Should You Be Concerned About Ledger's Firmware Update?
Aragon DAO Wrongdoing | ARB Fee Share | Uniswap Earnings Forecast?
GM, this is your Daily Bolt briefing.
To the shock of many, Ledger, the most popular provider of crypto hardware wallets, recently announced a new upgrade to the firmware of their Ledger Nano X product, dubbed “Ledger Recover”. Many expressed concern over the update’s ability to share the seed phrase of an individual wallet, the most important and private component of a crypto wallet.
Read our extended report below to get the scoop on the technical details of the update, the context surrounding concerns of security, and Ledger’s insuance coverage program, should user funds be lost due to this issue.
Below, we’ve also included a less urgent briefing on the Aragon DAO malpractice claims, the latest news around ARB fee share and other token utility, and whether or not Uniswap can achieve nine-figures in revenue during the next bull market.
Stay alert in the markets.⬇️
1/ Ledger Twitter Spaces - Introducing Ledger Recover
Preview: In this Ledger Twitter Spaces which took place on May 16, 2023, Ian Rogers (Ledger Spaces Host) is joined by Charles Guillemet (Ledger CTO), Nicolas Bacca (Ledger Co-Founder & VP of Innovation Lab), and Pascal Gauthier (Ledger CEO) to discuss the controversy in Ledger’s latest firmware upgrade Ledger Recover! Read our notes below to learn more. Click here to listen to the full episode (64 mins).
Read our Note (13 mins) and save 51 mins.
Here are some key takeaways:
Ian Rogers addresses concerns on Twitter and Reddit about the Ledger Recover product. He emphasizes that Ledger has been developing Ledger Recover for over two years.
He brings up two key issues: onboarding and connectivity to wallet-connected apps. He believes Ledger has made significant strides in improving onboarding, especially with Ledger Nano.
Ian highlights Ledger's commitment to usability without compromising on security and self-custody, which he believes to be the main concerns in the space.
Ledger Recover is an optional service that allows users to back up their seed phrase. He also mentions that this service doesn't increase the user's attack surface if they choose not to opt-in.
He explains that Ledger Recover is designed to help users who struggle with the concept of a seed phrase and its importance. The service encrypts, shards, and stores a user's seed phrase to facilitate its recovery.
Ian also mentions that Ledger Recover offers $50,000 coverage if something goes wrong. He believes that while it might not be the right solution for someone with a large crypto asset base, it could be beneficial for the majority of users.
The Recovery service involves two different partners. Users create an account with these partners and, once set up, a cryptographic process begins.
The process includes a Ledger recovery backup process initiated by user consent and uses Shamir’s secret-sharing operation, which splits the seed phrase into three shards (shard means "a small part of a whole.").
Each shard, having no information about the seed, requires two of the three shards to recombine the seed phrase. These shards are encrypted with a symmetric key within the device. The device then creates a secure channel for the partners, authenticating them and eliminating the chance of third-party interference.
He explains that the encrypted shards are sent to the partners through this channel for storage within a Hierarchical Storage Management (HSM), each shard being encrypted twice for added security.
To recover their wallet, users must go through their account with the partners, providing identity verification to ensure it's them. If there's any doubt, the recovery process is stopped.
Once verification is passed, the process is performed symmetrically - secure channels are mounted from the device to each partner to retrieve the shards.
The device decrypts these shards (since it has the symmetric key) and recombines them to restore the complete seed and recover the wallet.
Charles emphasizes the importance of understanding these technical details for users to fully grasp how their product works.
Nicolas Bacca explains that the security protocol of Ledger Recover can be used independently or within a subscription service. While the subscription service has benefits such as KYC, the protocol also supports traditional recovery processes like notary services. He explains that these traditional recovery processes are designed to handle situations where someone else might need to access your crypto, such as in the event of an accident. The design intention was to maintain user control at all times.
Charles Guillemet reassures that the threat model doesn't change with this addition. The service is designed in such a way that anytime the operating system needs to access a user's secret, it requests the user's consent.
This process is consistent across all actions, such as signing a Bitcoin transaction, executing an Ethereum smart contract, or using the Ledger Recover service. User consent is required after entering the PIN, ensuring no new attack surfaces are introduced.
Charles Guillemet says that a user's seed phrase is securely stored within their Ledger device and on their seed phrase recovery sheet. If a user upgrades their firmware, it will include new functionality allowing them to use a particular service. However, the user is not obliged to use this service.
Ian Rogers agrees and clarifies that in all cases with Ledger, if a user's private key is being accessed, the user is prompted.
Charles Guillemet confirms that consent is needed from the user to use their seed phrase or product key for signing a transaction, doing updates, or using some recovery service.
2/ Bell Curve - Aragon DAO, Valuation Models & MEV Attacks
Preview: In this episode of Bell Curve, which took place on May 12, 2023, Jason Yanowitz and Mike Ippolito invite Michael Anderson and Vance Spencer to discuss Aragon DAO, Hindenburg vs Icahn, proposals on Arbitrum and Uniswap, jaredfromsubway’s MEV attacks and valuation models for cryptocurrencies. Click here to watch the full episode (53 mins).
Read our Note (10 mins) and save 43 mins.
Here are some key takeaways:
Vance explains that Aragon DAO is a project that has developed various software products, including Aragon Court, for DAO governance.
Vance says that there have been allegations that Aragon spends money on unnecessary things like off-site instead of returning funds to the community. Eventually, the token’s value dropped below the treasury’s value.
Vance explains that Arca Capital Management bought $ANT tokens and decided to liquidate the treasury through a vote in order to profit from the difference between the token’s market value and the treasury’s value. However, Aragon Foundation called it a “51% attack on democracy” and rugged all the money from its treasury.
He says that during this process, many funds lost money, and Aragon Foundation is accused of acting in bad faith for taking the money.
Mike explains that the latest significant Arbitrum proposal is to distribute a portion of the accumulated revenue from the Arbitrum DAO to $ARB token holders. Arbitrum has accumulated 3352 $ETH from fees.
Mike states that the distribution of revenue will be proportionate to the amount of $ARB tokens delegated by each holder.
Mike also notes that benefits include distributing DAO revenue to $ARB token holders, aligning community incentives, creating a more engaged user base, and giving $ARB a purpose beyond just being a governance token.
Mike notes that Blockworks is a big delegate for Arbitrum and discloses that their opinions are not indicative of anything related to Blockworks.
Vance explains that there is no real economics flowing through the DAO or $ARB itself at this moment, and it is important to develop one for future success.
Jason says that GFXlabs proposed turning on the fee switch for Uniswap.
Vance says that Uniswap has a revenue of $60,000,000 in six months, which is quite decent, and he says that Uniswap can reach a revenue of mid-nine-figures in a bull market.
Vance says that whether or not Uniswap will reach nine-figure revenue will be an indicator of its success. He believes that there are few businesses that can do this in the cryptocurrency ecosystem, and Uniswap is among them.
Vance questions whether Uniswap’s fees are reasonable compared to Coinbase and Binance.
He says that it is no surprise that Uniswap has higher volume than Coinbase since its fees are very low.
If you read these 2 Notes on Revelo Intel you would have saved: 1 hour and 34 minutes!