Ledger can be secure but not private according to its privacy policy


Important Findings

  • Ledger Live collects and stores IP data from its users for five years.
  • The company faced a major hack over a year ago that resulted in the data of over a million customers being compromised.
  • Ethereum and Bitcoin balances on various centralized exchanges have fallen to record lows in recent years.

Education around the rapidly evolving crypto/blockchain sector has continued to increase around the world. As a result, more and more people have realized the importance of storing their digital assets in external hardware wallets rather than centralized storage options.

In this regard, the outflow of many prominent cryptocurrencies from centralized trading platforms to cold wallet solutions has continued to increase in recent years. A whopping one up to this point 550,000+ ETH exited the CeFi ecosystem in the first quarter of 2022 alone. As a result, only 21.72 million ETH remain on these exchanges, compared to the record high of 31.68 million ETH in June 2020. It was a similar story with Bitcoin adapt to this trendwith a staggering 18,000 BTC leaving the CeFi verse over the course of a single day earlier this year in January.

Ledger wallet, not as private as you might think

One of the most popular hardware wallet manufacturers on the market today is undoubtedly Ledger. The company currently offers two wallet options, the Nano S and its pricier counterpart, the Nano X. The company’s wallets are powered by a number of third-party crypto applications, which increases adoption tremendously.

In recent weeks, however, the company’s Ledger Live application has come under increasing scrutiny from crypto enthusiasts. This is because the app, which allows owners to connect to their wallets, collects their users’ IP addresses and stores this data for a period of five years.

According to a Reddit thread A few years ago, Eric Larchevêque, chairman and co-founder of Ledger, claimed that his company does not “log IP addresses”. But a quick look at the company current privacy policy suggests otherwise.

Details of the data collected via Ledger Live: ledger

Ledger’s recent database leak doesn’t help

A little over a year ago, Ledger was on the receiving end a massive data breach. The hack compromised the email addresses and other private information (e.g. phone numbers) of over a million customers. In addition, highly sensitive information such as first and last name and postal address was also leaked for a subset of 9,500 customers.

To make matters worse, the villains proceeded to post the entire leaked database of Ledger’s customers on the popular dark web marketplace Raidforums, allowing cyber criminals to freely use the data for nefarious purposes.

Privacy is at the heart of crypto

There is no denying that the ethos of individual privacy, security, and decentralization is at the core of all crypto-enabled technologies. However, as Ledger indulges in such shady data collection practices, it remains to be seen what backlash the company will face from the crypto community at large.


Comments are closed.