We write this with utmost urgency to alert you about an important security update concerning Ledger devices, a popular hardware wallet used to store cryptocurrencies. Ledger has recently rolled out a new update (version 2.2.1) that introduces a cloud feature, which, upon opting in, will allow your seed phrase to be stored in the cloud. While this may provide convenience for some users, it may also significantly impact the security of your cryptocurrency holdings.
Traditionally, the value proposition of Ledger and other hardware wallets has been the secure offline storage of private keys. These keys, as you know, are the essence of ownership and control of your cryptocurrency assets. By storing these keys offline, hardware wallets offer protection against online hacking attempts and other digital threats.
However, the recent update changes this fundamental security structure. If a user opts in for the cloud feature, their seed phrase will be stored online. This is a significant departure from the promise of “cold storage” that hardware wallets like Ledger are known for.
We were always an advocate for Ledger.com. We loved their devices. But a recent batch of horrible updates made the device almost unusable for managing some crypto coins. Now, a post made by our member @patrikk, casts a further shadow on the popular device.
While Ledger.com has a reputation for maintaining rigorous security protocols, the fact remains that any data stored online is potentially vulnerable. Cybersecurity experts generally agree that the more places sensitive information is stored, the more potential access points there are for hackers. This means that by storing your seed phrase in the cloud, it could potentially be exposed to a wider range of digital threats.
Further, even the most secure systems are not immune to breaches. In 2020, Ledger itself experienced a data breach where the personal data of nearly 1 million customers was leaked. Although no funds were lost in this instance, as private keys were not compromised, the incident highlights that no system is completely foolproof. In addition to this, recent TrustPilot reviews on the Ledger.com profile shows users complaining about their coins vanishing.
Given these risks, we strongly urge SWAPD members to consider the potential dangers of Ledger’s cloud feature. We understand the appeal of convenience that such a feature might provide, but this should be weighed against the potential security risks involved.
In the world of cryptocurrencies, where transactions are irreversible and there’s no central authority to mitigate fraudulent activities, the importance of personal security measures cannot be overstated. Your private keys represent your ownership of your cryptocurrency assets. Once they fall into the wrong hands, your assets could be irretrievably lost.
Please remember, the safest place for your seed phrase is offline, ideally written down and stored in a secure, physical location. If you feel the need for a backup, consider using a secondary hardware wallet or a metal backup solution. We advise against storing your seed phrase in any form that is connected to the internet, including cloud storage.
