In this post:
- Ledger unlocked its newest models, Flex and Stax, with a new hardware device.
- According to a new whitepaper, tamper-proof chips and specialized firmware safeguard the hardware device.
- In order to prevent granting authorization to fraudulent smart contracts, Ledger introduced extra signing protection.
For new wallets, Ledger will include a new key recovery capability that will enable offline access to the private key. Since Ledger’s devices were promoted as a means of rendering private keys inaccessible, the move raised a number of security issues.
In the future, Ledger will provide a key recovery function to new wallets, allowing certain devices to have a secondary PIN. Recovery Key is a new service that can be utilized completely offline and is optional. The business recently released a whitepaper outlining the capabilities of its new offline recovery system.
The new Ledger Recovery key is a smart card that generates the Secret Recovery Phrase by storing a copy of the master secret. The card can share the master secret from the Ledger Hardware Wallet, connecting via Near Field Communication.
The master secret is stored on a tamper-resistant chip in the Secure Element, which prevents it from leaking or being removed by hardware. The component provides multiple security layers, such as a secure factory environment to prevent tampering or putting compromised devices, and a separate operating system for exclusive communication with Ledger devices.
In response to multiple high-profile instances of locked devices, this is the second attempt to provide recovery to Ledger users. The recovery option, however, also presents further security risks for misuse of the secondary PIN.
Flex and Stax models saw the introduction of Ledger Recovery
Ledger Recovery is designed especially for Ledger Flex and Ledger Stax, two touchscreen products. The original Ledger device can be unlocked with the new spare key, which is stored in a different secure device. A user has the option to generate several spare keys, which are protected and generated online.
“With Ledger Recovery Key we are making secure self-custody easy-to-use for everyone. Too many people are compromising by keeping their assets on exchanges and insecure software wallets. With Ledger Recover and now Ledger Recovery Key, as well as the traditional 24-words, we are proud to offer a recovery solution for every category of user.”
~ Ian Rogers, Chief experience officer at Ledger
Ledger Recover, a premium function that grants access to the device, will coexist alongside the new service. Ledger Recover, however, is a de-anonymizing service that necessitates KYC. After several kidnapping cases, some cryptocurrency owners are still hesitant to have their identities associated with cryptocurrency ownership. Owners of ledger wallets have also been targeted, primarily to coerce them into unlocking the device. In certain situations, the device itself may also be misplaced or misused. Ledger is now one of the top tools for crypto hardware storage, having already claimed over 7.5 million total sales.
The ledger presents the transaction check
Ledger also improved its software to intercept potentially dangerous transactions as Web3 usage rises. The newest function in Ledger Live, Ledger Transaction Check, is designed to screen transactions. Ethereum users are the primary goal of the increased security.
Despite the increased security provided by Ledger, signing with the devices could still be exploited. Even though Bybit was allegedly employing a Ledger Nano, a multisig wallet was used to hack the exchange, resulting in a $1.4 billion loss.
Despite the safe hardware protection, the functionality makes signing more transparent in a setting where malicious smart contracts can take control of Ethereum wallet permissions.
KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage
