Ledger May Be Secure but Not Private, According to Its Privacy Policy

Rahul Nambiampurath
Published: Apr 3, 2022, 08:41 GMT+00:00

Ledger Live collects and retains its user's data for five years, which violates user privacy.

Ledger wallet

Key Insights

  • Ledger Live collects and stores the IP data of its users for five years.
  • The firm was faced with a major hack over a year ago, resulting in the details of over one million customers being compromised.
  • Ethereum and bitcoin balances across various centralized exchanges have plummeted to record lows in recent years.

Education surrounding the rapidly evolving crypto/blockchain sector has continued to increase globally. As a result, more and more people have begun to realize the importance of storing their digital assets in external hardware wallets rather than centralized storage options.

In this regard, the outflow of many prominent cryptocurrencies, from centralized trading platforms to cold wallet solutions, has continued to surge in recent years. To this point, a whopping 550,000+ ETH exited the CeFi ecosystem during Q1 2022 alone. As a result, only 21.72 million ETH now remains across these exchanges, down from its record high of 31.68 million ETH in June 2020. Similarly, Bitcoin too has been aligning with this trend, with a staggering 18,000 BTC exiting the CeFi verse over the course of a single day earlier this year in January.

Ledger Wallet, Not As Private as One May Think

Undoubtedly, one of the most popular hardware wallet manufacturers in the market today is Ledger. Currently, the company is offering two wallet options, the Nano S and its more expensive counterpart, the Nano X. The company’s wallets are supported by a number of third-party crypto applications, increasing its adoption tremendously.

However, in recent weeks, the company’s ‘Ledger Live’ application has come under increasing scrutiny from crypto enthusiasts. This is because the app, which allows owners to interface with their wallets, collects the IP addresses of its users and retains this data for a period of five years.

As per a Reddit thread from a few years ago, Ledger’s Chairman and Co-Founder Eric Larchevêque maintained that his company did not “log IP addresses.” However, a quick look at the company’s current privacy policy suggests otherwise.

Details of the data collected by Ledger Live
Details of the data collected through Ledger Live: Ledger

Ledger’s Recent Database Leak Is Not Helping Matters

A little over a year ago, Ledger was on the receiving end of a massive data breach. The hack compromised over a million customers’ email addresses and other private data (such as their phone numbers). Furthermore, for a subset of 9,500 customers, highly sensitive info such as their first and last name, postal address had also been leaked.

To make matters worse, the miscreants went on to post the entire leaked database of Ledger’s clients on the popular dark web marketplace ‘Raidforums,’ allowing cybercriminals to freely make use of the data for nefarious purposes.

— Jameson Lopp (@lopp) December 20, 2020

Privacy Lies at the Heart of Crypto

There is no denying the fact that the ethos of individual privacy, security, and decentralization lies at the core of all crypto-enabled technologies. However, with Ledger indulging in such shady data collection practices, it remains to be seen what backlash the company is faced with from the crypto community at large.

About the Author

Rahul's cryptocurrency journey first began in 2014. With a postgraduate degree in finance, he was among the few that first recognized the sheer untapped potential of decentralized technologies.

Did you find this article useful?