

Phishing scam victims John Chu and Edward Baton filed the lawsuit in California against the crypto wallet provider and its e-commerce partner Shopify on Tuesday.

The plaintiffs alleged that the firms “negligently allowed, recklessly ignored, and then intentionally sought to cover up” the data breach. The data was stolen when rogue employees of Shopify accessed the company’s e-commerce and marketing database for Ledger, with the hackers then selling the data on the dark web.

“Had Ledger acted responsibly during this period, much of that loss could have been avoided,” they claim.

The pair are seeking redress for the damages caused by the breach, requesting “all relief allowed by law, including injunctive relief.” Chu lost $267,000 worth of Bitcoin (BTC) and Ether (ETH), and Baton lost $75,000 worth of Stellar (XLM) in phishing scams that impersonated correspondence from the firms.

The data, spanning full names, email, phone numbers and shipping addresses, was eventually posted on the website RaidForums in late December. The lawsuit accuses Ledger in particular of failing to “individually notify every affected customer or admit to the full scope of the breach.”

“Ledger’s and Shopify’s misconduct has made targets of Ledger customers, with their identities known or available to every hacker in the world. Ledger’s persistently deficient response compounded the harm. In failing to individually notify every affected customer or admit to the full scope of the breach.”

While it has yet to be proven if the firm knew the full scope initially, it published a blog post in July 2020 stating that 9,500 users had their data leaked at the time.

Ledger fully acknowledged the data leak on Jan. 13 in a blog post that confirmed that access to its user database had been a result of the Shopify hack while announcing changes to how it stores data, communicates with customers, and it also offered a 10-BTC bounty fund for information leading to the successful arrest and prosecution of the hackers.

Updated: 5-19-2021

Ledger Hardware Wallet Provider Sees 500% Revenue Surge In Q1

The crypto bull market of early 2021 was a boon to Ledger’s top line. The company is looking to fill hundreds of positions as it expands its business operations.

Ledger, a leading cryptocurrency security and infrastructure company, reported a dramatic increase in first-quarter sales, underscoring the strength of the bull market through the first three months of 2021.

Revenues surged over 500% between January and March, the company reported Wednesday. Ledger said it was profitable during the quarter, but didn’t disclose actual figures.

Ledger is the company behind the Ledger Nano S and Nano X hardware wallets, which allow users to self-custody digital assets such as Bitcoin (BTC). It competes for market share with Trezor and several other lesser-known wallets.

“The entire industry is in hyper-growth, and we are proud to be a part of it,” said Ledger CEO Pascal Gauthier, touting his company’s “talented and hard-working team.”

Ledger is expanding its in-house capacity significantly, with over 150 open positions needing to be filled. On Wednesday, the company announced that it had filled two executive positions headed by former leaders of eToro and Opera. The company recently filled the role of vice president of NFTs, or nonfungible tokens, as it expands its services to artists and NFT management.

Importantly, Ledger appears to have recovered from a high-profile leak in December 2020 that exposed 270,000 crypto wallet buyers. The company affirmed that the security breach did not affect the safety of user funds. Nevertheless, it resulted in a negative public relations backlash against the company.

It remains to be seen whether companies like Ledger will continue their rapid expansion in the face of broader market headwinds. Crypto markets sold off sharply on Wednesday, with Bitcoin sliding below $40,000 and the broader altcoin market following suit. Peak to trough, the market shed $1 trillion from its mid-May high of around $2.5 trillion.

Updated: 6-17-2021

Scammers Mail Out Fake Hardware Wallets To Victims Of Ledger Data Breach

Ledger customers have reported receiving fake replacement devices in the mail, designed to phish private security information.

The consequences of Ledger’s major data breach continue to be felt almost a year later. One contributor to the r/Ledgerwallet forum on Reddit, writing under the tag u/jjrand and self-identified as one of those affected by the breach, has posted images of what appears to be a fake Ledger Nano X wallet received in the mail.

Wrapped in seemingly authentic packaging, the device nonetheless included several tell-tale signs that sparked the contributor’s suspicion. Most jarringly, the package came together with a poorly written letter claiming to be signed by Ledger CEO Pascal Gauthier, telling its recipient:

“For security purposes we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again.”

Aside from the letter, u/jjrand also received a fake manual, enclosing instructions regarding how to use the device and, crucially, asking that the user enter their private Ledger recovery phrase to connect their cryptocurrency wallet to the new hardware.

On the basis of further images showing the device’s circuit board uploaded to Reddit, security researcher Mike Grover told BleepingComputer that the fake device was tampered with:

“This seems to be a simply flash drive strapped on to the Ledger with the purpose to be for some sort of malware delivery. All of the components are on the other side, so I can’t confirm if it is JUST a storage device, but […] judging by the very novice soldering work, it’s probably just an off the shelf mini flash drive removed from its casing.”

Grover highlighted a section of the back of the device, showing the flash drive implant and noting that “those 4 wires piggyback the same connections for the USB port of the Ledger.”

On the basis of Grover and BleepingComputer’s analysis, it appears that the heist is designed to intercept the user’s entered recovery phrase in order to reroute the details to a device controlled by the scammers, which they can then use to steal the associated cryptocurrency holdings.

“The fake user guide in the Nano’s box asks the user to connect the device to a computer.

To initialize the device, the user is then asked to enter his 24 words in a fake Ledger Live application. This is a scam. Do not connect the device to your computer and never share your 24 words. Ledger will never ask you to share your 24-word recovery phrase.”

While the warning is included as part of Ledger’s online list of phishing campaigns of which the company is aware, it is unclear whether the company has reached out to users directly, especially those whose leaked details may leave them more susceptible to falling for the ruse.

Cointelegraph has reached out to Ledger for comment and will update this article with further information regarding this issue.

As previously reported, other consequences of the data leak have included Ledger users receiving emails from extortionists threatening physical violence or other criminal attacks.

The original data breach had occurred in June and July 2020 and included 1,075,382 email addresses from users subscribed to the Ledger newsletter. It notably also involved the leak of personal information (including home addresses) associated with 272,853 hardware wallet orders.

Updated: 10-1-2021

Creating A Bitcoin Taproot Account In Ledger Live

What Is Taproot?

Taproot is Bitcoin’s latest and most significant network upgrade since SegWit in 2017. Taproot consists of a bundle of improvements to the Bitcoin protocol. These improvements are expected to boost Bitcoin’s privacy, efficiency, and smart contract or scripting capabilities. You can learn more about Taproot and how it improves Bitcoin here.

Taproot automatically activated at block height 709,632 on November,14th 2021.

Taproot activation was done via a soft fork. A soft fork is an optional change to the rules of the Bitcoin network that needs to be approved by each Bitcoin node. Fortunately, the Taproot upgrade is backwards compatible. Backwards compatibility means that nodes that have upgraded to Taproot still retain full compatibility with nodes that have not.

Ledger fully supports Taproot and is bringing its full capabilities to all Bitcoin users.

What Changes For Me?

With Taproot now supported by Ledger, you are able to create a new type of Bitcoin account in Ledger Live: a Taproot account.

Taproot accounts join the list of available Bitcoin account options alongside Legacy, SegWit, and Native SegWit accounts (more on these account types here).

Depending on your Ledger device, creating a Taproot account first requires a series of updates.

Ledger Nano X

  • Update Ledger Live through the notification banner or download the latest release of Ledger Live from the Ledger Live download page. Learn how to update Ledger Live.
  • Open Ledger Live and connect your Nano X device to the Manager.
  • Ensure that your Ledger device is running firmware version 2.0.0 or higher. If not, please update.
  • Update the Bitcoin app to version 2.0.1.
  • Navigate to the Accounts tab and click the +Add account button.
    Add account window appears.
  • In the drop-down menu, select Bitcoin (BTC) then click Continue.
  • Toggle Show all address types, select a Taproot account, click Add account then Done.

Ledger Nano S

  • Update Ledger Live through the notification banner or download the latest release of Ledger Live from the Ledger Live download page. Learn how to update Ledger Live.
  • Open Ledger Live and connect your Nano S device to the Manager.
  • Ensure that your Ledger device is running firmware version 2.0.0 or higher. If not, please update.
  • Update the Bitcoin app to version 2.0.1.
  • Navigate to the Accounts tab and click the +Add account button.
    Add account window appears.
  • In the drop-down menu, select Bitcoin (BTC) then click Continue.
  • Toggle Show all address types, select a Taproot account, click Add account then Done.

Can I Send Bitcoin From A Taproot Account To A Non-Taproot Account?

  • Yes, Taproot accounts are fully compatible with non-Taproot accounts.
  • This means that you can safely send BTC from a Taproot account to a Legacy, SegWit, and Native-Segwit account and vice versa.

Why Should I Use A Taproot Account?

Taproot accounts can create more efficient and private Bitcoin transactions.

Taproot introduces an improved cryptographic scheme called Schnorr signatures. Transactions that leverage Schnorr signatures take up less space inside Bitcoin blocks and are easier to verify. While this won’t translate into a dramatic reduction in transaction cost, Taproot users might notice a slight improvement in overall transaction speed and a very mild reduction in fees.

Regarding privacy, Taproot harmonizes the on-chain footprint of Bitcoin transactions. Without Taproot, it’s very easy for a malicious actor to observe the Bitcoin blockchain and tell a transaction involving multiple signatures (also known as a multisig transaction) from a transaction involving only one signature.

Multisig transactions are typically used to secure large amounts of Bitcoin so their users would rather not have their transactions easily flagged on the blockchain.

By aggregating any number of signatures into a single signature, Taproot can create transactions that all look identical on the Bitcoin blockchain, regardless of how many signatures were involved. As Taproot slowly becomes the new standard for transacting on Bitcoin, so will privacy improve for all Bitcoin users.

On a final note, Taproot also helps Bitcoin scale because signature aggregation reduces the cost of creating and executing complex Bitcoin transactions such as creating Lightning Network channels. You can learn more about the Bitcoin Lightning Network here.

As updates continue to occur with Taproot and Bitcoin, we will continue to provide secure and transparent information for you to use your Ledger devices seamlessly.

For additional information follow @Ledger and @LedgerSupport.

Updated: 3-3-2022

Ledger CTO Warns Crypto Users About The Dangers Of ‘Blind Signing’

“Don’t trust, verify,” says Charles Guillemet, the CTO of hardware wallet firm Ledger.

With the recent attack on OpenSea highlighting blockchain vulnerabilities, Charles Guillemet, the chief technology officer of Ledger warns users about “blind signing,” which he defines as “consenting a transaction to be signed blindly, without understanding what it means.”

In an interview with Cointelegraph, Guillemet broke down the problems and highlighted issues with blind signing.

The Ledger chief technology officer notes that consenting to transactions requires signing a message to be sent to the blockchain.

A user is the only one capable of signing transactions with the private key, while others can verify if it’s correct. “The issue is that this message is not intelligible by default. It’s a digital payload,” says Guillemet.

Guillemet also explained that when a coin transfer is signed, it’s normally supported by a wallet that “properly parses the payload and displays its intent.”

However, when it comes to signing complex interactions with smart contracts, Guillemet says that “parsing the display is not always properly supported and you have no choice but consenting blindly for a transaction that you don’t understand.”

“It’s risky because you can think you’re signing a transaction to move part of your funds to address A while you actually sign a transaction to move all your funds to address B.”

The security expert also gave examples where blind signing led to significant losses. In the most recent OpenSea exploit, users encountered a phishing attack that resulted in the loss of $1.7 million worth in nonfungible tokens (NFTs).

Guillemet notes that in this incident, the attackers tricked their victims into blind-signing a message that made them consent to sell all their NFTs for 0 ETH.

“The attacker had only to sign a transaction saying “I’m ok to buy these NFTs for 0 ETH,” and then presented these two messages to OpenSea to actually execute the transaction swapping 0 ETH against all the victims’ NFTs.”

When asked what he thinks is the solution to the issue of blind signing, Guillemet turned to an old crypto adage, “don’t trust, verify.” He tells crypto users to “always verify the transaction you consent to sign.”

