- >Is Ledger Still Safe? Everything We Learned From Last Year’s Hack
Is Ledger Still Safe? Everything We Learned From Last Year’s Hack
In July 2020, the cryptocurrency hardware wallet manufacturer known as Ledger was hacked. Approximately 272,000 customers were affected by the data breach with approximately one million email addresses leaked. Personal information such as postal addresses and first and last names were exposed, according to the company.
Michael Brown | Jan 13, 2021
In addition to this breach of data, the stolen information was dumped onto a website called Raidforums, a website dedicated to database sharing. In response to this, Ledger has hired a new Chief Information Security Officer (CISO), conducted a series of penetration tests, and taken other measures to improve their security.
While these are the core facts of the matter, is there more to this story that meets the eye?
Ledger Devices Are Uncompromised
Ledger’s software inside of the hardware wallet was not compromised. However, the shipping information required to purchase one of their products was stolen. This means that hackers can use this information to create social engineering attacks, which currently are a leading cause behind identity theft and security systems of all kinds being compromised.
These kinds of attacks are not limited to cryptocurrency and happen in a huge amount of settings. Social engineering works primarily by leveraging the human psychology and natural tendencies that a user of a security system has, which is one of the weaker parts of a security system.
While their customer’s cryptocurrency assets remain secure, their personal information is not. This makes them vulnerable to things like phishing scams which can be used to scam designated targets out of their assets or money, including cryptocurrency. Part of the advantages of a hardware wallet is supposed to be security.
In addition, Ledger’s branding includes a commitment to security, so it’s ironic that Ledger was hacked like this since they claim to offer “the highest security standards” complete with a series of certifications.
While claims and certificates are impressive and distinguish Ledger as a company, they are clearly not indicative of a privacy guarantee. No such thing exists when it comes to security, and this event serves as a reminder to consumers that security can never be perfect and certification of security is typically only indicative of a commitment to security, and not necessarily the quality of security.
How do Hardware Wallets Work?
To better understand the irony of this hack let’s examine how hardware wallets offer additional security to a cryptocurrency portfolio.
When you own a cryptocurrency wallet, what you actually have is a private and public key. A hardware wallet stores your private keys on a physical and portable device, rather than keeping it bound on a clunky PC or laptop. Your public key is the wallet portion of the software and your private key is the “deed” to your wallet, so to speak. It proves your ownership of it.
Hardware wallets can currently claim to be immune to certain viruses, as they are simply storing data without an operating system on it to infect. This claim is not necessarily true, as hardware wallets can still be infected with malware.
As well, most hardware wallets still run on a given software, meaning that the quality of the wallet can only be as good as the software running it. So keep that in mind before committing to one under the impression that it’s invulnerable, no matter how many companies and developers make promises and earn certifications.
Keeping these flaws in mind, hardware wallets are definitely useful, if you can get one from the right source that also meets your needs as a customer.
Choosing a Hardware Wallet
So with the above knowledge, what are some decent alternatives to Ledger? Here’s a couple of examples.
Trezor has been a historic giant in the field of hardware wallets. Now that there is a significant amount of lost confidence in Ledger, Trezor could be the next leader in this field. It offers a pretty slick touch screen which makes them easy to use with a ton of options for additional security measures if you wish to take them. Overall, Trezor seems like an obvious alternative to switch to in the face of lost confidence with Ledger.
KeepKey is a USB device that utilizes a rotating cipher to restore your private key. It’s easy to use because of it’s size and readable LED screen. It has a lot of options for how you make transactions, such as the ability to set a transaction speed, and comes with it’s own web based interface to assist with managing your cryptocurrency portfolio. It’s developed a better reputation than some of the other alternatives available.
The above two are in my eyes, the leaders in this race for the best hardware wallets. A huge part in this analysis is perceived trustworthiness of the manufacturer of both the hardware and software of these devices. However, if you are averse to these two, there are a growing plethora of available wallets that CryptoVantage has covered in a previous article. In addition check out software wallets if you’re not sold on hardware wallets.
Stay Safe, and Never Forget
The irony of this event should not be forgotten. Attacks such as the Ledger hack will only continue in frequency as currencies like Bitcoin continue to climb in value.
If you are a current Ledger customer, and wish to stick with their products with their renewed commitment to security, then just be aware of how to protect yourself against social engineering and phishing attacks. If you wish to make the switch away from Ledger, this is still important to keep in mind. If a company with certified security standards and a reputation for being #1 in security can become compromised, then so can others.
Ultimately, you as an individual are the most reliable line of defense against hacks and information theft. Vigilance and continuous learning are key habits to get into when handling a cryptocurrency portfolio of any size. Cybersecurity is an evolving field and will continue to be as both hackers and security professionals continue to race against each other. So it is more important than ever to continue to learn how you can protect yourself and your assets.
As a final note, if you would like to learn more about cybersecurity, the National Institute of Standards and Technology (NIST) and the ISO 27001 standard offers a lot of helpful guidance in the field and they are always evolving and improving. Stay safe everyone.