GM, this is your Daily Bolt briefing.
In this edition, we’ll be giving you a follow-up report, detailing the Ledger leadership team’s response to the backlash they received. Following an update to their hardware wallet that enabled seed phrases to potentially be shared with other people besides a wallet’s owner, Ledger received criticism from people across the crypto ecosystem. Now, they’re trying to rectify their mistake; read below to learn how.
In this edition, we’ve also included a briefing on Justin Sun’s insights on how CEXs should navigate current market and regulatory conditions, as well as when we can expect a market recovery.
Stay vigilant⬇️
aiPX is the official sponsor of the Daily Bolt by Revelo Intel
In a post-FTX world, securely trading with leverage and earning real yield in a decentralized manner has never been more important.
aiPX offers cutting-edge risk management for liquidity providers, leverage trading, and a suite of products between perpetuals, binary options, and synthetics.
Earn passive yield and trade with leverage straight from your wallet.
Take the step, join aiPX.
1/ The Scoop - Justin Sun wants to revitalize Huobi and Poloniex
Preview: In this episode of The Scoop which took place on, Frank Chaparro is joined by Justin Sun to discuss the current state of the crypto market, the regulatory impact on centralized exchanges, the Tron ecosystem, and more! Click here to listen to the full episode (23 mins).
Read our Note (7 mins) and save 16 mins.
Here are some key takeaways:
Justin Sun acknowledges the market's recovery since a downturn six months prior when companies like FTX, Celsius, Genesis, and Digital Currency Group (DCG) faced bankruptcy or a debt crisis. He points out that the market is still feeling the impact of these events, citing recent large withdrawals by Celsius and regulatory scrutiny on Jump Trading for their dealings with Terra Luna. He expects the market will need another six months to fully recover.
Justin Sun outlines multiple factors that he believes can help restore market confidence. First, he highlights the current market valuation, considering it attractive following the bearish trend. He argues that investing in cryptocurrency now may be more profitable in the next three to five years than it was in 2021.
Justin Sun affirms that after the FTX incident, exchanges have adopted a standard proof-of-reserve. Many exchanges now present a monthly proof-of-reserve report. Collaborations with custodian providers such as Fireblocks have been established to offer self-custody to traders. He emphasizes that the transparency of centralized exchanges has improved significantly over the past six months. He also states that exchanges like Huobi and Poloniex have become profitable, which is a healthy sign for the market, even amidst losses in the bear market.
Justin Sun explains that despite a decline in trading volumes, CEX platforms like Huobi and Poloniex have reached profitability, mainly due to cost-cutting measures. He notes that trading volume remains the primary source of revenue, even though it has declined compared to 2021.
Frank Chaparro notes a shift in Binance's market share, stating that its dominance has slightly dropped from a high of 70% to around 55% in spot volume traded. He remarks that this shift has benefited various exchanges, and he questions whether Binance will remain the dominant exchange in the future.
Justin Sun doesn't see a future where one exchange will dominate every aspect of crypto because the field is too diverse and dynamic. He believes there's a big opportunity for every participant in the market, as long as they can find a niche or serve a specific set of customers effectively.
Justin Sun confirms that Huobi is actively applying for a Hong Kong license. He elaborates that after June 1st, they will have an 18-month period to operate an exchange in Hong Kong. During these 18 months, they may be approved to operate a licensed exchange by the Hong Kong government. He notes other participants are also active in Hong Kong. He mentions some crises in the US, such as the SVB incident, but sees that Hong Kong is more open-minded towards the crypto business.
He mentions that in the next 6-12 months Tron is focusing on stablecoin, DeFi, and NFT businesses. Justin Sun also mentions the plan to hold hackathons to encourage more developers to develop their projects on Tron.
Ledger - AMA with Ledger’s Leadership Team
In this Ledger Twitter Spaces, the Ledger team including Ian Rogers, Pascal Gauthier, Charles Guillemet, Nicolas Bacca, and Eric Larchevêque discuss the recent controversy surrounding their latest product, Ledger Recover. They apologize for the miscommunication and address community concerns. Read our notes below to learn more.
Background
Ian Rogers - (Host) - Chief Experience Officer at Ledger
Pascal Gauthier - (Guest) Chairman & CEO at Ledger
Charles Guillemet - (Guest) - CTO at Ledger
Nicolas Bacca - (Guest) - Co-founder & VP Innovation Lab at Ledger
Eric Larchevêque (Guest) - Co-founder at Ledger
Ledger - Ledger is a company that specializes in providing hardware wallet solutions for securely storing and managing cryptocurrencies.
Ledger Recover - Ledger Recover is an optional paid subscription service available only for Ledger Nano X to make wallet recovery easier.
Background on Ledger Recover
Ian explains that the Ledger team developed Ledger Recover to help users recover their secret recovery phrase.
He mentions that Ledger Recover is a paid service with a monthly subscription but is optional for Ledger users.
He also points out that the news of the product was released before all materials were available, causing confusion among users about how wallets generally work.
Pascal says that Ledger aims to reinvent or invent products that are always very secure.
He mentions that ease of use is important for engaging with private keys and different crypto communities. He explains that crypto assets were not designed to stay on an exchange but to be in self-custody. And the reason why they were designed to be in self-custody was not just for the buy and hold but for using them and engaging private keys.
According to him, the two pain points for the crypto industry are onboarding more people and 24-word recovery phrases.
Pascal mentions that Ledger's mission is to bring self-custody and ease of use without compromising security.
He believes that people reacted negatively to Ledger Recover because they were concerned about how it was possible and if it fundamentally changed the security of Ledger.
Response to Community Concerns
Ian says that the team has been reflective and working on addressing community concerns over the past five days.
He mentions that they have come up with a plan that addresses these concerns while still delivering a service like Ledger Recover to help increase overall crypto adoption.
Pascal apologizes for the miscommunication regarding the launch of Ledger Recover.
He acknowledges that there were misconceptions about hardware wallets in general and appreciates suggestions from the community.
Addressing Concerns
Ian believes that the community was concerned that Ledger Recover compromises security and ease of use.
Charles addresses these concerns by explaining that Ledger Recover ensures both security and ease of use.
He emphasizes that Ledger Recover does not compromise on security while making it easier for users to recover their funds.
Charles says that Ledger has implemented measures to ensure physical resistance against high-potential attackers.
According to him, Ledger wants to minimize the level of trust users need to put into the product by accelerating their open-source format.
He points out that most of Ledger's code base is already open source, including the SDK used by third-party developers.
Charles says that they started to open-source Ledger products and plan on open-sourcing more parts of their operating system gradually. They will start by open-sourcing the whitepaper of Recover Protocol for transparency purposes.
Ian mentions that some people were concerned about parts of Ledger's code that aren't open source and people wanted Ledger to show it so they could verify it.
Ledger will start by open-sourcing the whitepaper of the Recover protocol and parts of their operating system for transparency purposes.
Charles says that users’ secret phrases are not sent out of the device in plain text when using Ledger Recover.
Launching Ledger Recover Before Code Verification
Charles mentions that it was important to verify the code behind Ledger Recover before launching it.
He mentions that they plan to pause and open source their code to make Ledger's operating system more verifiable
How Ledger Recovery Works
Charles explains that the user creates an account and goes through identity verification for Ledger Recovery. Then, the user initializes the backup mechanism on the device.
He says that the seed is split into three shards and they are sent securely to three different entities.
According to Charles, two shards allow the recombination of the seed for recovery.
Charles says that the recovery service sends the shards directly into the user's device using an authentication encryption protocol.
He mentions that if there are any connection issues during the recovery process, users can reconnect to the service at any time.
Understanding Hardware Wallets and Ledger Recovery
Charles says that hardware wallets allow users complete control over their Ledger and secret phrase.
He mentions that users can sign transactions, take actions, etc. autonomously with their Ledger and secret phrase.
Importance of Secure Hardware
Ian says that no software can make an insecure hardware wallet secure.
He mentions that the choice is between open-source software without a secure element chip and purpose-built secure hardware with a secure element chip that has been hardened over decades of use in financial services.
He says that with a secure element chip, users can ensure that their hardware is genuine and trustworthy.
Trade-off Between Open-Source Software and Secure Hardware
Ian believes that educated people generally choose Ledger because it offers a vast majority of open-source software with a secure element chip that provides several benefits such as wallet genuinity check.
He mentions that trustless open-source systems require users to assemble their own hardware wallet and compile their firmware, which is not feasible for millions or tens of millions of users who want self-custody.
