Blockchainย Tech industry executives often say they idealize โdecentralization,โ โself-sovereigntyโ and โtrustlessnessโ โ espousing a vision for a future internet and financial ecologicalย system free of rent-seeking intermediaries and unreliable middlemen.
Onย theย otherย hand, time and time onceย more, major blockchainย tech corporations and projects come up short โ with users surprised and angry to realize that they unknowingly placed their trust in shoddy code, centralized entities or security-challenged hardware.
Thisย post is featured in the latest issue ofย The Protocol, our weekly newsletter exploring the tech behind cryptocurrency, one block at a time.ย Sign up hereย to get it in your inbox every Wednesday.
Theย mostย recent example comes from Ledger, the Paris-based cryptocurrency hardware wallet company, which, following a public-relations firestorm pastย week, announced Tuesday that it would delay intendsย to release a controversial new wallet- recovery feature wasย known Ledger Recover.
Andย once it revealed the proposed feature pastย week, Ledger inadvertently drew attention to the fact that the company could theoretically move wallet seed phrases off-device via user-approved firmware upgrades. Previously, the company left some users with the impression that its devices were engineered to avoid this specific scenario.
Once theย capacity โbackdoorโ was revealed, outrage flooded Cryptocurrency Twitter, with posters panning Ledger for being out of touch with its own customer base โ ostensibly self-sovereign types who want nothing but to be entirely in control of their own cryptocurrency. Ledger vehemently rejected states that its capabilities amounted to a โbackdoor.โ Onย theย otherย hand, the companyโs initial response to the outrage โ pointing out (in a now-deleted tweet) that users were always trusting Ledger not to extract user keys โ only served to fuel the furor: 1 widely-circulated video appeared to show a user smashing a Ledger device with a hammer and then blow-torching it into flames.
In a letter posted to Twitter on Tuesday, Ledger CEO Pascal Gauthier apologized to customers, promised to open-source โas much of the Ledger operating system as possible,โ and stated heโd delay the release of Ledger Recover.
Delay or no, Ledgerโs theoretical capacity to move user keys via future software upgrades remains intact โ mainly as a by-product of technical constraints with how Ledger and similar wallets are engineered.
The fiasco served as a valuable collapse course on the limitations of hardware wallets, traditionally considered the most secure way to hold cryptocurrency. It was likewise a reminder that theย present state of cryptocurrency technology doesnโt always match up with the industryโs ideals โ and a lesson on the importance of carefully managing expectations.
Ledgerโs PR Meltdown
Ledgerโs primary error in the leadup to pastย week may have been in its marketing, which frequently leaned into cryptocurrenciesย โtrustlessโ ethos. The messaging was attractiveย to hard-core cryptocurrency users, but it left an impression of Ledgerโs technical capabilities which was out of pace with reality.
Ledgerโs co- founder and previous CEO, รric Larchevรชque, argued on Reddit that last weekโs โmeltdownโ represented a โtotal PR failure, but definitely not a technical one.โ
Larchevรชque, who is a Ledger shareholder but no longer works at the company, wrote that as the companyโs user base grew, so did a misperception โ fueled largely by Ledger itself โ that Ledgerโs wallets require zero trust on the part of their users.
โPeople started to think Ledger was a trustless solution, which is not the case,โ he wrote. โ Several amount of trust must be placed into Ledger to use their product.โ
Developers canย potentially have understood the nuance, but users didnโt. Larchevรชque linked to an justification of what happened from Reddit user cmplieger: โFundamentally nothing has changed with the lLedger hardware or software,โ cmplieger wrote. โWhat has changed isย theย factย that the lLedger developers have decided to add a feature and benefitย from the flexibility their little computer grant, and people eventuallyย started toย comprehend the product they purchased and trust factor involved.โ
The most-upvoted comment on that post came from Reddit user Florian995: โWhat I learned isย theย factย that I know nothing about the wallet I am using.โ
Hardware limitations
Itโs reasonable to be angry when corporations oversell their products, but goals like trustlessness and decentralization exist on a spectrum, and hard-core cryptocurrency acolytes who think they can abandon one company for a more ideologically pure alternative canย potentially be disappointed.
The case of Ledger outlines how the overall state of blockchainย tech simply isnโt up to the task of some of the industryโs boldest promises.
Ledger boasts that its USB thumb drives are amongย the most secure ways to hold cryptocurrency because they store user keys in a โsecure elementโ โ a mini computer chip that is supposed to be impenetrable. Ledgerโs โtrustlessnessโ states mainly center around the secure element, and the company explicitly reassured users that itโs unable to reach into the element to obtain user keys.
Reportsย by Christopher Allen, chief architect at Blockchainย Tech Commons, a cryptocurrency infrastructure not-for-profit, chip technology is not isย still at the point where Ledger could make such a guarantee.
โLedger got caught in a weakness that all wallets to a certain extent have today asย aย resultย of chip technology,โ Allen informed CoinDesk. Secure element chips canโt perform the kind of cryptography required to completely encrypt user keys on-device. (Allen reveals his team at Blockchainย Tech Commons is working to change this, though the tech isnโt ready.)
โ Thereย is really nothing wrong, necessarily, with Ledger,โ argued Allen. โThey inadvertently exposed an architectural weakness that is all over the place.โ
Bradley Keoun.
