{"id":7605,"date":"2022-12-16T21:40:14","date_gmt":"2022-12-16T21:40:14","guid":{"rendered":"https:\/\/cyberscrilla.com\/staging\/4768\/?p=7605"},"modified":"2022-12-16T21:44:52","modified_gmt":"2022-12-16T21:44:52","slug":"are-ledger-wallets-open-source","status":"publish","type":"post","link":"https:\/\/cyberscrilla.com\/staging\/4768\/are-ledger-wallets-open-source\/","title":{"rendered":"Are Ledger Wallets Open Source? (The Truth Revealed)"},"content":{"rendered":"\n<p>Many people are curious to know if Ledger wallets are open source. And if they\u2019re not, why aren\u2019t they? Isn\u2019t open source a good thing? <\/p>\n\n\n\n<p>After reading through countless discussions about this very topic posted by Ledger\u2019s co-founder, I discovered the truth.<\/p>\n\n\n\n<p><strong>Ledger\u2019s firmware is not open source but the apps and Ledger Live are. This means you can check each device application and the communication exchanged between the client and the apps. Also, since Ledger&#8217;s code is open source third-party developers can submit coin apps to Ledger for review.<\/strong><\/p>\n\n\n\n<p>Below you\u2019ll learn how open source Ledger wallets are, why the firmware remains close source, and which hardware wallet alternatives are completely open source.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Are Ledger Wallets Open Source?<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Is Ledger Nano (S\/X) open source?\" width=\"1200\" height=\"675\" src=\"https:\/\/www.youtube.com\/embed\/KK63rqoikro?start=46&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe>\n<\/div><figcaption class=\"wp-element-caption\">A video showcasing how open source Ledger wallets are<\/figcaption><\/figure>\n\n\n\n<p>After reading through <a href=\"https:\/\/www.reddit.com\/r\/ledgerwallet\/comments\/kgi9yn\/comment\/gv0zeuf\/\" data-type=\"URL\" data-id=\"https:\/\/www.reddit.com\/r\/ledgerwallet\/comments\/kgi9yn\/comment\/gv0zeuf\/\" target=\"_blank\" rel=\"noreferrer noopener\">Reddit threads<\/a> in addition to an <a href=\"https:\/\/www.ledger.com\/secure-hardware-and-open-source\" target=\"_blank\" rel=\"noreferrer noopener\">article<\/a> posted by Ledger\u2019s co-founder, Nicolas Bacca, I was able to gather significant data to put together this in-depth resource.<\/p>\n\n\n\n<p>According to Bacca, the only thing that remains open source on Ledger wallets are the apps and Ledger Live (the client). <\/p>\n\n\n\n<p>The client is responsible for requesting activity from the device&#8217;s operating system (in Ledger\u2019s case, the os is called BOLOS).<\/p>\n\n\n\n<p>Since the code remains open source, both internal and external developers are invited to contribute to Ledger\u2019s application inventory. <\/p>\n\n\n\n<p>Of course, all apps submitted must be reviewed and approved by Ledger before going live.<\/p>\n\n\n\n<p>And just in case a malicious app slips by the team, the BOLOS operating system is there to save the day.<\/p>\n\n\n\n<p>BOLOS is Ledger\u2019s own proprietary operating system that was designed with security in mind. It allows for applications to be installed onto the device while keeping them isolated from each other, and from your 24-word recovery phrase.<\/p>\n\n\n\n<p>That means if a malicious code affected an app that\u2019s installed on your wallet, it wouldn\u2019t affect anything else.<\/p>\n\n\n\n<p>However, the firmware (the main software used to run programs on the device) remains completely closed source.<\/p>\n\n\n\n<p><strong>Nonetheless, there are reasons why Ledger\u2019s firmware remains closed source.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Is Ledger Not Open Source?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"708\" src=\"https:\/\/cyberscrilla.com\/staging\/4768\/wp-content\/uploads\/2022\/12\/Why-Is-Ledger-not-open-source-1-1024x708.png\" alt=\"Reddit thread featuring Ledger's co-founder, Nicolas Bacca, talking about why Ledger is not open source.\" class=\"wp-image-7616\" srcset=\"https:\/\/cyberscrilla.com\/staging\/4768\/wp-content\/uploads\/2022\/12\/Why-Is-Ledger-not-open-source-1-1024x708.png 1024w, https:\/\/cyberscrilla.com\/staging\/4768\/wp-content\/uploads\/2022\/12\/Why-Is-Ledger-not-open-source-1-300x208.png 300w, https:\/\/cyberscrilla.com\/staging\/4768\/wp-content\/uploads\/2022\/12\/Why-Is-Ledger-not-open-source-1-768x531.png 768w, https:\/\/cyberscrilla.com\/staging\/4768\/wp-content\/uploads\/2022\/12\/Why-Is-Ledger-not-open-source-1.