One suggestion that the security expert brought up is signing transactions using trusted displays that can be found on hardware wallets.

Updated: 3-11-2022

Block’s Bitcoin Wallet Will Contain A Fingerprint Sensor For Transactions

The payment giant’s new wallet will also be powered by a rechargeable lithium polymer battery and USB-C port.

Payments firm Block (SQ), formerly known as Square, said the bitcoin (BTC) wallet it is building will enable fingerprint sensors for transactions, according to a company blog post on Friday.

* “For transactions that require using the wallet hardware, we want our customers to be able to unlock their wallets securely, but with ease – an unlikely combination that historically has not existed in the market,” the company said in the post.

* The hardware component of the wallet will use a rechargeable lithium polymer battery and USB-C port to power the device.

* The wallet will not have a display as Block said it doesn’t want to create a new interface that customers will need to learn in order to use the wallet.

* Block announced in July that it was moving forward with plans to build a bitcoin hardware wallet.

Updated: 3-19-2022

A Detailed Guide On How To Lose All Your Bitcoin Investments

Jokes aside, you already know how to secure and protect your crypto investments. Now, it’s time to talk about how to lose them all.

Let’s say you want to lose your Bitcoin totally, irretrievably and forever. Hey, it’s not our place to wonder why.

Maybe it’s part of some elaborate performance art piece, like the guy who destroyed all his possessions or perhaps you’ve always been big fans of electronic music outfit The KLF, who famously burned 1 million pounds on a remote Scottish island.

Or, your reason might be more mundane and you simply don’t want your soon-to-be-divorced spouse to get their share of the investment you both know you own.

Whatever your reason, we’re not here to judge. And, while we’re usually in the business of helping people protect their coins, it’s easy enough to reverse engineer security to help you lose them in the fastest and easiest way possible.

Brag About Your Bitcoin

If you’ve got it and wish to lose it, flaunt it. Want to get rid of that Rolex weighing down your wrist? Pair it with a t-shirt, flash it about in a crowded bar and then take a walk through a bad part of town after dark — you’ll soon find yourself relieved of your timepiece.

It’s the same with Bitcoin. You want the world to know you’re a Bitcoiner and, ideally, that you’ve stacked enough sats for it to be worthwhile stealing them. So, tell them.

Add laser eyes to your social media profiles, keep tweeting those diamond hands and don’t forget about the offline world either.

Be sure to boast about your mastery of Bitcoin to all your friends, family and, most importantly, new acquaintances. You never know who will be tempted to start probing your defenses in order to relieve you of your investment.

Keep It On-Exchange

In the early Wild West days of Bitcoin, losing your coin was child’s play, as there was no shortage of disreputable exchanges that would help you lose your investment.

If you kept your coins in a hosted wallet, it was only a matter of time before the exchange went bust like Mt. Gox, got hacked, lost coins by engaging in fractional reserve banking or the owners absconded (or died) with your keys.

The exchange market has matured significantly in recent years, with enhanced security measures such as two-factor authentication and even published proof-of-reserves and proof-of-custody.

Don’t be disheartened: As long as you entrust your keys to a third party, anything could happen — and probably will.

Exchanges still go bust with reassuring regularity. Even more encouragingly, governments are now actively targeting Bitcoiners’ wealth.

And, not just traditional authoritarians like China and Russia, the Canadian government recently instructed financial institutions — including cryptocurrency custodians — to freeze the accounts of anyone who donates even a small amount to the “trucker protests.”

Even if you have a strong password and 2FA protecting your exchange account, you never know what other vulnerability might be exploited to gain access and drain it. If you’ve got your coins on-exchange, relax: They’re in unsafe hands.

Write It Down

Things get a little trickier if you’ve decided to self-custody your Bitcoin offline in a secure hardware wallet. Or do they? After all, when you hold the keys yourself, the power to lose your coins is completely in your hands.

Why wait for an exchange to go bust when you can start adopting security “worst practice” today?

The secret to making your wallet insecure lies in your seed phrase, the string of words you use to generate your private key.

The simplest way to lose your coins is to memorize your seed phrase and then delete or destroy any record of it. A few months on, hardly anyone has a hope of recalling every word in the correct order.

But, what if you’re cursed with an eidetic memory? Easy: Write it down. Even better, do it twice in physical pen-and-paper form, ideally kept near your hardware wallet.

And, for good measure, record it in a cloud-based document where anyone with a will can access it through a brute-force attack. This is particularly effective if you regularly remind people you hold wealth in Bitcoin.

Disinherit The Next Generation

This one is for those who like playing the long game. You know the phrase “you can’t take it with you?” Well, with Bitcoin, you can.

If you haven’t considered inheritance planning, then your entire investment will likely go to the grave with you, joining the estimated 3.7 million BTC (around 18% of the coins there will ever be) that has already been lost forever.

Of course, this requires you to reverse the principles above: If you really want to cheat your children out of their inheritance, you need to make it as difficult for them to gain access to your keys as any attacker.

So, if that’s the way you want to go, don’t tell your heirs, don’t write down your seed phrase, and do get a hardware wallet.

Even better, cut your 24-word seed phrase into many pieces and store them in many hidden holes around the world with no recovery instructions whatsoever. Your heirs won’t thank you at all.

Whatever you do, just make sure your Bitcoin storage and security providers don’t have a specific and robust protocol for inheritance planning.

You can rest easy in the knowledge that not even the Devil himself will get your wealth when you pass on.

If, for some reason, you do want to protect your Bitcoin, just ignore everything I’ve written. Even better, do the opposite.

But, all you’d be doing is securing your investment in the only censorship-resistant and inflation-proof store of value ever invented. And, why would you want to go and do something as dull as that?

Updated: 4-5-2022

Ledger Launches NFT-Focused Hardware Wallet Nano S Plus

The new Ledger Nano S Plus is the sixth hardware wallet produced by Ledger since the firm introduced its first wallet HW1 back in 2015.

Ledger, a major supplier of hardware wallets designed for secure storage of cryptocurrencies like Bitcoin is launching a brand new wallet specializing in nonfungible tokens (NFTs).

The new product, called Ledger Nano S Plus, is the next generation to the original Nano iteration released in 2016, and is designed with NFT collectors’ needs in mind, Ledger announced to Cointelegraph on Tuesday.

The new Ledger Nano S Plus is the sixth hardware wallet produced by Ledger since the company introduced its first wallet HW1 back in 2015, chief experience officer Ian Rogers told Cointelegraph.

The product is also the first hardware wallet that Ledger has released since the debut of the Ledger Nano X in 2019.

The Nano S Plus combined with the recent support of “clear signing” technology through Ledger Live aims to provide a safer user experience for Web3 customers.

While the new Ledger wallet natively supports the secure management of NFT transactions, some previous iterations of Ledger wallets have also supported NFTs, Rogers noted:

“Ledger Nano users have always been able to store NFTs on their devices through partners, on the Ledger Nano X, and now Ledger’s software application Ledger Live prioritizes NFT support where users can view their NFTs in Ledger Live and securely transact through clear signing.”

Clear signing technology aims to provide all the details of a transaction, removing the risk of “blind signing,” or consenting to a potentially risky transaction, the executive explained.

Ledger chief technology officer Charles Guillemet had previously warned users about the risks of blind signing blockchain transactions in the aftermath of a major phishing attack targeting the world’s largest NFT marketplace OpenSea in February.

The latest news comes shortly after Ledger released a limited edition of the Ledger Nano S Plus in early March, dropping 10,000 devices for pre-order at $79 each.

Launched in 2014, Ledger is one of the world’s largest providers of hardware cryptocurrency wallets, which are physical devices designed to store a user’s private keys.

The company has sold over 4.5 million wallets and launched six different wallets so far, including HW1, Unplugged, Blue, Nano S, Nano X and Nano S Plus. The company has stopped producing the first three iterations so far.

Updated: 4-14-2022

Crypto Wallet Firm Ledger Integrates Tax Solution To Simplify Reporting

The new tax integration aims to relieve crypto investors from having to manually calculate their tax bills.

Major cryptocurrency hardware wallet provider Ledger is moving to help crypto investors keep track of their taxes by integrating a new crypto tax-related solution.

Ledger has partnered with cryptocurrency tax software ZenLedger to integrate its crypto tax reporting solution into Ledger’s interface application, Ledger Live, the firm announced to Cointelegraph on Thursday.

The new tax feature is immediately available on Ledger Live and can be found in the discover section of its catalog.

The software tool allows users to automatically aggregate the history of all transactions completed via Ledger Live and track losses and earnings.

Jean-François Rochet, Ledger’s vice president of international development, told Cointelegraph that ZenLedger is the first tax software integration with Ledger Live:

“Multiple services are available through partners in Ledger Live to buy, sell, swap and stake your crypto, but this is the first time a tax-related service is integrated.”

Without tax reporting software tools like ZenLedger, users who chose to self-custody cryptocurrencies like Bitcoin would have to manually calculate their losses and earnings, Rochet noted.

The integration has a strong focus on the United States’ tax standard, targeting the particularly complex tax filing duties of U.S. customers.

The software tool will still be available to Ledger Live customers outside of the United States, Rochet said.

“Over 3.5 million people use Ledger hardware wallets worldwide, approximately 20% of digital assets are stored in Ledger devices, and we continue to see an increase in Ledger products used in the United States,” he stated.

Rochet pointed out that Ledger Live has already integrated several regulated financial services platforms to accommodate Know Your Customer and Anti-Money Laundering procedures, including services like MoonPay and Wyre.

“Our partnerships with MoonPay and Wyre have also allowed us to establish a better fiat to self-custody crypto on-ramp,” he added.

Founded in 2018, ZenLedger provides noncustodial crypto tax software that uses public addresses to aggregate customer transactions and ​​calculate tax liability.

Last month, ZenLedger renewed its contract with the civil and criminal investigation units of the Internal Revenue Service.

The new integration comes a few days before the looming U.S. tax deadline, with residents required to file taxes by April 18.

The crypto community has been actively working to help U.S. crypto investors report their taxes. Last month, enterprise crypto donation platform Engiven launched an IRS tax form and appraisal service to simplify tax reporting for cryptocurrency donors and nonprofits.

Updated: 5-5-2022

Bitcoin Brink’s: ​​Storied Security Firm Protects Crypto Wallets Now

Brink’s is working with Swiss crypto custody firm Metaco to facilitate the distributed storage of disaster recovery backups.

Brink’s (BCO), the company best known for moving valuables around in armored trucks, is bringing a physical security layer to the safekeeping of digital assets.

Partnering with Swiss cryptocurrency custody firm Metaco, the 162-year-old firm is helping institutions prep for worst-case scenarios.

“In the case of a catastrophic failure there’s a backup, which is typically in the form of certified, HSM [hardware security module] smart cards,” said Metaco Vice President of Strategic Alliances Seamus Donoghue in an interview.

Retail crypto holders with a hardware storage device like a Ledger Nano, for instance, will have something like a 24-word seed phrase to back it up.

But institutions investing billions on behalf of clients can have backup master keys fragmented and stored on multiple smartcards, which can be reconstituted and loaded into an HSM to recover the private keys.

This leads to a dilemma over what to do with these physical devices, Donoghue said, since investors want to avoid storing them at a central point of failure – which is where Brink’s comes in.

“Brink’s has custody locations around the globe and their specialty is secure logistics, handling banknotes for all the major financial institutions, precious metals and storage of those precious materials on behalf of institutions,” Donoghue said.

“So it was a very natural fit for the physical backup of private keys to be stored in a distributed way across multiple vaults by Brink’s.”

Updated: 5-9-2022

Staking Via Hardware Crypto Wallet: Ledger Exec Explains How It Works

Hardware wallet-based staking offers more security and freedom than staking via software wallets and crypto exchanges, according to the head of Ledger Enterprise.

