Ledger Wallet Experiences Data Breach

July 31, 2020 09:58 AM
Ledger's hardware wallet experienced a database hack
Privacy leaks can even exist in private hardware wallets
The benefits of exchange wallets are underestimated
Crypto story of the day

Crypto story of the day





Crypto is rallying this morning, led by ethereum which is up over 7.5%. In spite of the rally, spot volumes are below the 30-day average.


Ledger private wallet service recently announced they had suffered a data breach. We believe the episode highlights misconceptions of different wallet types/custody solutions.

Ledger makes hardware wallets that allow clients to store their crypto information offline. The company announced that a hack of their database had exposed customer information including emails, names, and addresses. A researcher who had previously participated in the company's bug-bounty program identified the vulnerability that led to the hack on July 14. The company noted that prior to the fix, their database had been accessed on June 25. Competitor Trezor, following the breach, noted that they delete all customer and ordering data within 90-days of receiving it.

The typical narrative around custody solutions is that private wallets are more secure than exchange wallets. We have felt, particularly recently, that such statements didn’t properly describe the nuance of the situation. The concern with exchange wallets is that the client is effectively trusting a 3rd party with their coins and, in many cases, has little legal recourse if the funds are lost or stolen.

Conversely, using private and even hardware wallets doesn't involve this trust component or counterparty risk. That said there are benefits that favor exchange wallets. First, customers are relying on themselves as custody agents. There are plenty of issues that come with that, such as a lack of experience in dealing with security matters and even the possibility of losing credentials. Well-established exchanges now have long histories around dealing in coin security, in many cases their user interfaces allow for easier use and many exchanges have offered recourse when they've had breaches. Furthermore, the Ledger episode demonstrates that the possibility of privacy leaks can even exist in private hardware wallets. In general, we find that the safety of self-custodying in private wallets is overestimated and the benefits of exchange wallets are underestimated.

About the Author

FRNT Financial is a technology and sales layer that offers institutional and accredited investors access to various forms of exposure to crypto-assets. You can subscribe to FRNT Financial Morning Note at https://www.frnt.io/morningnote