2 years ago
Ledger has introduced a caller feature, sparking concerns among its users.
Ledger Recover is an ID-based subscription work enabling the retrieval of the concealed betterment phrase. It applies to Ledger Nano X hardware wallets and volition rotation retired nether firmware merchandise 2.2.1.
Up to $545 million successful Bitcoin (BTC) was estimated to beryllium mislaid successful 2022 owed to mislaid passwords oregon mistakes with the betterment operation — demonstrating a existent request to code the issue.
However, Ledger users person voiced beardown objections to the diagnostic arsenic it requires online retention of the concealed betterment operation and relation with a passport oregon nationalist ID card.
Ledger users accidental no
A Reddit post connected the caller Ledger Recover diagnostic labeled it “a catastrophe waiting to happen.”
The OP summarized the arguments against the diagnostic by pointing retired the dangers of sharing effect phrases online — referencing Ledger’s 2020 information breach.
“Again, I’m successful disbelief astir this. Apart from the risks that they’re hacked again, isolated from it flying successful the look of ne'er sharing your seed, and ne'er storing it online, it opens the doorway to a full caller level of crypto scammers!”
Most commentators expressed a akin sentiment, with the astir upvoted remark adding that the request to upload an ID makes the proposition adjacent much unpalatable from a information perspective.
“Yeah, that’s gonna beryllium a nary from me, dog. Have to nonstop a representation of your ID arsenic well? Hard nope.”
One idiosyncratic said subscribing to the caller diagnostic is optional, making this a non-event. However, successful response, it was mentioned that the information Ledger Recover exists “means that your instrumentality and effect could beryllium compromised… ID oregon not.”
Data breach
In July 2020, Ledger’s systems were compromised, starring to the nonaccomplishment of lawsuit data, including names, telephone numbers, email addresses, and successful immoderate cases, location addresses.
By December 2020, the steadfast announced that the accusation was leaked connected a hacker forum called RaidForums — enabling anyone to entree the information.
Following the information upload, Ledger customers reported being threatened. For example, 1 Redditor received a substance connection demanding 0.05 BTC successful 48 hours oregon beryllium killed. Another shared an email asking for $500 successful BTC oregon hazard a location penetration and torture.
“If not, I mightiness amusement up with my friends erstwhile you slightest expect and we would find however to interruption you and get your wallet seed.”
Although the statement was that specified messages were bare threats to scare compliance, Ledger users were inactive enraged implicit the company’s information handling practices. Mindful of this, the uploading of ID for the betterment operation diagnostic is simply a large ask.
Ledger CEO Pascal Gauthier apologized to users, expressing sympathy for the menacing threats received.
“In Ledger’s name, we precise profoundly regret this situation. We are alert that galore of you person been targeted by email and SMS phishing campaigns and that it’s intelligibly a nuisance. I cognize this breach is disappointing astatine champion and infuriating astatine worst.”
Cryptocurrency, arsenic an emerging sector, presents respective inefficiencies and symptom points. However, arsenic things stand, being your ain slope requires you to instrumentality work for your betterment phrases.
The station Ledger’s caller operation betterment diagnostic has users spooked appeared archetypal connected CryptoSlate.
English (US) 