As cryptocurrency staking is growing increasingly popular, one may wonder about staking opportunities of not only crypto exchanges or software wallets but also hardware wallets.

By definition, staking allows investors to earn crypto without selling their holdings but rather by delegating crypto to a staking validator to support a blockchain.

Originating from the word “stake,” the staking process refers to gaining profits and an associated passive income from crypto through a consensus mechanism known as proof-of-stake (PoS), as opposed to the mining-based proof-of-work (PoW) mechanism of Bitcoin Amid the growing popularity of PoS, staking has been growing quite popular on online crypto exchanges and software wallets, with many trading platforms actively adopting the feature.

Some hardware wallet providers have been integrating the staking feature into their portable physical devices as well.

Ledger, a major hardware cryptocurrency wallet supplier, has been actively working on its crypto staking features since debuting staking in 2019.

On Monday, Ledger introduced staking for Solana allowing investors to earn SOL by committing the cryptocurrency to support the Solana network.

The new staking feature is enabled on the Ledger Live application in cooperation with the blockchain service Figment, which provides nodes for staking using the Ledger validator.

The latest staking addition joins six coins already available for staking on Ledger Live, including Ether and others.
Staking via hardware wallets vs software wallets and exchanges

Staking coins through a hardware wallet has a number of peculiarities compared to staking via software wallets or crypto exchanges, Alex Zinder, head of Ledger Enterprise, told Cointelegraph.

“The main difference between staking on a software wallet versus staking with a hardware wallet is security,” Zinder said, noting that hardware wallets remain the “safest way for users to maintain full control of their digital assets.”

“When staking with a software wallet, you own your coins, as you own your private keys, but the security of your coins is dependent on an external source of security,” Zinder stated.

The security of coins staked on software wallets depends on the security of the user’s computer or smartphone, the exec added.

In contrast to staking on crypto exchanges, staking via hardware wallets allows investors to own and control their crypto holdings truly, as well as offers the freedom to choose a validator, the Ledger executive said.

On the other hand, staking with an exchange is easier because such type of staking requires fewer steps to follow, Zinder noted. “You don’t need the level of education required to choose between different validators,” he added.

Crypto Always Remains Online, Even On A Hardware Wallet

As hardware crypto wallets are designed to provide a form of offline storage for crypto, the process of staking coins via such wallets is sometimes referred to as “cold staking,” as opposed to “online staking” via exchanges.

At the same time, storing crypto on a hardware wallet doesn’t mean that crypto itself is offline, Zinder pointed out, stating:

“It’s critical for everyone to understand that your crypto always remains online on the blockchain even when utilizing a hardware wallet. When we talk about hardware wallets, we’re talking about private keys that are stored in a secured chip in the hardware wallet.”

“When signing a transaction, such as delegating your coins to a validator, that message is transmitted through the secure element, signed on the Nano, and then sent to the blockchain,” the exec added.

A hardware wallet is a type of noncustodial crypto wallet designed to grant the user full control of the owned crypto.

Contrary to custodial wallets, noncustodial wallets remove the need to rely on a third party that could recover, freeze or seize the user’s crypto assets. This makes the user solely responsible for storing the private keys in order to access crypto holdings.

With a hardware wallet, the user gets a device to store a cryptocurrency wallet and private keys. However, the user still has to keep the private keys safely offline as well.

 

Updated: 5-17-2022

Ledger Adding Browser Extension To Connect Hardware Wallets To Web 3 Apps

Ledger Connect is launching in beta and will initially be compatible with the Ledger Nano X and Mobile Safari.

Ledger is adding a browser extension on Safari called Ledger Connect that will allow users of Ledger hardware wallets to easily connect with Web 3 applications without the need for third party dependencies.

Ledger Connect also has a security layer that will flag customers when certain apps appear suspicious.

The new feature will initially be compatible with the Ledger Nano X and Mobile Safari. Ledger will be compatible with Ethereum and Solana during its beta launch before branching out to other protocols, the company said in a blog post Tuesday.

Additionally, Ledger says that support for its Ledger Nano S Plus and Desktop will occur at a later time.

Ledger’s vice president of product, Charles Hamel, said the development is meant to ease the process of setting up a wallet for users, since it connects one’s wallet directly to a browser with “no hackable software in the middle.”

Updated: 7-1-2022

Self-Custody Is Key During Extreme Market Conditions: Here’s What Experts Say

Self-custody is what crypto was built for, while bear markets are nothing new to Bitcoin and other cryptocurrencies, industry executives say.

The ongoing crisis of cryptocurrency lending and the associated crypto market decline once again confirms the importance of self-custody or the “true ownership” of crypto by its holder, according to several industry experts.

In June, the cryptocurrency market capitalization plummeted below the $1 trillion mark, with Bitcoin nearing its worst monthly losses since 2011. It remains to be seen whether crypto lending would survive the current crypto winter.

Still, several industry executives agree that investors can protect their assets forever by simply moving them to self-custodial or noncustodial wallets.

It’s crucial to remember that crypto financial services providers like Celsius or Babel are centralized finance (CeFi) platforms, as opposed to decentralized finance (DeFi) applications, according to Yves Longchamp, head of research at the Swiss crypto bank Seba.

“Based on this evidence, CeFi platforms need to be better regulated with a focus on risk management. It is difficult to regulate DeFi as you cannot put a smart contract in jail, or simply close a DeFi application,” Longchamp said in a statement to Cointelegraph on Wednesday.

One way to regulate the overall crypto market is to regulate the crypto user in the first place by providing education and investor protection tools along with reliable products from an independent source, the executive said, adding:

“In the spirit of blockchain, self-administration is key: Crypto holders should own their coins in non-custodial wallets. If a user is to make smart decisions they need to be well-informed on the risks they are undertaking.”

Longchamp also argued that algorithmic stablecoins like TerraUSD (UST) are “unstable” and “should be avoided.” CeFi should focus on transparent asset-backed stablecoins, he said.

According to Brian Norton, chief operating officer at MyEtherWallet, crypto investors now have enough tools to realize that they do not have to rely exclusively on CeFi to make trades and mitigate risks.

Norton noted that crypto winters provide time and opportunity for people to learn how self-custody is done, adding:

“If you are relying exclusively on centralized platforms, even when the yields are great, you’re still giving up a good deal of control over your digital assets. […] Self-custody is what crypto was built for, and what we are seeing right now is not unusual.”

Crypto self-custody is about letting consumers fully control their keys and the fate of their crypto, according to Adam Lowe, chief product and innovation officer at the Arculus crypto wallet.

“Self-sovereignty supports balance and self-regulation, and is beneficial to the entire digital asset ecosystem,” Lowe said in a statement to Cointelegraph.

 

Updated: 7-6-2022

Investors Take Bitcoin Off Exchanges As Crypto Winter Settles In

* Crypto Whales Withdrawing Funds From Exchanges, Glassnode Says
* Coinbase Overtaken By Binance As Most Popular Bitcoin Exchange

As the crypto winter deepens, only the staunchest Bitcoin investors are still holding onto their tokens — but not on the exchanges.

Investors in the world’s biggest cryptocurrency are going into hibernation mode with on-chain activity dropping by 13% in early July from November’s highs — levels last seen in the bear phases of 2018 and 2019 when Bitcoin was worth less than $10,000 — according to a Glassnode analysis.

The risk-off market mood is spreading to the cryptocurrency exchanges as investors withdraw and stow their coins off-line in crypto wallets instead. The exchanges have seen their balances drop more than 20% from a Jan. 20 peak, according to Glassnode.

“Bitcoin has seen a near complete expulsion of market tourists, leaving the resolve of HODLers as the last line standing,” according to a Glassnode newsletter dated July 4. Bitcoin fell below $20,000 last month for the first time since 2020.

While several activity levels — a demand indicator — have trended downward in recent weeks, there still appears to be a stable holder base, as prices hover around $20,000.

HODLers — stalwart investors who refuse to sell — are evident as Glassnode says relatively flat transaction activity shows continued Bitcoin consolidation.

Key levels to watch for Bitcoin are $18,910, a level that prices have dipped below twice in mid-June, and $21,557, around its late-June highs, according to Craig Johnson, chief market technician at Piper Sandler Companies.

“There’s no fundamentals for crypto, of course. It’s just purely price action,” Johnson said in an interview on Friday. “You’re just going to look at this and say, until you break out of that range — up or down — you are not going to make any conclusion that there’s a trend change yet. We’re just short-term consolidating in the context of a longer-term downtrend.”

A close above $26,000 or $28,000 could finally put a stop to the downward slide the token has been on since April, Johnson said.

The rout in Bitcoin has hit Coinbase Global Inc. the hardest as the exchange saw a drop of 450,000 Bitcoin over the last two years.

Binance, which recently partnered with TikTok creator Khaby Lame and soccer star Cristiano Ronaldo, has seen an increase of 300,000 Bitcoin over the same timespan, making it the most popular Bitcoin exchange, per Glassnode and TXMC.

Recent breaks in operations, such as Coinflex’s and Vauld’s pause in withdrawals and CoinLoan’s reduction in withdrawal amounts, have decreased investor trust in exchanges.

Illiquid supply increased by 223,000 Bitcoin in June as investors migrated funds to wallets from exchanges, according to Glassnode data.

Of that 223,000, large-scale crypto holders made up much of that outflow from the exchanges as they withdrew over 140,000 tokens in June.

These whales have been responsible for exchange outflows of almost 8.7 million, or over 40% of the global supply of Bitcoin.

“The Bitcoin bear is in full swing, and in its wake, the HODLers of last resort are the last ones standing,” Glassnode said.

 

Updated: 7-21-2022

Hardware Wallet Industry To Outstrip Crypto Exchanges

Global crypto exchange revenue is estimated to grow at a 13% CAGR by 2028, while the hardware wallet market is expected to exhibit a CAGR of 27% by 2027.

The crypto hardware wallet industry could be growing at a faster pace than cryptocurrency exchanges, data from several studies suggest.

The current bear market has accelerated the development of the cold wallet industry, while many centralized crypto exchanges were scrambling to maintain operations.

According to a report by business intelligence firm Vantage Market Research, the revenue of global crypto trading platforms amounted to $330 million in 2021.

Released on July 21, the report suggests that the global crypto exchange market revenue would reach a value of $675 million by 2028 with a compound annual growth rate (CAGR) of 12.7%.

That’s at least half the CAGR related to the growth of the hardware wallet industry, other reports suggest.

The global hardware wallet market reportedly reached a value of $252 million in 2021 and is expected to reach a value of $1.1 billion by 2027, or exhibit a CAGR of 27.2%.

The concept of hardware or cold wallets has been growing increasingly popular in recent years amid major centralized crypto exchanges limiting access to funds of some users over various types of issues.

Hardware wallets became even more popular amid the ongoing crypto winter, which pushed some crypto platforms and exchanges to halt withdrawals.

That is yet another important use case for cold wallets versus crypto exchanges and lending platforms, where the user doesn’t really control the private keys and thus doesn’t control the funds.

In contrast to centralized crypto exchanges, hardware crypto wallets are not vulnerable to external manipulation as cold wallet assets cannot be frozen. However, such wallets are still prone to other risks like theft, destruction or loss.

According to some industry experts, relying on either just hardware wallets or solely on exchanges is not the best solution for cryptocurrency holders.

“It does seem like hardware wallet providers are benefiting from this debacle and I hope that more people end up learning the many ways to self-custody. I think it’s a reasonable lesson to learn from all of this,” Quantum Economics CEO Mati told Cointelegraph.

Greenspan noted that storing all money on an exchange is certainly a risk, but recent history has a lot of stories from people who tried to self-custody and lost their funds as well. He added:

“Self custody is important but not nearly as important as diversification. The only way to actually reduce risk is to diversify.”

Itai Avneri, chief operating officer and deputy CEO at the digital asset platform INX, believes that the hardware crypto wallet industry will continue to grow, “especially when more centralized and trusted exchanges fail at safeguarding customer funds because of hacks, or misuse.”

