Reading 3 min Published Updated
Amid controversy over Ledger’s controversial decision to allow “recovery” of private keys from its devices, cold storage rival GridPlus has announced that it will move to “open source” firmware for its cryptocurrency wallets.
On May 17, GridPlus took to Twitter to inform its 17,500 followers that it will open source the firmware of all of its cryptocurrency devices in the third quarter of this year, which it claims aims at greater transparency.
The most trusted name in cryptography, relied upon by the world’s governments for their highest security applications for decades, sold products backdoored by the CIA. How can we ensure this won’t happen again? open source software.
GridPlus will open-source its firmware in Q3. pic.twitter.com/889OnqXd20
— GridPlus (@gridplus) May 18, 2023
“Hardware wallet discussions this week exposed trust assumptions that were taken for granted,” GridPlus wrote in a follow-up comment.
“We as an industry must hold ourselves to the highest standards, and we encourage all other hardware wallet manufacturers to also open source their firmware for the benefit of our ecosystem.”
Much of the anger directed at the Ledger over the past 48 hours has been related to its firmware – a term for software embedded in a hardware device – which is being updated, which would allow the user’s private key to be potentially retrieved from its cold storage, despite reportedly being assured users to the contrary in past.
Related: Ledger data breach: ‘simple mistake’ exposes 270k cryptocurrency wallet buyers
Notably, the Ledger firmware is closed source, which means that only developers from the company itself can review the code and check it for flaws. On the other hand, open source allows any programmer to access and review existing code to improve it and check for potential bugs.
Speaking directly about this during a May 17 Twitter Q&A session, Ledger support clarified that it was “always an option” for the company to write code that would extract keys, and users need to trust Ledger.
(1/2) Technically speaking it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.
— Ledger Support (@Ledger_Support) May 17, 2023
While Ledger’s announcement undermined many users’ perceptions of the privacy features offered by its products, some suggested that the outrage was overblown.
It appears that competitors quickly capitalized on Ledger’s poorly received announcement, with some opting to offer discounts on most of their products, including Trezor, Jade Blockstream, and BitBox.