On April 25, Ledger cast a tweet to warn its users of a dangerous malware that replaces the Ledger Live application through a “fake update.”
This incident highlights a critical flaw faced by most popular hardware wallets like Trezor and Ledger. Both of these wallets require users to update their wallets from a trusted source (the wallet issuer). Such a mechanism leaves room for attackers as has been highlighted by the recent Live malware. While Ledger claims that its team was able to detect the attack swiftly enough that only one device was affected, but that does not mean future similar incidents will conclude with a similar level of fortune.
Cryptocurrencies are innately a matter of trust-less interactions. The fuel behind Bitcoin’s sudden and impactful prominence is that its holders and users needn’t rely on anyone to store or control their money. Hardware wallets seemingly provide this by allowing the owner of the wallet to be the only person with control of the private key held within the wallet. This isn’t particularly safe, as the hardware wallet can be cracked and the private key held within can subsequently be seized, but it does retain Bitcoin’s core function of enabling the holder to be his or her own bank.
But there’s a number of problems here that should be addressed. However, since I know that these days most people lack the attention span to read past a 100-words, I’ll discuss the problems later and go over the alternatives people should look at.
First and foremost, if you want to store your Bitcoin for the long-term, stick to paper wallets so that you and only you are in control of your wealth. Paper wallets cannot be compromised through any form of cyber attack and thereby ensure that your wealth is protected for the long run. Though, it’s critically important that you receive your paper wallet’s key from an offline device. Alternately, if you want to use Bitcoin as a currency, the thing that it’s actually meant to be, opt for Bit-fi as it’s the only hardware wallet that neither stores your private key nor forces you to receive updates from a centralized source. This retains the true decentralized and trust-less nature of Bitcoin.
Now, let’s address those problems highlighted by Ledger Live’s malware incident.
Hardware wallets that require updates, frequent or not, force users to trust that any update is done in goodwill. This may be true but the sheer aspect of having users trust updates completely nullifies the trust-less aspect of a decentralized money.
Wallets that require users to manually update their software that’s pushed from a centralized source place a golden handcuff on their users. They make it easier than ever to spend cryptocurrencies, but at a costly sacrifice: taking away the trust-less aspect of the cryptocurrency; the very reason people adopted Bitcoin to begin with. This is brutally ironic, but this is not the kind of irony that should make us laugh, it should instead worry us. When it comes to Bitcoin any convenience that sacrifices the decentralized nature of the cryptocurrency exacts a toll that’s far too heavy.
Watchdogs of your Wealth
The April 25 malware attack wasn’t a severe one because Ledger’s team was able to detect it rather quickly. While this may seem to be great news for anyone who uses Ledger, it’s important to note the underlying moral of this event.
People who user hardware wallets like Ledger and Trezor are reliant on a central entity to ensure the safety of their wallet and the wealth held within. In other words, they are reliant on a central entity to safeguard their money. There goes the decentralized aspect of decentralized money. If you expect a central entity to keep an eye out for you once you buy their hardware wallet, what’s the point of even buying Bitcoin? Might as well stick to fiat.
The purpose of a decentralized and trust-less money is that no authority decides what its user should do. The purpose of a decentralized money is to remove the involve of any centralized authority in the involvement of our money. If a wallet mandates the need for a watchdog then that wallet simply cannot be compatible with the world Bitcoin is supposed to build.
It is absolutely imperative that wallets that must act as watchdogs for their users advance their products so that the users needn’t lose the decentralized and trustless nature of Bitcoin. Cryptocurrencies must remain free of the watchdogs of wealth