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Reddit thread featuring Ledger&#8217;s co-founder, Nicolas Bacca<\/figcaption><\/figure>\n\n\n\n<p>Ledger is closed source so that the brand can guarantee parts on the supply chain remain secure and are resilient against physical attacks. The hardware is designed specifically to avoid such risks, and only code approved by Ledger can be loaded onto the device.<\/p>\n\n\n\n<p>Ledger\u2019s co-founder stated that the only benefit of a fully open source wallet would be to grant users the ability to build it themselves. <\/p>\n\n\n\n<p>Hence, there is little reason for the company to put their products or users at risk by creating a complete open source solution.<\/p>\n\n\n\n<p>Of course, there\u2019s a bit more as to why Ledger wallets aren\u2019t open source. After reading through a Reddit thread where Nicolas provided input, I uncovered a much deeper conversation.<\/p>\n\n\n\n<p>In response to a Reddit user who said, <strong>\u201cIf it was open source, then the codebase could be compiled by the user and uploaded to the device as a new firmware upgrade,\u201d<\/strong> meaning that a user could re-create their own version of the firmware and even check for bugs.<\/p>\n\n\n\n<p>Bacca stated, <strong>\u201cHaving a fully open source code wouldn&#8217;t help with that since you don&#8217;t really have a way to check what&#8217;s running inside the device,\u201d<\/strong> he went on to say, <strong>\u201cThis won&#8217;t help you verifying what&#8217;s running on the device after uploading it, since this relies on another piece of code that you haven&#8217;t checked, according to all the instructions I&#8217;ve seen so far\u201d.<\/strong><\/p>\n\n\n\n<p>After the user asked which piece of the software remains unchecked, Bacca replied, <strong>\u201cThe bootloader loading the firmware is unchecked. Unfortunately too many people buy into the open source mantra without understanding what they&#8217;re doing.\u201d<\/strong><\/p>\n\n\n\n<p>Basically, even if the firmware were open source it would practically be pointless because there are no instructions to check the bootloader (the program responsible for booting the device), and the average person is unlikely to figure it out.<\/p>\n\n\n\n<p>The Reddit user went on to say that other hardware wallets, such as Trezor, are completely open source, and if Ledger doesn&#8217;t have anything to hide then why aren\u2019t they?<\/p>\n\n\n\n<p>And from what I gathered, Bacca believes that an open source solution, like Trezor, is not suitable to hold private keys and other secrets as it comes with various levels of risk.<\/p>\n\n\n\n<p>However, he does believe that the smartcard chips used in Ledger wallets (and also found in bank cards and passports), is the best way to handle such secrets and deal with supply chain attacks. <\/p>\n\n\n\n<p>Hence, certain parts of the code must remain closed.<\/p>\n\n\n\n<p>Touch\u00e9, Nicolas.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Will Ledger Ever Be Open Source?<\/h2>\n\n\n\n<p>Ledger\u2019s firmware will likely never be open source. However, their apps and client will remain open source to encourage developers to continue creating different applications to bring diversity to Ledger\u2019s hardware wallets.<\/p>\n\n\n\n<p>That said, it\u2019s not so much a question of if Ledger will be open source, as much as it\u2019s a question of why?<\/p>\n\n\n\n<p>The main concern is that since the firmware remains closed source, users and other third-parties can\u2019t verify whether Ledger is safe to use or not. <\/p>\n\n\n\n<p>This also leaves many wondering, can a <a rel=\"noreferrer noopener\" href=\"https:\/\/cyberscrilla.com\/staging\/4768\/can-a-ledger-wallet-be-hacked\/\" target=\"_blank\">Ledger wallet be hacked?<\/a><\/p>\n\n\n\n<p>As one Reddit user put it, <strong>\u201cThe developers may have a back door. One day when the crypto market is worth trillions decide to use that door steal everyone\u2019s coins.\u201d<\/strong><\/p>\n\n\n\n<p>News flash, the crypto industry has already been <a href=\"https:\/\/www.cnbc.com\/2022\/11\/11\/crypto-peaked-in-nov-2021-investors-lost-more-than-2-trillion-since.html\" target=\"_blank\" rel=\"noreferrer noopener\">valued at roughly $3 trillion<\/a> during the bull run, and Ledger didn\u2019t even bat an eye.<\/p>\n\n\n\n<p>Nevertheless, anything is possible, but I don\u2019t see this happening no matter what the industry is valued at. <\/p>\n\n\n\n<p>It wouldn\u2019t be in the company\u2019s best interest to scam everyone out of their money and ruin their brand-name when they already have a completely legal, multi-million dollar business.