He noted that innovative firms are working on self-custody solutions that remove the risk of a customer losing or forgetting their private keys.

“It will make the process of holding your keys more friendly and reduce a major barrier to allow the retail mass market to join the crypto economy. Ideally, it should be as easy as creating an email,” Avneri added.

 

Updated: 7-31-2022

The Worst Places To Keep Your Crypto Wallet Seed Phrase

A look at the best practices and worst hiding places for what could be the most important and wealthy possession in a home — a seed phrase.

Under the mattress, in the seams of a piece of luggage or even rolled into a cigar, what are the worst and best ways for keeping a seed phrase safe? The key to unlocking and recovering cryptocurrency, a seed phrase, should be secured and safe.

Especially now that prices are low and the crypto tourists have checked out, it might be time for a crypto security spring clean. Security starts with a seed phrase, sometimes called a recovery phrase.

There’s no denying it: Bitcoin and the crypto space writ large are in the clutches of a bear market. Since Do Kwon’s Terra experiment went up in smoke, a crypto contagion has choked the most reputable of exchanges, causing many self-sovereignty advocates to chant, “Not your keys, not your coins.”

Indeed, hardly a day goes by that another “trusted” crypto lender freezes customer withdrawals. From Singapore’s crypto lender Vauld to Thailand’s crypto exchange with 200,000 customers, Zipmex, to the world-renowned Celsius exchange, many centralized lending platforms have suffered similar fates, ensuring heartbreaking consequences for customers in 2022.

These circumstances are timely reminders to look after one’s own keys and to ensure they are in a safe place.

So, while prices are low and trust in centralized exchanges (places that claim to look after crypto), also hits rock bottom, there is no better time to up the security of one’s crypto assets.

Seed Phrases Save Lives

A seed phrase, sometimes called a private key, is a list of 12 or 24 words forming a mnemonic phrase. Metaphorically speaking, a hardware wallet, or cold wallet, contains these keys providing a convenient way of sending, or “signing” funds.

If looked after properly, a seed phrase can save lives, as Alex Gladstein, a human rights activist and chief strategy officer at the Human Rights Foundation, often states.

For example, if a burglar steals a hardware wallet but not the seed phrase, it’s no critical issue — the seed phrase can be used with a new wallet.

If a government or bad actor forces you to flee, the 12 or 24 words can be used anywhere in the world to access Bitcoin or crypto funds.

Goldbug and Bitcoin skeptic Peter Schiff once bungled his seed phrase, confusing it for his pin code. That’s the first mistake to avoid. Now, here are some other examples of where not to store a seed phrase.

Open Secrets

The couple in possession of the Bitfinex billions in Bitcoin, who stored their seed phrase on their cloud storage account, take the first prize.

As Cointelegraph reported, cybercriminals Heather Morgan and her cybersecurity specialist husband, Ilya Lichtenstein, stored their seed phrase on a cloud storage account.

As such, the FBI only had to crack their iCloud password to gain access to over $4 billion in BTC at the time of reporting. The lesson here is to not store let your seed phrase on the internet. That means your Evernote notes, in a draft email or even in a low engagement tweet:

Similarly, as Cointelegraph reported, one must never type a seed phrase into a phone. Why? Because, as one Redditor realized, smartphone text prediction could actually guess a seed phrase.

Text prediction, while at times useful for tricky spelling or emojis, is counterproductive when it comes to protecting personal wealth.

Although it sounds fitting, a fridge is also not the ideal place for the “cold” storage of cryptocurrencies.

A Bitcoin enthusiast replied, “Fridge,” to the question “where is the weirdest place to store a seed phrase?” without explaining whether the seed phrase should be stored inside or on top of the fridge.

As It Turns Out, A Nonfungible Token (NFT) Fan Had Already Stored A Seed Phrase On The Fridge:

Cointelegraph’s editor-in-chief, Kristina Lucrezia Cornèr, suggested that the worst place for a seed phrase to be stored is in bad memory.

Indeed, unlike dates of historic battles, car keys or the names of acquaintances from passages of life, a seed phrase should be wholeheartedly committed to memory.

Among the more creative yet memory-exhaustive methods are memorizing “pages, lines and words from favorite books,” which for one Bitcoiner means storing the seed phrase on pages 100 to 112 of a Harry Potter text.

Which one of the eight or more books Harry Potter books is anyone’s guess.

Fortunately, there are now nifty ways to memorize a seed phrase. MTC, a Bitcoin educator who thought up the Sats Leger savings device, concocted a way to memorize a seed phrase in just 10 seconds through patterns.

Playing It Safe

But what do the experts have to say about seed phrases? Chris Brooks, founder of cryptocurrency recovery business Crypto Asset Recovery, told Cointelegraph that in his experience, human error can eradicate wealth.

People should be more worried about leaving their seed phrase or private keys in paper wallets that can be mistakenly thrown out rather than hackers or scammers. Brooks explained:

“You have a far greater chance of moving to a new apartment and losing your crypto password in the process than you do of getting hacked.”

The Brooks family behind Crypto Asset Recovery operated a “seasonal business,” as in every bull market, such as in 2017 and 2021, the crypto crackers are called upon by crypto enthusiasts who have forgotten their passwords or lost their seed phrases.

At one point in 2021, they told Cointelegraph they had up to 150 customer calls in a day. Their one big piece of advice for managing seed phrases is to keep it simple:

“So, generally speaking, our security tips are pretty basic. Get a $30 safe off Amazon or, you know, build a little wooden box that’s easily identifiable as a place for secure documents and just store your seed phrases there.”

They suggest putting anything important into that box. That way, whenever “you’re doing spring cleaning or when you’re moving houses, you’re not going to throw it out. You’re not going to shred the paper or something like that.”

However, because it’s crypto, those of a physical persuasion may be more inspired to store their seed phrases in some even more creative storage “boxes.” Bitcoin advocate Onthebrinkie 3D-printed an adult toy suitable for an OpenDime (like a USB key for Bitcoin) or a seed phrase to be hidden away.

The inspiring idea is that if an intruder breaks in, they might steal the wooden box full of important documents, but no one in their right mind would steal a sex toy.

Updated: 8-5-2022

Crypto’s Future Depends On Security, Ledger Exec Says

Alex Zinder, global head of hardware wallet maker Ledger Enterprises, joined CoinDesk TV’s “First Mover” to discuss Solana’s $5 million exploit and what crypto needs to do to broaden adoption.

Crypto exchanges and other intermediaries such as cross-chain bridges are where the latest series of crypto hacks on internet-based “hot” wallets have been taking place.

Exchanges need to put in additional security measures, said Alex Zinder, global head of hardware wallet maker Ledger Enterprises.

Zinder said on CoinDesk TV’s “First Mover” show that the crypto ecosystem’s rapid growth has increased the threat of hacks and exploits, creating safety issues “that are very difficult to manage.”

“The way we look at this problem set is security at the edges,” said Zinder. “The challenge is, as you build additional complexity into the ecosystem you have more intermediaries and different players.”

Zinder’s spoke days after the latest hack to sweep the crypto ecosystem. On Tuesday more than 8,000 Solana blockchain hot wallets were compromised, draining at least $5 million worth of Solana-based tokens from unsuspecting users.

The exploit has “renewed a focus on security,” which could be a “symptom of crypto’s own success,” he said. However, Zinder said, the Solana blockchain is not the problem.

“It’s the intermediaries, it’s the wallet providers,” he said.

Unlike the hot wallets that are always connected to the internet, Zinder’s company, Ledger, provides “cold,” or external wallets, that are not connected to the internet but stores crypto key information on hardware, such as a USB-like external device.

The crypto industry’s growth could be based on partnerships between exchanges and hardware wallet providers, he said.

“Security is really the precursor to mass adoption and scalability,” he said.

The France-based wallet maker, now valued at $1.5 billion, raised $380 million in a Series C funding round in June 2021.

While Zinder did not comment on whether his company has secured the $100 million in funding it seeks, he said Ledger has sold more than 5 million hardware wallets that hold crypto, or about 15% of the world’s crypto asset holdings.

In addition, Zinder is bullish on the use of non-fungible tokens (NFT). Here, too, he sees the need for security, especially for major corporations using NFTs to push their brands.

“If you do that incorrectly, if you compromise on security or you compromise on governance, you’re putting that audience, community and your brand at risk fundamentally,” he said.

 

Updated: 8-26-2022

Don’t Trust Your Coins To Anyone, Ledger CEO Warns

The Ledger CEO said that until people begin using decentralized technology, control over assets and data will remain in the hands of the big tech giants and centralized intermediaries.

The rise of decentralized services and hardware security wallets means that we no longer need to rely on intermediaries to manage our financial assets and data, according to CEO Pascal Gauthier of hardware wallet Ledger, who has urged people to take on more responsibility.

Speaking to Cointelegraph at Surfin’ Bitcoin 2022 on Thursday, Gauthier said that the recent collapse of centralized exchanges has showcased why investors shouldn’t rely on intermediaries to manage their digital assets.

While most actors are well intended, Gauthier said “the [crypto] industry is too young,” the current state of the economy is “under stress” and, if necessary, intermediaries will continue to prevent investors from accessing their holdings in times of need, citing the now bankrupt Celsius as a textbook example:

“Don’t trust your coins and your private keys to anyone because you don’t know what they’re going to do with it.”

Gauthier admitted the bad news added “fuel to [their] business,” but reinforced that people need to “move their coins before it’s too late.”

Though Gauthier, unfortunately, noted that people in crypto often need to “get burned a little bit” before learning the hard way.

But, he also believes that the transition from Web2 to Web3 is taking its time because in today’s internet, users are content with the speed and efficiency of Web2 services:

“A lot of people are still in Web2 […] because they want to stay in the matrix where they’re being controlled because it’s easier, it’s you know just click yes yes yes and then someone else is going to deal with your problems. It’s all good and well but actually I don’t think this is how you [become] free […] taking responsibility is how you become free.”

Gauthier added that most people in today’s society see crypto as just another way to make easy money. However, they fail to understand that it can “give them control on their assets” and provide them “financial freedom.”

Ledger was founded in 2014 and is a leader in security hardware wallet infrastructure through the use of their built-in ‘Secure Element and a proprietary operating system,” which is designed to protect digital assets. As of June 2021, Ledger had sold over three million hardware wallets.

In addition to Ledger’s security products, Gauthier said the company has also taken an educative approach to help everyday people understand what Web3 is trying to do:

“We spend a lot […] of our money […] on building content and education [to try] educate people, legislators, regulators […] for people to understand what all of this means, why it’s an opportunity, why freedom is being challenged today […] in the current society [and] why [this] technology needs to evolve in order […] to make people more free than what they are today.”

Moving forward, Gauthier said he’s excited to see how blockchain tech unfolds and what crypto applications will bring in mass adoption. Taking a 20 year horizon, Gauthier added that “what we are going to see in 20 years are somethings that we can’t really imagine yet.”

Updated: 9-21-2022

Are Noncustodial Crypto Wallets A Practical Option For The Everyday Hodler?

Noncustodial wallets are more secure than custodial wallets, but it may take time for everyday, nontechnical users to get used to them.

As crypto ownership becomes more and more common, holders will need to think about how they protect and hold their assets. The safest option is storing cryptocurrency in a personal wallet.

Crypto wallets are programs that allow users to store, send and receive cryptocurrency. Each wallet has a private key that allows the wallet to be spent.

Private keys are cryptographic strings of code that allow owners to spend the funds inside a wallet, as well as prove ownership.

Wallet information is also stored offline, reducing the risk of a hacking attempt. Everyday, non-technical crypto users can benefit from the increased security, but it may come at the cost of convenience, depending on their needs.

What Is A Custodial Wallet?

A custodial wallet is a kind of online cryptocurrency wallet that a third party manages, such as an exchange, after users make their first cryptocurrency purchase.

In other words, the exchange is the custodian, responsible for safely holding the user’s cash and keeping track of the keys. The bulk of client money is housed in cold storage hardware wallets at major United States crypto exchanges.

