Amid Ledger's controversial decision to allow "recovery" of private keys from its devices, cold storage rival GridPlus announced it would move to "open source" the firmware of its crypto wallet.
GridPlus notified its 17,500 followers on Twitter on May 17 that it would open-source the firmware for all of its encrypted devices in the third quarter of this year, claiming it was an effort to increase transparency. “This week's hardware wallet discusses sion exposed taken- for-granted trust assumptions,” GridPlus wrote in a follow-up comment.
“As an industry, we must uphold the highest standards, and we call on all other hardware wallet manufacturers to also open source their firmware for the benefit of our ecosystem.” Much of the anger directed at Ledger in the past 48 hours has stemmed from an update to its firmware a term for software built into hardware devices — that would allow users' private keys to be extracted from their cold storage devices, despite reports that Users were assured the opposite in the past.
It's worth noting that Ledger's firmware is closed source, meaning only the company's own developers can look at the code and check it for flaws. Open source, on the other hand, allows any programmer to access and inspect pre-existing code to improve it and check it for potential bugs. In a Twitter Q&A session on May 17, Ledger support addressed this directly, clarifying that it is “always possible” for companies to write code that allows key extraction, and users must trust Ledger.
While Ledger's announcement has upended many users' understanding of the types of privacy features its product offers, some believe the outrage is overblown. Competitors appeared to be quick to capitalize on Ledger's poorly received announcement, with some opting to of fer discounts on most of its products , including Trezor, Blockstream's Jade, and BitBox.
