Trezor sales surge 900% amid Ledger Recover controversy
The hardware-wallet maker Trezor reported a 900% rise in sales over a week, CryptoSlate reports citing the company’s press release.
The spike came after Ledger unveiled the seed-phrase recovery option, which drew mixed reactions from the community.
“We believe that hardware wallets are cold storage devices that imply 100% independence. At no stage should they make the seed phrase accessible to anyone other than the user,” said the Trezor CEO Matej Žak.
The company stressed that their products have fully open-source code. This allows independent technical experts to inspect all processes and verify that remote access to private keys is impossible.
Ledger’s signing service Recover for the Nano X provides for the ability to recover the seed phrase from a backup. The backup is split into three encrypted fragments stored by external custodians. The user accesses them by confirming personal identification.
Some in the community raised security concerns related to the option. Theoretically, the custodians storing the fragments could collude and gain access to the wallet. A number of users suggested that the Ledger firmware originally included a backdoor for extracting private keys, and that this is not related to the Recover subscription.
Former Ledger CEO Eric Larshevek stated that the only problem with the new option was its poor PR launch. He also acknowledged that authorities could obtain encrypted seed fragments from custodians via a court.
His view was confirmed by Ledger CEO Pascal Gauthier. He noted that to ensure greater transparency the firm would accelerate the disclosure of the source code of its products, including the Recover service.
In autumn 2022 there were reports that Ledger collects extended customer data. The company denied such claims, saying they only have access to de-identified public information.
In 2020 the wallet maker acknowledged a data breach affecting about a million users. An unknown party obtained information on email and postal addresses, names, phone numbers and Ledger products purchased.
Against the backdrop of the Ledger Recover discussion, some customers said they would abandon its devices in favour of competitors such as Trezor.
i have broken my ledger wallet and bought trezor. ledger is not listening their customers and they are arrogant and stubborn. funds are not safe in ledger anymore with this backdoor.
— Iskender Murat Yucel (@IskenderMuratY3) May 26, 2023
But Ledger’s competitor is not faring well either. In May, Unciphered experts posted a YouTube video showing a demonstration of a successful breach of the flagship Trezor T model. They used the Read Protection Downgrade (RDP) attack, extracted the seed phrase from the microchip and recovered it.
The maker noted that the breach required physical access to the wallet, deep technical knowledge and modern equipment. To address the vulnerability the company, together with its subsidiary Tropic Square, developed a secure chip.
ForkLog commented on Ledger users’ doubts about cold storage methods. Trustee CTO Ksenia Zhitomirskaya said that self-storage with adequate precautions is safer than wallets with closed code and opaque update policies.
“Seed storage methods — in a fireproof safe on paper or other materials (non-flammable and rust-proof). You can use offline devices that are as different as possible from cold wallets, which their very appearance tempts scammers,” Zhitomirskaya added.
Sales of Ledger and Trezor, the leading hardware-wallet providers, significantly rose in November 2022 amid FTX problems. The collapse of one of the largest exchanges drew users’ attention to the prospects of self-custody.
The importance of non-custodial means to safeguard funds noted by influential figures such as Binance CEO Changpeng Zhao and ex-MicroStrategy Michael Saylor.
In February, Trezor announced an acceleration of hardware-wallet production to shorten the supply cycle from two years to a few months.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!