The controversy surrounding Ledger’s key-recovery service has boosted sales for its competitor Trezor. Besides, Trezor also addressed concerns over security and develops an auditable secure element through its sister company Tropic Square.
The controversy surrounding Ledger’s recently released key-recovery service has ultimately benefitted hardware wallet competitor Trezor. Hardware wallet manufacturer Trezor recently reported a 900% surge in week-on-week sales.
Recently, Ledger introduced the Ledger Recover service enabling users to securely store encrypted backups of their seed phrases through three custodians. This service allows users to restore their private keys in case of forgotten or lost seed phrases and requires KYC verification as an opt-in feature.
However, Ledger received a strong backlash from the community for the idea of sharing the seed phrases with anyone other than wallet owners. The community members also criticized Ledger for a breach of trust and privacy.
In response to the concerns shared by the community, Ledger decided to pause the release. The company said that it will be working on refactoring the code while prioritizing transparency and verifiability.
On the other hand, as a fully open-source company, Trezor undergoes regular audits by independent technical experts. This helps to ensure that its processes are secure and prevent any possibility of remote seed phrase extraction. Speaking on the development, Trezor CEO Matěj Žák said:
“In Trezor, we believe that hardware wallets – cold storages that promise 100% self-custody should, at no stage, make the seed phrase accessible to anyone but the user.”
Hardware Wallet Trezor Addresses Concerns Over Old Vulnerability
Recently, cybersecurity firm Unciphered stated that it has found a way to hack into Trezor’s T hardware wallet. This raised concerns regarding the security levels offered by the hardware wallet service provider.
Unciphered noted that it made use of an “unpatchable hardware vulnerability with the STM32 chip that allows us to dump the embedded flash and one-time programmable (OTP) data”.
Later, Trezor’s CTO Tomáš Sušánka clarified that the firm had identified the RDP downgrade attack vulnerability in a 2020 blog post. Sušánka said that this attack “requires the physical theft of a device and highly sophisticated technical knowledge and advanced equipment. Even with the above, Trezors can be protected by a strong passphrase, which adds another layer of security that renders an RDP downgrade useless”.
Besides, he added that they have made significant progress in addressing this issue by creating the world’s first auditable and transparent secure element in collaboration with their sister company, Tropic Square.
next