Ledger: Q&A
Fred de Villamil — VP Engineering
1. Who is behind Ledger? Backgrounds?
Ledger was launched in 2014 by eight experts with complementary backgrounds in embedded security, cryptocurrencies and entrepreneurship, united around the idea of creating secure solutions for blockchain applications.
Eric Larcheveque and Thomas France previously started Coinhouse in Paris, the first physical Bitcoin exchange.
Nicolas Bacca co-founded BT Chip to develop an open standard, secure element-based hardware wallet, which eventually became the first version of the Ledger wallet.
In 2012, Joel Podeba, Vanessa Rabesandratana and David Balland launched Chronocoin, an online platform allowing its users to buy bitcoins using their credit card and have them delivered to their door, on a hardware wallet.
They met, and their shared passion led to the creation of Ledger.
2. Why is extremely important to use a Hardware Wallet?
Having a hardware wallet is like having a safe at home. You would not leave your life’s savings in cash under your mattress. The same applies to crypto currencies. Having a hardware wallet ensures that your private keys, the cryptographic part that allows you to claim your coins on a blockchain, is stored securely.
Leaving your crypto on an exchange is not secure. The exchanges store the private keys associated to your funds, but they don’t rely on a hardware wallet to do it. When an exchange gets hacked, the hackers can access the customer’s private keys and move their funds somewhere else. This has happened a couple of times already since the MtGox hack in 2014.
With a software wallet, the private keys are exposed to anyone who has hacked into your computer. There is also special malware that can infect a computer, find an installed software wallet and send the private keys to a third party.
Hardware wallets, on the other hand, store the private keys on a separate device, and don’t expose the user’s private keys. They only sign transactions when required and the user will always be asked to confirm the transaction beforehand. And when you’re not using your hardware wallet, you can always keep it in a safe place.
3. From what vectors does Ledger protect us?
Ledger protects against attacks that try to expose a user’s private keys. The private keys are stored on the same secure chipset as your sim card, credit card or passport, and because the device is offline most of the time, they are extremely hard to access. Ledger devices communicate with the outside world through a set of endpoints that perform operations using the private key. The private key is never exposed to the Ledger application, and every operation that requires their use must be validated on the device itself.
4. What are the Ledger’s vulnerabilities and how to avoid them?
The first and most important rule is “keep your Ledger firmware and applications up to date”. We release updates fixing security vulnerabilities on a regular basis and we communicate about them. We have a bug bounty program where researchers in security can get paid when they report a new vulnerability and follow our responsible disclosure program.
The most well-known vulnerability I can think of is the “Man in the Middle Attack” where a malicious attacker having access to your computer can change the receiving address on the desktop application. This isn’t so much a Ledger vulnerability as the reason we created the Nano S in the first place. A computer can be compromised, so you need to have a device and a screen that you know you can trust.
5. What enterprise solutions does Ledger provide? Will provide?
Ledger announced the release of Ledger Vault at Consensus 2018 in New York. Vault is a hardware-based security solution aimed at hedge funds and financial institutions that want to enter the crypto market. In addition to providing the level of security an enterprise needs, Vault offers a convenient way for companies to manage trading activity. Users can tailor authorisation rules for each account, require authorisation from multiple managers, and implement features such as a time lock to allow a transaction to be cancelled before it actually fires on the blockchain.
6. What product is Ledger working on for individuals?
Unfortunately, this is not something I can talk about yet.
7. Ledger recently raised 75M USD in funding, how is that being invested?
The funding will be used to grow our team and support our investment in R&D as we roll out products like Vault and the new desktop apps.
8. Many important partnerships have been achieved (Intel, Gemalto, Nomura, Global Advisors). Any milestones achieved out of those partnerships?
The announcement of our partnership with Nomura and Global Advisors to establish a new venture, Komainu, is itself a significant milestone. The partnership will work to address the security and compliance challenges that have held back institutional investment in digital assets.
In addition to the announcement of Vault, and the new Ledger desktop application that will be released in July, we just signed a partnership with ETH Global, who organise hackathons all around the world. This partnership is a great way to promote the hacking community and Ledger integration into what might be the next big startup in crypto. The community has been an important factor in Ledger’s success in 2017, and what they gave us in love and contribution, we’re now able to return.
9. How will Ledger differentiate from competition and thrive? Important pioneers on the crypto scene like Trezor, and electronic giants like Samsung and Huawei entering the HW market.
Ledger is the only hardware wallet that uses a secure chipset. It’s the same chipset that secures your sim card, credit card, or the French passport. This sets us apart from our competitors. Thanks to the experience of our CTO Nicolas Bacca in the field of embedded security R&D, we were able to sign a deal with STMicroelectronics, a leader in semiconductors and secure chipsets.
Ledger has a long-term roadmap that goes far beyond crypto currencies. The Internet of Things is something we’re looking at too. In the future, we plan to be everywhere someone needs to secure and certify an online transaction.
10. What will the future of crypto safety will look like?
Hard to say as I’m not a soothsayer.
Many thanks to Fred for his time.
Im incredibly honored to have been able to do a Q&A with them!
When I first bought my first fractions of Bitcoin back in 2015 in Virwox it was really hard to keep them somewhere safe.
I have always been really conscious (paranoid) about infosec, and the whole uncertainty to leave my crypto on exchanges or any other digital form of wallet really held me back to feel confident enough to invest more back then.
Fast forward to 2017 when I decided to re-enter full fledged in crypto, mainly due to developments in crypto safety (hardware wallets), I had three options, Trezor ($200USD), Nano S ($100USD), and KeepKey ($75USD).
My first acquisition was a KeepKey due to price and my ignorance, few supported coins, didn't last a week in my possession. Immediately went to get a Nano S because (shamefully have to admit) it supported Ripple, and because it supported many other coins.
Although Trezor is the pioneer of crypto hardware wallets, and has really neat new model; and KeepKey was acquired by Shapeshift which is sure to up its game; Ledger has been adding very important human capital, has important funding (75M USD is not pocket change), and nailed important partnerships… IMO Ledger will be the #1 Hardware Wallet company by $ and volume when crypto goes boom.
If you enjoy the read, follow me on Twitter, is good for Karma.
P.S.: if you are new to crypto, or are planning to enter in crypto, PLEASE make sure before you buy any crypto, buy a hardware wallet, get acquainted with it, play with it, get comfortable with it, and keep most of your crypto in it. Safety first, if your crypto is compromised, there is no one that can bring it back.