A custodial wallet is less secure than a noncustodial wallet. Yet, many people still choose them since they are easier to use and involve less responsibility.

If users forget their password for their exchange account, they can probably reset it through established identity verification processes.

What Is A Noncustodial Wallet?

With a noncustodial cryptocurrency wallet, users are the sole guardians of their private keys and, therefore, the assets that are being stored.

Noncustodial wallet since it removes the need for a trusted third party and, in some respects, are more secure than custodial wallets.

There are many different kinds of noncustodial wallets, including browser-based ones, software wallets for mobile phones and computers and hardware wallets.

Hardware wallets, which come in various formats, are said to provide the highest level of security for storing crypto. These digital currency wallets resemble USB drives but have a display and physical buttons instead.
Hiccups with noncustodial wallets

Noncustodial wallets are simple to set up. For software noncustodial wallets, holders need to download the wallet, back up the recovery seed phrase, or a key comprising a 12-, 18- or 24-word string of random words, and set a password.

Furthermore, if users forget their password, the seed phrase serves as a backup by which they can still access their assets.

Beyond this, there is little support for hardware wallet users should users lose their keys or fail to take the necessary operational security measures for securing the password and keys. If a user loses, deletes or forgets their key, they risk losing access to their funds entirely.

Therefore, in order to adequately protect this information, noncustodial wallet users are required to take extra measures to ensure the password and wallet are secure.

When securing seed phrases, the usual advice is for users to write them down on a piece of paper and keep them stored in a safe place.

However, it’s generally not recommended that users keep seed phrases stored on text files on their personal computers or mobile devices.

For example, personal computers and Android devices are susceptible to viruses, while notes stored on iPhones can be compromised if a user’s iCloud account is hacked. So instead, the best practice for keeping seed phrases safe is to keep them offline.

There are additional methods that users can take to secure their seed phrases. For example, Serenity Shield is a digital storage platform that enables users to recover their seed phrases in the event of loss via its Strongbox feature.

Seed information is on the blockchain as a non-transferable nonfungible token (NFT). This way, only the owner can access and read the information stored within the Strongbox.

Other than concerns about keeping them secure, the mechanics of sending transactions on noncustodial wallets can also be challenging for crypto newcomers.

Most noncustodial wallets require users to pay for transactions using the native cryptocurrency of the network upon which the token is built.

For example, if a user wants to transfer Tether (USDT) on Ethereum, they need to have Ether in their wallet to pay for gas. So, users will have to buy ETH, then move it to their wallet before they can transfer the USDT.

However, hot wallets on exchanges enable users to pay for transactions using the same token. For example, cryptocurrency exchange Binance enables users to pay for Tether transactions using USDT instead of ETH or the tokens of other networks it runs on, like Since users don’t need to hold the network’s native token, token transfers are simplified.

Some in the crypto space believe that noncustodial wallets are still not practical for everyday users who may not be concerned with backing up their own private keys.

Hsuan Lee, CEO of Portto — the developer of the Blocto multichain wallet — told Cointelegraph that when a new user “gets their hands on a blockchain app for the first time, they cannot care less if they hold the keys themselves, they simply want to get started quickly.”

Rodolphe Seynat, co-founder of Serenity Shield — a digital storage and privacy platform — told Cointelegraph, “Noncustodial wallets have a long way to go before they can be considered as viable options for everyday use.

There would have to be adoption of cryptocurrency more widely to give them a general use case for the average retail user,” adding:

“That said, I strongly believe noncustodial wallets do remain a safer, more secure and more private way for users to manage assets and position themselves well for the future.”

User-friendly?

Wallet providers have worked to make them more user-friendly over time. For example, both custodial and noncustodial wallets tend to remind users to double-check the destination addresses to avoid the funds being lost.

There is even an option to automatically copy an address by using a button, to further reduce the chances of any mistakes in the transfer process.

In addition, solutions like Coinbase Wallet enable users to set usernames when creating a new wallet. Usernames make it simple for people to send and receive crypto since they’re easier to remember, leading to fewer mistakes when transferring funds.

The wallet also lets the user decide if they want their wallet to be public (other Coinbase Wallet users can search for their username) or private.

Regarding crypto transactions, lower fees usually mean longer transaction times due to lower priority from miners, while higher fees mean faster speeds and users may not widely know this.

Therefore, many crypto wallets have the transaction fee preset at a medium level, allowing the user to send a transaction with the average transaction times.

So, sending tokens with a noncustodial wallet can be frustrating for the average, nontechnical user. In cases where users expect to send out tokens regularly, they may find a custodial wallet more convenient.

On the other hand, when it comes to long-term storage and safekeeping, noncustodial wallets are the best choice, as long as the seed phrase is kept safe.

Updated: 9-29-2022

Worried About A Financial Crisis? Enter – Self Custody

Placing bitcoin in cold storage won’t prevent losses, but it can eliminate counterparty risk.

You know what helps me sleep better at night? Having bitcoin (BTC) in cold storage.

Cold storage is an offline digital wallet that allows you to securely store your bitcoin and other digital assets through possession of unique private keys.

Unlike having your money held in a bank – which controls the funds, can lend them out freely and can even freeze the account – cold storage allows you to be your own banker and maintain full control.

That’s why I call bitcoin a bearer asset and think it’s a unique opportunity for clients of financial advisors in 2022.

What is a bearer asset, you may ask? A bearer asset entitles the holder of an asset the rights of ownership or title to the underlying property.

You’re reading Crypto for Advisors, a weekly look at digital assets and the future of finance for financial advisors. Subscribe here to receive the mailing every Thursday.

Most assets, like cash, stocks and bonds, are held by financial institutions on behalf of their customers and rely on centralized databases listing them as an asset owner.

By contrast, having bitcoin in self custody is a big benefit because it allows the owner to hold it without counterparty risk, the possibility that a third party may default on its contractual obligations.

Come hell or high water, bitcoin is secure in cold storage because the digital asset is in true possession by the owner.

Self Custody As Protection During Financial Storms

For the first time in history, we’re experiencing a year where the long-term U.S. Treasury bond, the risk-off asset, has fallen even further than the S&P, which is down over 20%.

So, if we are on the brink of a financial crisis, we’ll want to be on guard.

From experience of previous financial crises, we know that the cascading risk can lead to contagion of other assets previously thought to be “safe.”

Individuals may be responsible for losses in these environments, but custodians or other financial intermediaries can also expose assets to risk.

I’ve written previously about why bitcoin belongs in portfolios even in a bear market as well as how to think about it in a portfolio with clients.

As currency markets are beyond strained, even the New York Times is asking whether bitcoin is going to be the “flight to safety.”

My crystal ball is cloudy, but the bitcoin optimist in me thinks bitcoin is a much needed asset, as I recently tweeted, “#Bitcoin was created following the last Great Financial Crisis.

If we are entering another one, wouldn’t it make sense to have the best “outside” money you can w/o counterparty risk?”

Bitcoin provides the ability to eliminate counterparty risk, eliminate the risks of supply inflation and allows for self-custody.

All of those factors could help clients of financial advisors sleep better at night when the financial world is figuring out which side is up and which is down.

How Financial Advisors Can Help

The good news is that financial advisors can be the heros who walk clients through the cold storage process.

Clients have two options when it comes to cold storage, although the latter can allow advisors to be more involved.

* Clients can look into single signature wallets such as Ledger, ColdCard or BitBox.

* They can look into multi-signature wallets – such as Casa or Unchained – or build a DIY set-up with Caravan, Electrum, Lily and others.

I believe the use of a multisignature wallet with an advisor holding one of three or more keys will be a billable and much-needed service for clients going forward.

Today, fees range from $250 to $3,000 for self-custody help and assistance in setting up multisignature wallets. To some that may sound like a lot. But if you hold a large amount of wealth in bitcoin, it’s worth doing it right.

Enter An Advisor Who Understands Self-Custody

I’ve been fortunate enough to work with clients on self-custody both in-person and virtually around the country.

I can say from experience that helping clients understand why self-custody is important – and building their confidence in it – is tremendously valuable.

There are not many advisors today who understand all the options and can walk clients through the process.

When it comes to self-custody, a crypto-savvy financial advisor can serve as a great source of knowledge.

 

Updated: 5-16-2023

Crypto Community Reacts To Ledger Wallet’s Secret Recovery Phrase Service

Many members of the crypto community believe Ledger’s latest seed phrase recovery feature is a bad idea.

Several crypto community members, including Ledger wallet owners, have taken to social media to express their discontent following the release of Ledger’s latest feature. The newly introduced retrieval solution for its hardware crypto wallets, known as Ledger Recover, aims to offer a safeguard in case users misplace their seed phrase.

Ledger Recover is a subscription service that allows users to utilize an additional layer of protection for their private keys. This service employs a technique where the user’s seed phrase is divided into three encrypted fragments, each sent to different external entities.

Once these fragments are combined and decrypted, they can be used to reconstruct the original seed phrase.

The wallet provider shared that Ledger Recover is an optional subscription for users who want to back up their secret recovery phrase. “You don’t have to use it, and can continue managing your recovery phrase yourself if that’s why you bought a Ledger,” the company explained.

Nevertheless, the concept has enraged many in the crypto community, including security specialists.

Mudit Gupta, the chief information security officer at Polygon Labs, shared, “It’s a horrendous idea, DON’T enable this feature.” Gupta expanded further in his Twitter thread that “the problem here is that the encrypted keys parts are sent to 3 corporations and they can reconstruct your keys.”

Binance founder and CEO Changpeng Zhao chimed in on Gupta’s thread, saying, “So the seed can leave the device now? Sounds like a different direction than ‘your keys never leave the device.’”

Bitcoin investor and podcaster Chris Dunn shared, “First they exposed mailing address, phone numbers, and email addresses of their customers,” referencing the Ledger data leak that exposed users’ information in 2020. “And now they’ve put a back door into seed phrases. It’s time to say goodbye to Ledger.“

Crypto investor DCinvestor also referenced the previous data leak, saying, “Reminder that several years ago, Ledger leaked the name and home addresses for all of their customers via a data breach. The absolute last thing you want on their servers is your private key.”

Bitcoin investor and entrepreneur Alistair Milne shared, “Sure, you *could* use Ledger’s new ‘Recover’ service and give them […] your private keys controlling your assets as well as a copy of your ID and other personal information…

But why then bother with a hardware wallet in the first place?” His post suggested that Ledger’s latest recovery service undermines the whole point of self-custody via a hard wallet.

In April, Ledger launched the Ledger Nano S Plus, a specialized wallet tailored to nonfungible tokens. The Ledger Nano S Plus aims to enhance user safety and deliver an improved experience for Web3 customers who routinely trade NFTs.

This development followed Ledger’s recent integration of “clear signing” technology through Ledger Live, further bolstering user security measures.

Established in 2014, Ledger has become a prominent global player in the realm of hardware cryptocurrency wallets. The company has reportedly sold an estimated 4.5 million wallets and introduced six distinct wallet models.

Updated: 5-19-2023

Is Ledger’s New Bitcoin Key Recovery Feature Safe? Experts Have Doubts

The French wallet-maker believes the service will help attract customers turned off by crypto’s unforgiving self-custody ethos. But critics wonder whether the concept is compatible with a real hardware wallet.

When Ledger, a Paris-based hardware wallet-maker, announced a new key-recovery feature this week, it thought the move would be popular.

Allowing users to recover their private keys – much like you can recover your password if you forget it – would help onboard customers, the company believed. Potential crypto users are known to be turned off by crypto’s unforgiving self-custody ethos (“not your keys, not your coins”). But a key recovery service would offer more comfort.

Immediately, the launch of “Ledger Recover” provoked criticism.

Opponents say that the product isn’t compatible with the concept of a hardware wallet, which promises to ring-fence private keys from prying eyes.

“For a hardware wallet to transmit the seed or shares that can reconstruct the seed over the internet fundamentally alters the security threat model of a hardware wallet,” said Pavol Rusnak, co-founder of SatoshiLabs, which makes a competing hardware wallet Trezor.