Future Plans for Open Sourcing
Eric says that Ledger plans to focus on open-sourcing more of their code, but it is a trade-off due to the need for innovation in the crypto industry.
He mentions that they have over 150 apps that are already open source and plan to continue expanding their open-sourcing program.
Explanation of Company Mission
Nico explains that the foundation of the company is to take the most secure tools that exist to hold secret phrases, such as a smart card, and make the tools accessible to individuals.
He says that Ledger allows users to run their own native code on a smart card, making their assets ultimately secure.
According to him, the smart card has been trusted for 40 years in security-critical industries.
Importance of Upgradable Firmware and Security
Charles emphasizes the importance of upgradable firmware for security reasons.
He says that the operating system needs to be able to access secret phrases and upgrade the firmware for security purposes and add new functionality and features.
He mentions that users are requested for consent each time their Ledger uses private keys.
He explains that as soon as cryptographic primitives such as hash functions and asymmetric key cryptography touch a sequence, users are prompted.
Ledger Recovery and Censorship Resistance
Pascal explains that Ledger Recover is an optional feature and that adding a passphrase to the device can make it more censorship-resistant.
He says that the passphrase is an advanced feature that allows you to add an additional word to your recovery phrase.
He explains that multiple seed phrases can be created with Ledger Recover.
He says that decoy wallets can be created which hold trace amounts of crypto.
He mentions that multiple passwords can be created for different wallets.
Future Plans for Ledger Devices
Charles says that Ledger Recover was always intended to be optional and is a paid service.
He mentions that future Ledger products will have opt-in upgradable software with the option to decline firmware updates.
Pascal thinks that a subpoena is a tricky conversation because it depends on the government and where one lives. It's not easy to subpoena Ledger's service like Ledger Recover.
He mentions that the philosophy at Ledger is to protect their users and their assets as much as possible in every way they can.
Pascal gives an example that there was an example of a terrorist attack in the US where Apple got subpoenaed to open a phone that belonged to a terrorist. However, Apple refused to comply.
Verification Process
Ian mentions that Ledger Recover uses identification to know who one is in case one needs to recover it. Ledger Recover doesn't require KYC.
He says that imposters trying to act as if they are the Ledger Recovery service is difficult due to two separate identification providers and five independent reviews by trained validation agents.
He mentions that there are spoofing detection countermeasures against impersonation attacks, deep fake detection, and liveness detection.
He adds that during the verification process, users have to show their ID documents.
Cryptographic Primitives
Charles explains that every cryptographic primitive has an associated risk if not properly used, but having it as part of the operating system does not change anything in terms of the security threat model.
Nicolas adds that implementing new features does not represent an additional risk for users as long as they are touching the secret properly.
The risks associated with imposters
Charles says that to impersonate a user, an imposter needs to take over their Ledger Recover account first. He mentions that five independent reviews by trained validation agents ensure that it's difficult for someone else to impersonate a user.
He says that spoofing detection countermeasures against impersonation attacks, deep fake detection, and liveness detection are implemented during the process.
Q&A
Q: Do you have any plans to have this firmware be the new custom firmware on future Ledger devices?
Charles mentions that Ledger's firmware is constantly evolving and improving and the future Ledger products will have opt-in upgradable software with the option to decline firmware updates.
Q: Can you guarantee the Ledger community that Ledger Recover will always be an optional service?
Charles acknowledges that Ledger Recover is meant to be a paid service, but they also state that it is always optional for users.
Q: Will there be additional firmware versions to make users more comfortable?
Pascal explains that having thousands of different firmware versions would be difficult to manage and would divert resources from building secure and user-friendly products. They focus on ensuring the fundamental operating system works reliably and securely.
Q: Are there plans to prevent spammers and phishing attacks targeting Ledger recover users?
Charles mentions that phishing attacks exist across various platforms and vectors. They emphasize that Ledger Recover does not require users to provide private keys and employs measures like liveness detection, ID document verification, and session linkage to mitigate impersonation risks.
Important Links
aiPX is the official sponsor of the Daily Bolt by Revelo Intel
In a post-FTX world, securely trading with leverage and earning real yield in a decentralized manner has never been more important.
aiPX offers cutting-edge risk management for liquidity providers, leverage trading, and a suite of products between perpetuals, binary options, and synthetics.
Earn passive yield and trade with leverage straight from your wallet.
Take the step, join aiPX.