Ledger Live's Covert Data Tracking Raises Alarm

Subtle Surveillance in Wallet Software

An investigation by Rekt Builder has unearthed unsettling details about Ledger Live's data collection practices. The official software for Ledger hardware wallets, Ledger Live, is under scrutiny for its extensive tracking of user activities. According to the developer, every action of the users, from the apps they install to their cryptocurrency holdings, is being monitored.

Inescapable Tracking Mechanism

Rekt Builder revealed that Ledger Live's genuine check is embedded in the app's listing process. This mechanism activates when a user connects their Ledger device and launches the software. It verifies the authenticity of the device, recording its serial number, firmware version, and installed apps. This data is then sent back to Ledger's servers.

Crypto Balances Under Watch

More troubling is the finding that Ledger Live tracks the cryptocurrency balances on the devices. This information, too, is transmitted to Ledger's servers, granting Ledger access to comprehensive records of their clients' crypto assets.

Flawed Privacy Settings

Efforts to disable Ledger Live's remote tracking feature proved futile. Any attempt to turn off this feature resulted in the malfunctioning of the software. This suggests a deliberate design choice by Ledger to ensure user activity tracking.

Privacy Concerns Mount

The implications of Rekt Builder’s findings are significant. If Ledger is indeed monitoring each user's move, the risk of user identification and transaction tracking becomes a real concern. A breach in Ledger's centralized servers could expose critical data, endangering individuals with significant cryptocurrency holdings.

Ledger's History of Privacy Issues

Ledger has yet to respond to these latest allegations. However, this is not the first instance of privacy concerns surrounding Ledger. In 2022, the company faced criticism for tracking users' online activities and transactions. They later issued an apology and pledged to enhance their privacy measures.

In July 2023, a security researcher identified a vulnerability in Ledger's Node Package Manager (NPM) account. This security gap could allow an attacker to access user data, including email addresses and purchase history. It is estimated that over 270,000 accounts were affected by this flaw.

Despite its promises, Ledger continues to be embroiled in privacy and security controversies, undermining user trust in its commitment to safeguarding their data.