“In fact, this change is so significant that I’m not convinced it’s a viable solution for a hardware wallet at all.”

The opt-in update, available for Nano X models, allows Ledger owners to use a service named Ledger Recover and share their seed phrase (a sequence of words used to recover a lost wallet) with a set of trusted custodians, namely Ledger, Coincover and EscrowTech. They will store users’ encrypted backups for a monthly fee.

According to the company, this allows users to restore access to their crypto if they forget or lose their seed phrases. By using the service, they would be able to ask Ledger for help, prove their identity and get their private key restored for them.

The critics worry that both the firmware update and the whole recovery setup does not look safe. Ledger insists that things are secure as ever.

CoinDesk looked into how the new feature is supposed to work (as described by Ledger itself) and asked experts what the potential security concerns here may be.

Ledger Explains

According to Philip Costigan, Ledger communications lead, the new feature does not mean the device itself communicates with custodians over the internet, as the Ledger wallets themselves “have no WiFi or any other internet connection capability.”

To transfer encrypted parts of the seed to custodians, users need to connect their Ledger wallet to their phone with a Ledger app via Bluetooth, Costigan said. The same mechanism is used for approving transactions, when Ledger owners want to spend crypto from their wallets.

Here is how Costigan explains the process: First, users verify their identity with Onfido and Tessi, the two providers Ledger employed for this task, via Ledger’s mobile app.

“Ledger, Coincover and EscrowTech don’t review or hold people’s IDs, it’s done by the technology of the two providers I mentioned above who are experts here,” Costigan said.

After that, the Ledger device gets a prompt to create a backup. Then a backup is created, encrypted, divided into shards using the Shamir’s Secret Sharing technique and transferred to Ledger, Coincover and EscrowTech, Costigan said. Each custodian gets to keep one shard, which are useless on their own.

“All encryption, fragmentation, and decryption of your secret recovery phrase happens on your Ledger on the secure element. So the only thing that leaves the secure element chip, and only after your consent, are the encrypted shards,” he added.

Costigan also underscored that the hardware wallet itself does not store any user’s identity information on it.

When a user requires a recovery, any two out of three custodians will “send fragments back to your Ledger device, reassembling them to build your private key,” the FAQ page on Ledger website says.

Security Concerns

The news of the update provoked a storm of criticism from the crypto community, with accusations that Ledger’s new offering contradicts its past statements about keeping private keys off the internet.

In particular, Crypto Twitter piled on the tweet Ledger’s official account posted in November, assuring users of the safety of their devices.

“How can you prove to us the customers that the private keys on the device are not leakable via a firmware update in case someone at the company wants this?” a Twitter user known as @S_Radude asked on Nov. 15, 2022.

“Hi – your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element,” Ledger responded.

Users pointed out that the new update does almost exactly what Ledger said they wouldn’t do. There is a caveat: during the recovery process, as Ledger describes it, it’s not the private key itself that is getting extracted but the seed phrase encoding it.

This still sent a worrying signal to the users: what they considered safely stored in a little citadel of their hardware wallet now can leave it and travel elsewhere. What if Ledger decided to just extract and collect users’ seed phrases, without any protection?

“If you can update the firmware to instruct the ‘Secure Element’ to encrypt, shard, and distribute the seed, what stops you from updating the firmware next week to just extract the unencrypted seed,” user @NewWageCrypto asked.

“Technically speaking it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not,” Ledger responded on Wednesday in a tweet that has since been deleted.

But the archived copy of the thread shows that the tweet, which immediately triggered a new wave of outrage, was followed by a clarification: for any update to happen, users must manually approve it.

“Every firmware update requires a PIN unlock device approval, this is the final line that makes it impossible for us to extract your keys even if we had your device,” another now deleted tweet from the company said.

However, the questions still linger: what does Ledger’s firmware actually can do and can users still trust their devices?

Crypto developer and researcher Laurence E. Day told CoinDesk that the core of a problem here is that Ledger’s code is closed source, so nobody can review what the update is actually doing. Blockchain security expert Christopher Allen shared similar considerations on Twitter.

“One of my concerns with the new Ledger Recover service is that they appear to be sharding via Shamir’s Secret Sharing, but doing so in a proprietary way and possibly in a naive fashion. We don’t know, as it is not open source,” Allen tweeted.

Looking For Attack Surfaces

For Day, the most worrying part of the situation is an apparent breach of trust between Ledger and its users, triggered by the contradictions in the firm’s statements.

“​​I guess the thing that bugs me here is that there’s this breach of a covenant that seeds would never leave the secure element chip, even though it’s always been possible to do that through firmware (and this remains an option for other hardware wallet suppliers too),” Day told CoinDesk via direct messages in Twitter.

Another issue has to do with privacy. Hardware wallets are typically viewed as a way to store your crypto anonymously, without attaching your name to it.

However, users who opt in for the Recover update will have their identities linked to their crypto wallets, making the experience closer to using a centralized exchange with know-your-customer (KYC) checks.

Head of content for another competitor hardware wallet maker Foundation, going by the nickname Seth For Privacy, tweeted that a setup Ledger is offering means a whole set of concerns for users, including “data leaks, hacks, and government censorship or surveillance.”

“Not only can leaks or hacks occur, the sales of data on users of Ledger would be extremely valuable now and in the future, and any of the ‘authorized third parties’ could decide to leverage your data as an income stream at any moment,” he wrote.

If, in the future, hackers breach Onfido or Tessi, they might get a list of Ledger users, who are likely to own large amounts of crypto (the wallet itself costs about $150 to buy), along with a wealth of their personal data, Seth added.

Ledger has been breached in the past: in July 2020, information of 272,000 users was stolen from the firm, with a series of phishing attacks on users following that breach.

Law enforcement agencies, too, might use the setup to get access to Ledger users’ crypto, Day said: “The three organizations that will hold the shards are known, so they’re liable to get a visit from the feds – so you could argue that by enabling Recover you’re turning your wallet hot even if there are legal steps in between,” he said. (In crypto terms, “hot” wallets are connected to the internet, “cold” are not.)

There is also a danger that, however secure the offered setup is, any system can be gamed, SatoshiLabs’ Rusnak said: “There’s always the risk that someone could use generative AI technologies to impersonate me, obtain my seed shares, and ultimately reconstruct my seed.”

Some commentators on Twitter also voiced concerns that while the feature is optional now, in the future, Ledger might make it obligatory for all devices, for regulatory reasons or else.

Against The Crypto Ethos

Using trusted custodians is nothing new for crypto – in fact, everyone who keeps their coins on an exchange is trusting the exchange like it’s a bank. But hardware wallets embody the “be your own bank” ethos of Bitcoin: that you don’t have to trust an intermediary to keep your money safe.

This means keeping the keys to your crypto on a device that only you control, preferably disconnected from the internet, to avoid the risk of hacking. But this approach requires self-discipline that might feel excessively burdensome to many people.

Ledger’s new service attempts to give users some peace of mind, allowing them to recover lost crypto wallets like they would recover stolen credit cards or forgotten passwords (although in a much more sophisticated fashion).

In this sense, Ledger Recover is a kind of compromise between the autonomy of cold storage and the comfort of custodial one: your crypto is on your device, but if you lose it, there is someone to restore it for you. The question is, do Ledger users want that compromise?

“I get the point of why you’d want to offer Recover as a U.X. improvement to mom and pop, but it just feels like a comms screw-up: mom and pop aren’t using these devices anyway,” Day said, adding that hardware wallets users are by default a more sophisticated public.

Ledger, however, believes that moms and pops might just not know they want it yet.

“You’re saying this is not what customers want. Actually, this is what future customers want,” Ledger CEO Pascal Gauthier said during a Twitter Spaces session on Tuesday. “This is the way that the next hundreds of millions of people will actually onboard to crypto.”

Updated: 5-19-2023

Ledger’s Hard Lesson: Being Right Isn’t Good Enough

Public communication doesn’t work like computer code. The French hardware wallet maker learned that the hard way.

Ledger, the Paris-based hardware wallet maker, has had a terrible week. And in large part, it seems they have themselves to blame.

Things started out badly enough. Ledger’s May 16 introduction of the “Ledger Recover” seed phrase recovery service was greeted with skepticism from the crypto community, who worried about new security risks being introduced to one of the most widely-trusted hardware wallets on the market.

Then it all got much worse. By midweek, Twitter filled with wild speculation that Ledger devices were now compromised. There were even Ledger-smashing videos of a sort normally associated with far-right culture war boycotts.

In part that was thanks to spiraling paranoia, social-media hyperbole and basic misunderstandings of crypto architecture. But Ledger’s own communications also poured fuel on the fire.

The incident’s key takeaway for other crypto companies is simple: It’s not enough to be technically correct, especially in a crisis. As crypto attracts more and more users with limited technical knowledge, it’s more important than ever to communicate clearly and carefully.

In other words, it’s important to not make tweets like this. For the sake of our industry.

Ultimate Resource On Ledger Hardware Wallet (#GotBitcoin)


You Can’t Handle The Truth

Some of those piling on to attack Ledger have simply misunderstood that the new Ledger Recover service, and the identity documentation involved, are entirely optional. Ledger Recover is aimed at less rigorous crypto users who may want an insurance policy against losing their private keys.

Strategically for Ledger, and frankly for crypto as a whole, offering this sort of middle-ground security option makes sense.

But the backlash only spun further out of control after someone at Ledger, purportedly a customer support agent, tweeted that “technically speaking it is and always has been possible to write firmware that facilitates key extraction.”

Now here’s the thing: while Ledger has wisely deleted and rephrased its message, this tweet seems to be basically accurate. As cryptography pioneer Christopher Allen laid out in this Twitter thread, “all it requires is a signed firmware update and seeds can go wherever they want.”

And that applies to many kinds of hardware wallets, not just Ledger.

But boy oh boy, is “you have always trusted Ledger not to steal all your money” not the right way to phrase that. Despite being broadly accurate, the message added immensely to the confusion, fueling even more panicky rhetoric on Twitter – including claims that Ledger devices have been revealed to have some deep flaw or “back door.”

The offending comment seems to simultaneously affirm all of the worst fears being floated – and also belittle the worriers for not catching on sooner. Regardless of intent, both “technically speaking” and “whether you knew it or not” will be heard as condescending, even dismissive.

“Yes we can do the thing you’re most worried about, but you shouldn’t be worried about it because we could always do it, and you’re kind of dumb for not already realizing that” is not a way to calm anybody down.

One way of thinking about this unfortunate drama is that language is not like computer code.

(A note on responsibility here: If they were indeed a rank-and-file customer service rep, whoever wrote this tweet should not have felt empowered or responsible to make such a broad statement at all. True culpability for the misstep lies further up the chain of command.)

Even worse, the message commits a sin that we in journalism call “burying the lede.” A second tweet, threaded onto the “technically speaking” post, emphasized that every update has to be manually approved by the user. This is the core of Ledger’s rebuttal of the ongoing attacks against it.

You Can Still Use A Ledger

While the technical nuances are beyond my scope here, some extremely trustworthy experts have rebutted the most extreme worries circulating about Ledger.

Most significantly, Taylor Monahan, founder of the MyCrypto wallet and now part of the Metamask team, has vigorously condemned the worries about Ledger as “sensationalist bullshit.”

Haseeb Qureshi of Dragonfly Capital also notably walked back his initial concerns, writing “now I’m in the ‘nvm it’s fine’” camp.

It’s too soon to completely sign off on the idea that everything is fine, but the main misunderstanding is clear. A hardware wallet needs an updatable operating system (OS), including so it can add support for new tokens and chains.

So users have to allow updates at some point, and most Ledger users have likely gotten an update or two before the current controversy popped off.

That is, they’ve trusted Ledger, whether they knew it or not. The fact that an update would be used to implement a recovery scheme was what finally drew attention to the process.

