Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
In the wake of Ledger’s contentious choice to permit the “recovery” of private keys from its devices, cold storage rival GridPlus has declared its intention to make the firmware of its crypto wallets “open source.”
On May 17, GridPlus announced via Twitter to its 17,500 followers that it plans to open source the firmware of all its crypto devices in the third quarter of this year, which it asserts is aimed at enhancing transparency.
The most reputable name in cryptography, trusted by governments worldwide for their most secure applications for decades, sold products compromised by the CIA. How can we guarantee this won’t occur again? Open-source software.
GridPlus will open-source its firmware in Q3. pic.twitter.com/889OnqXd20— GridPlus (@gridplus) May 18, 2023
“The discussions surrounding hardware wallets this week have exposed trust assumptions that were previously taken for granted,” GridPlus remarked in a subsequent comment.
“As an industry, we must adhere to the highest standards, and we urge all other hardware wallet manufacturers to open-source their firmware as well for the benefit of our ecosystem.”
A significant portion of the backlash directed at Ledger over the past 48 hours originates from its firmware—a term referring to software embedded in a hardware device—being updated to potentially allow the extraction of a user’s private key from their cold storage device, despite reportedly assuring users otherwise in the past.
Related Posts
Related: Ledger data leak: A ‘simple mistake’ exposed 270K crypto wallet buyers
Importantly, Ledger’s firmware is closed source, meaning that only the company’s developers can access and review the code for vulnerabilities. In contrast, open source code permits any programmer to access and examine existing code to enhance it and identify potential issues.
Addressing this matter directly in a May 17 Q&A session on Twitter, Ledger Support clarified that it had “always been possible” for the company to create code that would enable key extraction, and users must place their trust in Ledger.
(1/2) Technically speaking, it is and has always been feasible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware, whether you were aware of it or not.
— Ledger Support (@Ledger_Support) May 17, 2023
While Ledger’s announcement has challenged many users’ perceptions of the privacy features its products provide, some have argued that the backlash has been exaggerated.
Competitors seem to have swiftly taken advantage of Ledger’s poorly received announcement, with some opting to offer discounts on a wide range of their products, including Trezor, Blockstream’s Jade, and BitBox.
Magazine: Ordinals turned Bitcoin into a worse version of Ethereum — Can we fix it?