<\/p>\n\n\n\n<p>To be fair, the same could be said for FTX or any other company for that matter. But, I won\u2019t get into that here.<\/p>\n\n\n\n<p>As long as Ledger remains in control of the firmware, we can assume that our wallets and our assets are in good hands.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Which Hardware Wallets Are Open Source?<\/h2>\n\n\n\n<p>If you\u2019re still concerned about Ledger being a mainly closed-source hardware wallet, there are other wallet providers you could look into.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Trezor<\/h3>\n\n\n\n<p>Trezor is currently Ledger\u2019s main competitor. Alongside Ledger, Trezor is the most trusted hardware wallet in the industry considering it\u2019s completely open source and is capable of storing numerous coins and NFTs, while also being compatible with several popular blockchains like Bitcoin, Ethereum (and all ERC-20 tokens), and Cardano to name a few.<\/p>\n\n\n\n<p>If you\u2019re looking for a good alternative to Ledger, <a href=\"https:\/\/trezor.go2cloud.org\/SH5K\" rel=\"noopener\">Trezor is your <\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/trezor.go2cloud.org\/SH5K\" target=\"_blank\">best<\/a><a href=\"https:\/\/trezor.go2cloud.org\/SH5K\" rel=\"noopener\"> option<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Coldcard<\/h3>\n\n\n\n<p>Coldcard is another popular, open source hardware wallet that\u2019s trusted by the Bitcoin community. By no means is it fancy, but it remains an affordable and secure option to store Bitcoin.<\/p>\n\n\n\n<p>That said, it can&#8217;t do anything else. It\u2019s only good for storing BTC and is not compatible with other cryptocurrencies, NFTs, or blockchain networks. It\u2019s literally only good for Bitcoin users. <\/p>\n\n\n\n<p>So, if your main goal is to securely store your BTC, I recommend looking into <a rel=\"noreferrer noopener\" href=\"https:\/\/coldcard.com\/\" target=\"_blank\">Coldcard<\/a>.<\/p>\n\n\n\n<p>There are a lot of questions surrounding Ledger hardware wallets. <strong>Don&#8217;t skip these other important topics:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/cyberscrilla.com\/staging\/4768\/how-long-do-ledger-wallets-last\/\" data-type=\"URL\" data-id=\"https:\/\/cyberscrilla.com\/staging\/4768\/how-long-do-ledger-wallets-last\/\" target=\"_blank\" rel=\"noreferrer noopener\">How Long Do Ledger Wallets Last?<\/a><\/li>\n\n\n\n<li><a rel=\"noreferrer noopener\" href=\"https:\/\/cyberscrilla.com\/staging\/4768\/where-to-buy-ledger-hardware-wallet\/\" data-type=\"URL\" data-id=\"https:\/\/cyberscrilla.com\/staging\/4768\/where-to-buy-ledger-hardware-wallet\/\" target=\"_blank\">Where to Buy a Ledger Hardware Wallet <strong>(And Where Not to Buy)<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cyberscrilla.com\/staging\/4768\/cash-out-crypto-from-your-ledger-wallet\/\" data-type=\"URL\" data-id=\"https:\/\/cyberscrilla.com\/staging\/4768\/cash-out-crypto-from-your-ledger-wallet\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Cash Out Crypto From Your Ledger Wallet <strong>(Quick Guide)<\/strong><\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Are ledger wallets open source? We look at the implications of Ledger\u2019s firmware and discuss the current security measures in place to protect user data.<\/p>\n","protected":false},"author":1,"featured_media":7633,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","footnotes":""},"categories":[353],"tags":[],"class_list":["post-7605","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web3","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-33"],"_links":{"self":[{"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/posts\/7605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/comments?post=7605"}],"version-history":[{"count":5,"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/posts\/7605\/revisions"}],"predecessor-version":[{"id":7632,"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/posts\/7605\/revisions\/7632"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/media\/7633"}],"wp:attachment":[{"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/media?parent=7605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/categories?post=7605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberscrilla.com\/staging\/4768\/wp-json\/wp\/v2\/tags?post=7605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}