Following the mass discontent that trailed Ledger’s recently-announced seed recovery feature, popular Ledger competitor GridPlus has promised to make the firmware code for all of its crypto wallets open source to make them more transparent.
What this means for GridPlus
The firmware refers to the piece of software embedded on hard wallets like Ledger to drive their functionality. At press time, both Ledger and GridPlus use closed-source codes, which means nobody outside the companies can modify or inspect the code for vulnerabilities and/or backdoors.
If GridPlus follows up with the promise in this announcement, they’re expected to change their current closed-source format to make the firmware for the company’s wallets accessible for inspection, making it easy for GridPlus users to tell their plans for the future, driving more transparency and safety.
While GridPlus isn’t the only company to capitalize on Ledger’s poorly-received announcement, it’s the only one offering a solution to assuage users’ fears. Others like Trezor and BitBox simply offered discounts on their existing products.
Why’s Ledger under fire?
Recently, we reported Ledger’s announcement of Ledger Recover, a service designed to help users who’ve lost access to their seed phrase. The service employs a subscription model and splits a user’s seed phrase into three divisions, sending each to different non-Ledger entities. ID verification will enable each service to decrypt and release the fragments, deconstructing the original seed phrase.
While the service sounds harmless, it goes against Ledger’s initial promise of your seed phrase never leaving your device in any scenario. With the announcement, Ledger revealed it has always been able to extract your keys; you’re only trusting them not to.
The instant kickback from industry leaders against the idea didn’t help matters, with prominent crypto podcaster Chris Dunn claiming Ledger leaked emails, phone numbers, and mailing addresses, seemingly referring to the infamous 2020 data leak.
Chief information security officer at Polygon Labs Mundit Gupta also shared a tweet warning followers not to enable the feature. In a response to Gupta, Binance CEO Changpeng Zhao tweeted: “So the seed can leave the device now?” bringing attention to Ledger’s decision to backtrack after promising users’ seed phrases will never leave their devices.
Is GridPlus’s solution perfect?
In a surprising development, Ledger Support admitted the company has always been able to extract keys from its hardware wallets. According to the statement, users have always “trusted Ledger” not to deploy such firmware.
GridPlus’s open source solution relies on decentralization as opposed to trust, which is a better solution for a hardware wallet. It’s not perfect since there are still no measures in place to prevent adding unwanted features, but the community can serve as a watchdog and issue early notices if they do.
In short, the added level of transparency will generally deter most companies from adding features capable of riling up their customer base behind the scenes, solving part of the ‘Ledger seed phrase’ problem.