The alternative isn’t to buy a different hardware wallet, but to store your seed phrase on a piece of paper in a safe.

The one ding on Ledger that does seem valid is that these updates, and the Ledger code, are not open source, while many other hardware wallets’ code is. This genuinely makes the trust placed in Ledger even higher than with other wallets.

But this real question has become muddled with a lot of off-base and ill-informed speculation, and Ledger has so far failed to quell either the real concerns or the mistaken ones.

One way of thinking about this unfortunate drama is that language is not like computer code. If you’re writing a smart contract or a physics engine, you can construct the same function a half dozen different ways with little functional difference.

When you’re writing a tweet, by contrast, tiny variations matter immensely to how it will be received. It’s art, not science – and the gap between the two is only going to grow wider as more and more average folks adopt crypto.

Updated: 5-20-2023

Ledger Co-Founder Clarifies ‘There Is No Backdoor’ In ‘Recover’ Firmware Update

Ledger Recover is an over-the-air firmware update allowing users to back up their seed phrases by third-party entities if they opt-in to the new service.

The launch of Ledger Recover — a new service allowing users of the Ledger hardware wallet to back up their secret recovery phrases — was met with immense resistance from the crypto community.

Ledger co-founder and ex-CEO Éric Larchevêque took the criticism against Ledger as “a total PR failure, but absolutely not a technical one.”

Ledger Recover is an over-the-air firmware update allowing users to back up their seed phrases with third-party entities. If a user opts into the new service, the recovery phrase fragments are encrypted and stored by three parties, allowing the user to recover the phrase in the future.

However, the seed phrase leaving the hardware wallet did not resonate with users who considered Ledger a trustless service for storing cryptocurrencies.

Addressing the rising concerns of users worldwide, Larchevêque posted on Reddit clarifying that Ledger was never a trustless solution:

“Some amount of trust must be placed into Ledger to use their product. If you don’t trust Ledger, meaning you treat your HW manufacturer as an adversary, that can’t work at all.”

He argued that the Ledger Recover update does not impact the hardware wallet’s security model, adding:

“My mistake as a CEO during my tenure was probably not be relentless enough about explaining the security model, but at some point you just give up as people don’t care at all. Until they care again, like now.”

Larchevêque believes the only thing that changed was the general user’s perspective on trustlessness, and that the Recover code in the firmware was not malicious:

“Ledger is still safe, there is no backdoor, the Ledger Recover is not a conspiracy, no one will ever force anyone to use Recover.”

Trusting Ledger with sharding the seed phrase is just like trusting Ledger with signing a transaction, he added. Addressing a user’s recommendation about having two different firmware to eradicate “backdoor” concerns, Larchevêque said that “it wouldn’t change anything” and would be saddening for him personally.

The firmware update in question is not available for the Nano S — Ledger’s cheapest hardware wallet offering — as the chipset does not have enough memory to store the new firmware.

Amid the rollout of Ledger’s controversial firmware update, competing hardware wallet provider GridPlus decided to open-source its firmware for its users.

Turning the Ledger controversy into a marketing opportunity, GridPlus announced plans to open source its device firmware in the third quarter of 2023 to deliver greater transparency.

 

Updated: 5-23-2023

Crypto Wallet Provider Ledger Delays Key-Recovery Service After Uproar

After criticism from the crypto community, the firm pledged to open-source the Ledger Recover code before releasing the controversial update.

Following harsh criticism from the crypto community, hardware wallet provider Ledger will delay releasing a key recovery feature.

In a letter to users, Ledger CEO Pascal Gauthier wrote that the firm won’t introduce the new feature before releasing the code for it. The company also scheduled a Twitter Spaces session for 12:30 p.m. EST on Tuesday to discuss the issue.

Last week, Ledger announced the service, called Ledger Recover, which will allow users to store encrypted backups of their seed phrases with a set of three custodians.

Ledger owners will then be able to restore their private keys even if they lose or forget their seed phrases. The opt-in feature will require a know-your-customer (KYC) verification.

Ledger came under fire almost immediately from members of the cryptocurrency community, which criticized the idea of sharing seed phrases with anyone other than wallet owners.

Multiple commentators wrote angry posts on Twitter, Reddit and other platforms, saying they felt betrayed by Ledger, which has previously said that Ledger wallet private keys would never leave a device.

Some critics also highlighted potential threats such as hacks of the custodians, data leaks from KYC providers and law enforcement taking control of Ledger users’ data.

Others noted that the code for the Recover feature is not open-source, so there is no way to audit the safety of the proposed custody mechanism.

Unlike some competitors, Ledger does not publish all its code, but instead has its product tested by a team of selected security researchers.

The company learned a hard lesson, Gauthier said in his letter to users. Parts of the Ledger code have been open-sourced before, and more will follow soon, Gauthier said.

“We have made the decision to accelerate the open sourcing roadmap! We will include as much of the Ledger operating system as possible, starting with core components of the OS, and Ledger Recover, which won’t be released until this work is complete,” he wrote.

Gauthier also reiterated the idea that offering key recovery services is essential to onboard a new wave of crypto users, for which self-custody might feel too difficult.

“The majority of users in crypto today either don’t own their private keys and/or are putting their private keys at risk using less secure forms of self-custody, and hard-to-use forms of storing and securing their seed phrase,” the letter reads.

Ledger CEO Says ‘Sharded’ Wallet Keys Could Be Shared If Subpoenaed

The private seed phrases of Ledger users could be shared with governments if their custodians were ordered to do so, but this is “not a real concern,” according to CEO Paul Gauthier.

Pascal Gauthier, the CEO of Ledger, has confirmed that the private seed phrases of users who opt into Ledger’s controversial new Recover upgrade could, in theory, be handed over to governments if they were to be subpoenaed.

Ledger’s latest firmware update and hardware wallets, in general, have been a touchy subject over the past week.

The firm has described the new Recover upgrade as an optional firmware update that allows users to back up their seed phrases with third-party entities with the aim of helping a user recover their seed phrase should they lose it.

If a user opts into the service, the seed phrase is broken into three encrypted fragments called “shards,” which are then stored with three separate parties — Coincover, Ledger and an independent backup service provider.

Speaking on Peter McCormack’s What Bitcoin Did podcast, Gauthier admitted that while the new Recover update could technically see users’ seed phrases provided to government entities, it would only be reserved for “serious acts” such as crimes involving drugs and terrorism.

“It’s not true that the average person gets subpoenaed everyday.”

The podcast’s host McCormack pushed back on this claim, pointing to when Coinbase was subpoenaed by the United States Internal Revenue Service in 2018 and was forced to hand over the personal information of 13,000 users.

Gauthier refuted this example as an inaccurate comparison. Unlike Coinbase, Ledger is not a banking institution and is not subject to the same legal constraints as the crypto-exchange, he said.

Concerns Overblown?

It’s worth noting that while some users, such as pseudonymous crypto commentator 0xFoobar on Twitter, see the update as an unforgivable breach of privacy, Ledger representatives maintain that these concerns are largely overblown.

Speaking to Cointelegraph, Ledger provided further clarity on what the new Recover update really means for its users.

“The core value proposition remains the same as it always has – the ethos of self custody and self sovereignty means you get to choose,” said a Ledger spokesperson. “The introduction of Ledger Recover doesn’t change that, it’s entirely up to you if you feel it’s a service you would like to subscribe to.”

Ledger shared that despite the many accusations being hurled at the company across social media, the original seed phrase itself still does not leave the device.

“What you’re creating, if you choose to, is an SSS encrypted and sharded backup. These shards are completely useless unless the user restores the backup on a Ledger device, and only on a Ledger device, where multiple parts are needed in order to decrypt.”

“If you don’t want to use Ledger Recover, nothing changes for you.”

When asked if there were any plans to open source their firmware code — something that competitor cold wallet provider Grid Plus is currently making steps towards — Ledger claimed that it’s not possible to make the inner workings of its “secure element” chip open source due to legal constraints from the chip manufacturer.

“What we will do is continue to open source more and more of our code, until we reach a similar level as the Raspberry Pi, where only a tiny part of the code related to the Secure Element is closed — which again, we are legally bound to.”

Ledger CEO: The Collapse Of Banks Is A ‘Crash Course To Bitcoin’

Ledger CEO Pascal Gauthier said that anyone trying to centralize crypto will fail, saying that centralization and crypto are “two magnets that’s just not going to stick together.”

The collapse of major banks highlights the need for Bitcoin and self-custody, according to Pascal Gauthier, the CEO and chairman of hardware wallet provider Ledger.

In an interview with Cointelegraph reporter Joseph Hall at the Paris Blockchain Week, Gauthier spoke about how recent events show how BTC can be a safe haven against the threat of central authorities. He explained that:

“Bitcoin was designed in reaction to Lehman Brothers in the 2008 crisis. It was designed because you can’t trust central authorities. And it’s designed because it’s clear that central authorities will fail. It’s not a question of if. It’s more a question of when.”

According to Gauthier, whenever incidents like Celsius, FTX and bank collapses happen, people flock to self-custody and to crypto. “Whenever the market gets stressed and whenever people fear for their savings, you know, they rush to crypto and to Ledger,” he said.

In addition, the Ledger executive also believes that people are starting to notice the reality of banks because of the current situation.

Gauthier explained that many people come from the idea that the purpose of banks is to safeguard people’s funds because even if banks fail, people will be reimbursed. However, this may not be the case.

“They’re figuring out that actually, it’s not necessarily the case. And so it’s troublesome. But again, it’s a crash course to Bitcoin and why it exists and why it’s necessary for the future,” he explained.

When asked if traditional brands coming into Web3 can potentially become a threat to the decentralization of crypto, Gauthier expressed confidence that this will not happen. He said:

“If this happens, then crypto is dead and then we move on to the next thing. I mean, it’s either crypto will be decentralized or will not be. And all these brands actually do understand this.”

According to the Ledger CEO, brands were able to learn a lesson from Facebook’s failure to respect the ethos of crypto, which is decentralization. “We’ve seen the movie now, you know, they [Facebook] failed because they didn’t respect some of the fundamental principles of what crypto is,” he said.

He added that anyone trying to centralize crypto is destined to fail. According to Gauthier, these are “two magnets that’s just not going to stick together.”

 

Related Articles:

Bitcoin Information & Resources (#GotBitcoin?)

Artist Akon Loves BTC And Says, “It’s Controlled By The People” (#GotBitcoin?)

Miss Finland: Bitcoin’s Risk Keeps Most Women Away From Cryptocurrency (#GotBitcoin?)

Co-Founder Of LinkedIn Presents Crypto Rap Video: Hamilton Vs. Satoshi (#GotBitcoin?)

Crypto Insurance Market To Grow, Lloyd’s Of London And Aon To Lead (#GotBitcoin?)

No ‘AltSeason’ Until Bitcoin Breaks $20K, Says Hedge Fund Manager (#GotBitcoin?)

NSA Working To Develop Quantum-Resistant Cryptocurrency: Report (#GotBitcoin?)

Custody Provider Legacy Trust Launches Crypto Pension Plan (#GotBitcoin?)

Vaneck, SolidX To Offer Limited Bitcoin ETF For Institutions Via Exemption (#GotBitcoin?)

Russell Okung: From NFL Superstar To Bitcoin Educator In 2 Years (#GotBitcoin?)

Bitcoin Miners Made $14 Billion To Date Securing The Network (#GotBitcoin?)

Why Does Amazon Want To Hire Blockchain Experts For Its Ads Division?

Argentina’s Economy Is In A Technical Default (#GotBitcoin?)

Blockchain-Based Fractional Ownership Used To Sell High-End Art (#GotBitcoin?)

Portugal Tax Authority: Bitcoin Trading And Payments Are Tax-Free (#GotBitcoin?)

Bitcoin ‘Failed Safe Haven Test’ After 7% Drop, Peter Schiff Gloats (#GotBitcoin?)

Bitcoin Dev Reveals Multisig UI Teaser For Hardware Wallets, Full Nodes (#GotBitcoin?)

