The team behind a new affordable multisig bitcoin wallet say their product has security features that make it almost immune to hacking attacks.
The Ledger Wallet Nano is the result of a merger between three French startups: La Maison du Bitcoin, a bitcoin centre in Paris; BTChip, a hardware wallet manufacturer; and Chronocoin, an exchange platform.
Priced at €34.90 (or 0.1213 BTC), the USB device contains a banking-grade EAL5+ smartcard, the same as found in credit cards. Additionally, as a hierarchical deterministic wallet (BIP32), the Ledger can hold an infinite number of bitcoin addresses.
Connecting to each user's computer through their USB port, the device carries out cryptographic work, such as signing bitcoin transactions, inside its own protected environment. Once safely initialised, it can even be used without risk on an insecure or compromised computer, its makers claim.
Lessons from past hacks
Notable hacks in the bitcoin space over the last year have highlighted the need for improved wallet security.
While two-factor authorisation, multisig and the other technological improvements being ushered in by online and mobile wallet providers do offer some peace of mind, the general advice is to keep any significant amount of bitcoin in 'cold storage', such as paper wallets or drives not connected to the Internet.
Dedicated hardware wallets are increasingly being pitched as solutions that offer equivalent or greater security with added convenience. Hence, the recent arrival of new devices such as the Trezor wallet, and the ongoing development of other solutions, such as CryptoLabs' Case.
In turn, the Ledger Nano is an evolution from BTChip's original multisig HW-1 hardware wallet.
Eric Larchevêque, co-founder and CEO of Ledger, told CoinDesk that, despite all its challenges, bitcoin brings many opportunities for startups. "We had, from the beginning, identified consumers' bitcoins protection as critical," he said.
Producing affordable, more secure bitcoin storage was an obvious area for the firm to enter, Larchevêque added, explaining:
"Hardware wallets are essential to the development of bitcoin. We strongly believe in decentralized, open and affordable products. This is one of the main reasons to have chosen smartcards. On top of the added security layers given by decades of research and development, production costs are extremely low."
How it works
To use the Ledger Nano, all the user needs is the device itself, the supplied 'second factor card', a computer (with Windows, Mac or Linux OS) with a USB port and a recent version of Google Chrome.
The wallet interfaces with the user's computer through a dedicated Chrome app, which must be pre-installed. No additional software installation or account creation is needed, the team says.
After initialization of the Ledger, the user is provided with a deposit public address to which they will be able to send their bitcoins for storage.
To allow the wallet to be restored in the event of loss or theft of the device, a mnemonic seed for a master key is randomly generated when the device is initialised, which must be written on a paper backup and stored safely.
Importantly, the wallet does not need to be restored onto another Ledger wallet, any BIP39 compliant software solution will work.
To be able to access their bitcoin, Ledger users will need three things: the Ledger Wallet, a PIN and a second factor card. If one of these elements is missing they will not be able to sign a transaction.
This behaviour, the firm says, is guaranteed by the use of the smartcard, which offers a banking-grade "walled garden" that conceals any critical information and would "take weeks" to crack, even if a hacker had possession of the device.
The company's website states:
"There is no known attack vector which could result in the exposure of your private keys or bitcoins. Even if your computer was totally compromised and was able to replace the sending address of a transaction on its own, the second-factor verification would prevent it from doing so."
Even if malware on the computer could steal the PIN, the company says, it would still not possible to execute a transaction, since a second-factor verification is mandatory.
The 'second factor' is a unique security card (pictured above) that is paired with the device upon assembly in the factory, Larchevêque explained. It is used to verify the payment address (so users know malware didn't change it), or, in the near future, to pair a mobile app with the wallet, which will then act itself as the second factor. The mobile app option should become available in January, he added.
"Malware cannot even reset the wallet by sending three wrong PINs, because before trying a new PIN it is necessary to unplug and replug physically the wallet to the USB port," the firm's website says.
A future version of the Ledger will sport even more features, according to Larchevêque:
"We are in the process of assembling and testing 100 prototypes implementing various stages of our developments (NFC, BLE, screens etc). We think we'll be production ready in the next six months, soon launching a hardware wallet compatible with desktops, mobiles and POS for NFC one-tap payments."
Importantly, that upcoming screen will address the one weakness that the team concedes with the device: if the Ledger is initialised on a compromised PC, the seed can be stolen. Hence, it says, it is absolutely essential to first use the Nano on a secure computer.
Bright future ahead
BTChip started working on the HW-1 in 2012 and launched the product back in September, before joining with its new partners on the Ledger project.
Larchevêque indicated that all Ledger's research and development has been self-financed so far. "Now that we have a product ready," he said, "we are focusing on growth and are in the process of raising a seed round to finance our expansion."
In the conversation with CoinDesk, the company's CEO was extremely positive about the future for the Ledger product and hardware wallets in general.
"Average users won't accept complex or insecure products. Horror stories about people losing all their funds due to malware attacks will be used as cautionary tales. Thus only one-stop-shop centralised services or seamless secure hardware-based wallets will gain massive traction. Insecure solutions will just disappear."
CoinDesk has now reviewed the Ledger Wallet Nano.