Ledger’s CTO on the Security Challenges of Cryptocurrency
CryptoSlate caught up with Ledger’s CTO Charles Guillemet at BTC Prague on a range of topics, from what really happened during the Ledget ConnectKit exploit to the intricate challenges of securing such a high percentage of the world’s digital assets. Guillemet’s background, deeply rooted in cryptography and hardware security, provides a strong foundation for his role at Ledger. He began his career designing secure integrated circuits, which later translated into his approach to creating secure elements for Ledger devices.
Security Challenges in Blockchain and Bitcoin
During the interview, Charles Guillemet delved into the distinct security challenges posed by blockchain and Bitcoin technology. His insights were shaped by his extensive background in secure integrated circuits and cryptography.
Guillemet explained that, in traditional banking cards and passports, the security keys are managed by the bank or the state. However, in blockchain technology, individuals manage their own keys. This fundamental shift introduces significant security challenges, as users must ensure that their value is protected from unauthorized access and loss. He highlighted:
“In ledger devices, you are managing your keys while in your banking cards and your passport, this is your bank’s or state’s secret. This is the big difference.”
Since users own their value, it becomes imperative to secure it, ensuring it is neither lost nor accessed by unauthorized parties. This requires robust measures to prevent software malware from gaining access and to protect against physical attacks.
“Having a dedicated device is the best way to do that. And also you must prevent an attacker with physical access from getting access to your secrets.”
The CTO also pointed out that blockchain’s immutability makes the security challenge even more significant. Ledger technology secures over 20 percent of the market cap, equating to approximately $500 billion. This immense responsibility is managed by leveraging the best available technology to ensure security. Guillemet confidently stated that, so far, their approach has been successful, allowing him to sleep well at night despite the high stakes involved.
Ledger’s Response to Security Breaches and Supply Chain Security
Charles Guillemet addressed Ledger’s approach to handling security breaches, particularly the incident involving the Ledger ConnectKit. He described the challenge posed by supply chain attacks on software, emphasizing the difficulty in preventing such attacks entirely.
When discussing the breach, Guillemet recounted how a developer’s account was compromised through a phishing link, leading to an attacker obtaining the API key. This allowed the attacker to inject malicious code into the NPM repository used by websites integrating Ledger devices. He highlighted the swift response from Ledger to mitigate the impact:
“We noticed the attack very quickly and we were able to kill it very, very quickly. From the time where he compromised the access and we stopped the attack, only five hours passed.”
Despite the breach, the damage was limited due to Ledger’s prompt action and the inherent security features of their devices, which require users to manually sign transactions, ensuring they verify the transaction details.
Guillemet furthermore discussed the broader issue of supply chain security, emphasizing the complexity of managing software vulnerabilities. He pointed out that while due diligence and best practices can help, completely preventing supply chain attacks remains a significant challenge. He cited an example of a sophisticated supply chain attack:
“LG recently had a package on UNIX distribution that was backdoored by someone committing to the open source repository, exploiting SSH servers. It spread to every single server in the world before it was noticed.”
This example illustrated the pervasive nature of supply chain attacks and the difficulty in detecting and mitigating them. Perhaps unsurprisingly, he advocated for the use of hardware wallets for crypto security. However, he adeptly explained why, clarifying that they offer a limited attack surface and can be thoroughly audited.
Human and Technical Threats to Security
Charles Guillemet provided a comprehensive overview of the multifaceted nature of security threats in the blockchain space, encompassing both human and technical elements. He emphasized that attackers are highly result-oriented, constantly evolving their strategies based on the cost and potential reward of their attacks. Initially, simple phishing attacks that tricked users into entering their 24-word recovery phrases were prevalent. However, as users became more aware, attackers shifted their tactics towards more sophisticated methods.
Guillemet explained:
“Now attackers are tricking users into signing complex transactions that they don’t understand, which leads to their wallets being drained.”
He noted the rise of organized crypto-draining operations, where different parties collaborate to create and exploit crypto drainers, sharing the proceeds at the smart contract level. Guillemet predicted that future attacks might focus on software wallets on phones, exploiting zero-day vulnerabilities that can provide full access to a device without user interaction.
Given the inherent vulnerabilities of mobile and desktop devices, Guillemet stressed the importance of recognizing that these devices are not secure by default. He recommended:
“If you think that your data is secured on your desktop or laptop, think again. If there is an attacker determined to extract the data, nothing will prevent them from doing so.”
He advised users to avoid storing sensitive information such as seeds or wallet files on their computers, as they are prime targets for attackers.
Balancing security with usability is a significant challenge in the crypto wallet industry. Ledger’s approach prioritizes security as the North Star while continuously striving to improve user experience. Guillemet acknowledged that features like Ledger Recover, which aim to simplify the user experience, have sparked debate. He explained that while such features are designed to help newcomers manage their 24-word recovery phrases more easily, they are entirely optional:
“We are providing options, giving the choice. It’s an open platform. If you don’t like a feature, you don’t have to use it.”
The goal is to cater to a broad range of users, from those who prefer full control over their security to those who need more user-friendly solutions. Guillemet recognized that mass adoption of digital assets requires addressing usability issues without compromising on security. Ledger aims to strike this balance by offering flexible options while maintaining the highest security standards.