Bitcoin Price: $10K Holds For Now As 50% Of CME Futures Set To Expire (#GotBitcoin?)

Bitcoin Realized Market Cap Hits $100 Billion For The First Time (#GotBitcoin?)

Stablecoins Begin To Look Beyond The Dollar (#GotBitcoin?)

Bank Of England Governor: Libra-Like Currency Could Replace US Dollar (#GotBitcoin?)

Binance Reveals ‘Venus’ — Its Own Project To Rival Facebook’s Libra (#GotBitcoin?)

The Real Benefits Of Blockchain Are Here. They’re Being Ignored (#GotBitcoin?)

CommBank Develops Blockchain Market To Boost Biodiversity (#GotBitcoin?)

SEC Approves Blockchain Tech Startup Securitize To Record Stock Transfers (#GotBitcoin?)

SegWit Creator Introduces New Language For Bitcoin Smart Contracts (#GotBitcoin?)

You Can Now Earn Bitcoin Rewards For Postmates Purchases (#GotBitcoin?)

Bitcoin Price ‘Will Struggle’ In Big Financial Crisis, Says Investor (#GotBitcoin?)

Fidelity Charitable Received Over $100M In Crypto Donations Since 2015 (#GotBitcoin?)

Would Blockchain Better Protect User Data Than FaceApp? Experts Answer (#GotBitcoin?)

Just The Existence Of Bitcoin Impacts Monetary Policy (#GotBitcoin?)

What Are The Biggest Alleged Crypto Heists And How Much Was Stolen? (#GotBitcoin?)

IRS To Cryptocurrency Owners: Come Clean, Or Else!

Coinbase Accidentally Saves Unencrypted Passwords Of 3,420 Customers (#GotBitcoin?)

Bitcoin Is A ‘Chaos Hedge, Or Schmuck Insurance‘ (#GotBitcoin?)

Bakkt Announces September 23 Launch Of Futures And Custody

Coinbase CEO: Institutions Depositing $200-400M Into Crypto Per Week (#GotBitcoin?)

Researchers Find Monero Mining Malware That Hides From Task Manager (#GotBitcoin?)

Crypto Dusting Attack Affects Nearly 300,000 Addresses (#GotBitcoin?)

A Case For Bitcoin As Recession Hedge In A Diversified Investment Portfolio (#GotBitcoin?)

SEC Guidance Gives Ammo To Lawsuit Claiming XRP Is Unregistered Security (#GotBitcoin?)

15 Countries To Develop Crypto Transaction Tracking System: Report (#GotBitcoin?)

US Department Of Commerce Offering 6-Figure Salary To Crypto Expert (#GotBitcoin?)

Mastercard Is Building A Team To Develop Crypto, Wallet Projects (#GotBitcoin?)

Canadian Bitcoin Educator Scams The Scammer And Donates Proceeds (#GotBitcoin?)

Amazon Wants To Build A Blockchain For Ads, New Job Listing Shows (#GotBitcoin?)

Shield Bitcoin Wallets From Theft Via Time Delay (#GotBitcoin?)

Blockstream Launches Bitcoin Mining Farm With Fidelity As Early Customer (#GotBitcoin?)

Commerzbank Tests Blockchain Machine To Machine Payments With Daimler (#GotBitcoin?)

Bitcoin’s Historical Returns Look Very Attractive As Online Banks Lower Payouts On Savings Accounts (#GotBitcoin?)

Man Takes Bitcoin Miner Seller To Tribunal Over Electricity Bill And Wins (#GotBitcoin?)

Bitcoin’s Computing Power Sets Record As Over 100K New Miners Go Online (#GotBitcoin?)

Walmart Coin And Libra Perform Major Public Relations For Bitcoin (#GotBitcoin?)

Judge Says Buying Bitcoin Via Credit Card Not Necessarily A Cash Advance (#GotBitcoin?)

Poll: If You’re A Stockowner Or Crypto-Currency Holder. What Will You Do When The Recession Comes?

1 In 5 Crypto Holders Are Women, New Report Reveals (#GotBitcoin?)

Beating Bakkt, Ledgerx Is First To Launch ‘Physical’ Bitcoin Futures In Us (#GotBitcoin?)

Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)

Government Money Printing Is ‘Rocket Fuel’ For Bitcoin (#GotBitcoin?)

Bitcoin-Friendly Square Cash App Stock Price Up 56% In 2019 (#GotBitcoin?)

Safeway Shoppers Can Now Get Bitcoin Back As Change At 894 US Stores (#GotBitcoin?)

TD Ameritrade CEO: There’s ‘Heightened Interest Again’ With Bitcoin (#GotBitcoin?)

Venezuela Sets New Bitcoin Volume Record Thanks To 10,000,000% Inflation (#GotBitcoin?)

Newegg Adds Bitcoin Payment Option To 73 More Countries (#GotBitcoin?)

China’s Schizophrenic Relationship With Bitcoin (#GotBitcoin?)

More Companies Build Products Around Crypto Hardware Wallets (#GotBitcoin?)

Bakkt Is Scheduled To Start Testing Its Bitcoin Futures Contracts Today (#GotBitcoin?)

Bitcoin Network Now 8 Times More Powerful Than It Was At $20K Price (#GotBitcoin?)

Crypto Exchange BitMEX Under Investigation By CFTC: Bloomberg (#GotBitcoin?)

“Bitcoin An ‘Unstoppable Force,” Says US Congressman At Crypto Hearing (#GotBitcoin?)

Bitcoin Network Is Moving $3 Billion Daily, Up 210% Since April (#GotBitcoin?)

Cryptocurrency Startups Get Partial Green Light From Washington

Fundstrat’s Tom Lee: Bitcoin Pullback Is Healthy, Fewer Searches Аre Good (#GotBitcoin?)

Bitcoin Lightning Nodes Are Snatching Funds From Bad Actors (#GotBitcoin?)

The Provident Bank Now Offers Deposit Services For Crypto-Related Entities (#GotBitcoin?)

Bitcoin Could Help Stop News Censorship From Space (#GotBitcoin?)

US Sanctions On Iran Crypto Mining — Inevitable Or Impossible? (#GotBitcoin?)

US Lawmaker Reintroduces ‘Safe Harbor’ Crypto Tax Bill In Congress (#GotBitcoin?)

EU Central Bank Won’t Add Bitcoin To Reserves — Says It’s Not A Currency (#GotBitcoin?)

The Miami Dolphins Now Accept Bitcoin And Litecoin Crypt-Currency Payments (#GotBitcoin?)

Trump Bashes Bitcoin And Alt-Right Is Mad As Hell (#GotBitcoin?)

Goldman Sachs Ramps Up Development Of New Secret Crypto Project (#GotBitcoin?)

Blockchain And AI Bond, Explained (#GotBitcoin?)

Grayscale Bitcoin Trust Outperformed Indexes In First Half Of 2019 (#GotBitcoin?)

XRP Is The Worst Performing Major Crypto Of 2019 (GotBitcoin?)

Bitcoin Back Near $12K As BTC Shorters Lose $44 Million In One Morning (#GotBitcoin?)

As Deutsche Bank Axes 18K Jobs, Bitcoin Offers A ‘Plan ฿”: VanEck Exec (#GotBitcoin?)

Argentina Drives Global LocalBitcoins Volume To Highest Since November (#GotBitcoin?)

‘I Would Buy’ Bitcoin If Growth Continues — Investment Legend Mobius (#GotBitcoin?)

Lawmakers Push For New Bitcoin Rules (#GotBitcoin?)

Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)

Crypto Firm Charity Announces Alliance To Support Feminine Health (#GotBitcoin?)

Canadian Startup Wants To Upgrade Millions Of ATMs To Sell Bitcoin (#GotBitcoin?)

Trump Says US ‘Should Match’ China’s Money Printing Game (#GotBitcoin?)

Casa Launches Lightning Node Mobile App For Bitcoin Newbies (#GotBitcoin?)

Bitcoin Rally Fuels Market In Crypto Derivatives (#GotBitcoin?)

World’s First Zero-Fiat ‘Bitcoin Bond’ Now Available On Bloomberg Terminal (#GotBitcoin?)

Buying Bitcoin Has Been Profitable 98.2% Of The Days Since Creation (#GotBitcoin?)

Another Crypto Exchange Receives License For Crypto Futures

From ‘Ponzi’ To ‘We’re Working On It’ — BIS Chief Reverses Stance On Crypto (#GotBitcoin?)

These Are The Cities Googling ‘Bitcoin’ As Interest Hits 17-Month High (#GotBitcoin?)

Venezuelan Explains How Bitcoin Saves His Family (#GotBitcoin?)

Quantum Computing Vs. Blockchain: Impact On Cryptography

This Fund Is Riding Bitcoin To Top (#GotBitcoin?)

Bitcoin’s Surge Leaves Smaller Digital Currencies In The Dust (#GotBitcoin?)

Bitcoin Exchange Hits $1 Trillion In Trading Volume (#GotBitcoin?)

Bitcoin Breaks $200 Billion Market Cap For The First Time In 17 Months (#GotBitcoin?)

You Can Now Make State Tax Payments In Bitcoin (#GotBitcoin?)

Religious Organizations Make Ideal Places To Mine Bitcoin (#GotBitcoin?)

Goldman Sacs And JP Morgan Chase Finally Concede To Crypto-Currencies (#GotBitcoin?)

Bitcoin Heading For Fifth Month Of Gains Despite Price Correction (#GotBitcoin?)

Breez Reveals Lightning-Powered Bitcoin Payments App For IPhone (#GotBitcoin?)

Big Four Auditing Firm PwC Releases Cryptocurrency Auditing Software (#GotBitcoin?)

Amazon-Owned Twitch Quietly Brings Back Bitcoin Payments (#GotBitcoin?)

JPMorgan Will Pilot ‘JPM Coin’ Stablecoin By End Of 2019: Report (#GotBitcoin?)

Is There A Big Short In Bitcoin? (#GotBitcoin?)

Coinbase Hit With Outage As Bitcoin Price Drops $1.8K In 15 Minutes

Samourai Wallet Releases Privacy-Enhancing CoinJoin Feature (#GotBitcoin?)

There Are Now More Than 5,000 Bitcoin ATMs Around The World (#GotBitcoin?)

You Can Now Get Bitcoin Rewards When Booking At Hotels.Com (#GotBitcoin?)

North America’s Largest Solar Bitcoin Mining Farm Coming To California (#GotBitcoin?)

Bitcoin On Track For Best Second Quarter Price Gain On Record (#GotBitcoin?)

Bitcoin Hash Rate Climbs To New Record High Boosting Network Security (#GotBitcoin?)

Bitcoin Exceeds 1Million Active Addresses While Coinbase Custodies $1.3B In Assets

Why Bitcoin’s Price Suddenly Surged Back $5K (#GotBitcoin?)

Zebpay Becomes First Exchange To Add Lightning Payments For All Users (#GotBitcoin?)

Coinbase’s New Customer Incentive: Interest Payments, With A Crypto Twist (#GotBitcoin?)

The Best Bitcoin Debit (Cashback) Cards Of 2019 (#GotBitcoin?)

Real Estate Brokerages Now Accepting Bitcoin (#GotBitcoin?)

Ernst & Young Introduces Tax Tool For Reporting Cryptocurrencies (#GotBitcoin?)

Recession Is Looming, or Not. Here’s How To Know (#GotBitcoin?)

How Will Bitcoin Behave During A Recession? (#GotBitcoin?)

Many U.S. Financial Officers Think a Recession Will Hit Next Year (#GotBitcoin?)

Definite Signs of An Imminent Recession (#GotBitcoin?)

What A Recession Could Mean for Women’s Unemployment (#GotBitcoin?)

Investors Run Out of Options As Bitcoin, Stocks, Bonds, Oil Cave To Recession Fears (#GotBitcoin?)

Goldman Is Looking To Reduce “Marcus” Lending Goal On Credit (Recession) Caution (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply