Unchained - Ledger on How Consumers and Institutions Should Be Safeguarding Their Private Keys - Ep.101
Episode Date: January 8, 2019Eric Larcheveque, cofounder and CEO of Ledger, and Demetrios Skalkotos, global head of Ledger Vault, describe the company's three main offerings: its hardware wallets, the new software-as-a-service pr...oduct for institutions, and an Internet of Things offering for transactions involving physical assets. They also describe how the company scaled for a massive increase in demand in 2017, who their customers are and how the company has responded to vulnerabilities found in its products. Plus, they explain why they don't put tamper-proof packaging on their hardware wallets. Thank you to our sponsors! TokenSoft: https://www.tokensoft.io Microsoft: https://twitter.com/MSFTBlockchain CipherTrace: http://ciphertrace.com/unchained Episode links: Ledger: https://www.ledger.com Eric Larcheveque: https://twitter.com/EricLarch Demetrios Skalkotos: https://twitter.com/DemoSkalkotos Introduction of Ledger Vault: https://medium.com/ledger-on-security-and-blockchain/ledger-vault-nyc-office-brings-crypto-security-to-institutional-investors-ec9ee3445850 Three part-series on hardware wallets: https://medium.com/ledger-on-security-and-blockchain/ledger-101-part-1-do-you-really-need-a-hardware-wallet-7f5abbadd945 Ledger's description of BOLOS: https://medium.com/ledger-on-security-and-blockchain/a-closer-look-into-ledger-security-our-custom-operating-system-bolos-ab608bcb0839 Blog post from Saleem Rashid: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/ Demonstration of attacks on hardware wallets at 35c3: https://wallet.fail Ledger's response: https://medium.com/ledger-on-security-and-blockchain/chaos-communication-congress-in-response-to-wallet-fails-presentation-17bcd166a052 Ledger Donjon: https://medium.com/ledger-on-security-and-blockchain/ledger-donjon-3e04e0ce49a9 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi, everyone. Welcome to Unchained, your no-hype resource for all things crypto. I'm your host, Laura Shin. If you've been enjoying Unchained, pop on iTunes to give us a top rating or review. That helps other listeners find the show. Do you have an idea for a blockchain app but are worried about the time and cost it will take to develop? The folks at Azure have you covered. The new Azure blockchain dev kit is a free download that gives you the tools needed to get your first app running in less.
than 30 minutes. Learn more at AKA.m.m.m.m. Unchained or by following them on Twitter at MSFT blockchain.
Within months, cryptocurrency anti-money laundering regulations go global. Are you ready? Avoid stiff penalties
or blacklisting by deploying effective anti-money laundering tools for exchanges and crypto businesses,
the same tools used by regulators. Cyphertrace is securing the crypto economy.
Considering using digital securities as a way to grow in 2019,
Tokensoft's trusted platform provides the security and compliance tools to leverage blockchain technology
and enter new markets with confidence.
Visit us at tokensoft.io or on Twitter at Tokensoft Inc.
My guests today are Eric Larchebec, co-founder and CEO of Ledger, and Demetrios, global head of Ledger Vault.
Welcome, Eric and Dimitios.
Hi.
Hi, thank you.
Eric, tell me how you got in a Bitcoin and came to start Ledger.
Yeah, of course.
So I have been an entrepreneur most of my life.
And in 2013, I sold my last startup, which was a price comparison in June.
And I was looking for the next thing to do.
I just had my third child.
So at the time, I had a lot of, let's say, free time to browse the Internet.
and I was reading everything I called about startup, new technology,
and I stumbled upon Bitcoin.
And I really wanted to understand what was this magic internet money.
And so I spent basically two weeks reading everything I called about Bitcoin,
the blockchain technology, the mining,
and I was struck by lightning for me what the technology of the blockchain
in Bitcoin was really extremely.
interesting. It was a true revolution and I was sure that I had to do something in the field.
So beginning of 2014, I opened a Bitcoin center in Paris because initially I didn't know
what to do exactly, you know, should I do mining, should I do an exchange, should I do this
or that. So I say, okay, let's have a very broad horizontal approach. And so the first idea
was to open a physical center named La Maison de Bitcoin, the house of Bitcoin, in the center of
Paris, where I spend my time explaining about Bitcoin, about mining, about blockchain. And so I have
talked about Bitcoin to hundreds of people. How did you come to launch Ledger? Also, you've mentioned
to me before that for a long time, people told you that users didn't want hardware devices.
So how did you grow the company? So thanks to La Maison de Bitcoin, so to our Bitcoin Center,
we had the opportunity to meet a lot of developers and other startups.
And there was one guy, one company coming from the smart card industry
who developed a first prototype of the hardware wallet.
So using the smart card technology, the chip and bin technology to secure private keys.
And another company was sending Bitcoin through postal services,
and they needed a media to send the private keys.
So basically what happened is that we started to work.
work together to build the first real usable hardware wallet. It was end of 2014, and this is how
we went to create a ledger. And at the beginning, for the first two years, where we had our
first version of the ledger nano, which didn't have a screen, and it was really bare bones.
it was quite a tough sell because as you said,
no one really wanted to have a hardware device
because it's the cloud,
you are supposed to be completely free of everything
and have everything in the cloud.
And when you think about Bitcoin and private keys,
you really need to have security or local security.
And so it means you need to have a hardware wallet.
And at the beginning, it was not something
that users were ready to accept
and everybody told us that basically ledger couldn't scale.
It wouldn't be anything about adoption, about massive adoption,
because of the fact that you need a hardware wallet.
But when we introduced a ledger nanOS, which had a better usability,
multiple currencies, and also when we had the big boom of Bitcoin and other cryptocurrencies,
where basically there was a lot of realization that the six,
security of private keys was paramount. And there was a lot of word and word of mouse for
ledger. And if in 2017, basically we were hoping to sell maybe 30,000 units of the nano-s, and
we ended selling one million units. So it has been a massive success, quite impressive.
We were the first surprise because we had to scale the company like crazy. And now I think
for most of the users
of the people really know about
blockchain and
cryptocurrencies, having a hardware wallet
is something completely normal.
So I think that now
having a piece of hardware is something
that is accepted
and is not regarded
completely alien as it was
maybe a few years ago.
So in the last three years, there have been a lot
of evolution regarding the security
and how people are perceiving
the use of cryptocurrency.
And Demetrius, what was your background prior to start to joining Ledger?
My background has been primarily within the financial services exchange space.
I spent considerable time at both U.S. exchanges working and running software businesses
and managing P&Ls for them over the past years.
And so how did you come to join Ledger?
I was doing some consulting in the space around Bitcoin, similar to Eric.
I was exiting from one of the exchanges and spent a little bit of time doing some research myself
and had some key influencers suggested I really look at this space pretty strongly.
And I did and felt that my skill sets from the financial services arena and exchange space
and running software, SaaS businesses and managing P&Ls that I could provide my skill sets
in leading and growing a business and just happened to come across the opportunity at Ledger,
and it came to fruition, which is fantastic.
Let's do an overview of Ledger's products and services.
Let's start with the consumer products.
Can you describe those for me?
Yes, of course.
So the basic technology, the core technology of Ledger is an operating system for secure chips.
So it's very horizontal.
And with that, you can do a lot of things.
But the first application, the first product that we put on the market was hardware wallets.
So the idea is to keep the private keys in isolation, to make sure that they can never be exposed to the internet.
So that's the basic idea of a hardware wallet.
And if the private keys stay secure, stay, let's say, offline or cold, then you are sure that they cannot get hacked.
and hardware wallets are basically used by end users, consumers,
and that's the first, let's say, approach,
first product approach of ledger.
As we were just saying, it has been a massive success in 2017,
but what we have seen also is that a lot of professionals
have been using the hardware wallets.
We have some customers who have bought hundreds of the nano-s,
and they are using it to keep the funds of their customers on each different devices
and they have like real physical vaults where they keep the nano-s.
So not only we have seen that these hardware wallets are really,
have been a success on the consumer electronic markets,
but also on the enterprise.
But the hardware wallet is really for individuals.
I mean, it's like one device, one person.
And by discussing with our customers, we have seen a real need from the institutions, from enterprises, basically, to keep crypto safe, crypto funds secure.
But they were lacking something very specific, which is governance.
And this is what put us on the path to build an enterprise solutions,
to really bring what we call governance or rules or multi-signature into action
to build what we call today the ledger vault,
which is really a product dedicated for enterprises and professionals
who want to keep funds secure within the use of rules,
having teams, managing different accounts, etc.
And so that has been the second, let's say, part, the second offering of ledger.
The first one is hardware wallets for individuals.
We have the nano-s and we also have the nano-X that we have announced recently.
And the vault, really, for enterprises and professionals.
And we are also providing solutions for what we call IoT, Internet of Things,
where our technology can secure communications, usage, or even transactions,
because we see more and more applications of the blockchain technology
in real-life environment through the need of tokenization,
where basically you need to attach physical assets to a token.
And just to give a concrete example, you have energy
where you need to attach certificates of origin of,
renewable energy to tokens, so you can trade the tokens.
And our technology can really ensure that the issuance of tokens are really backed by the energy,
which is put into the grid.
So basically today, we have these three offerings, consumer electronics with hardware wallet,
enterprises with the ledger vault and all the offering for back office.
and finally, everything related to IoT and connected objects.
Super interesting.
For the first bucket, when you were talking about how you had built this device that was
mainly for consumers, but that different firms were using them to hold the funds of their
customers.
What are some examples?
Would that be like a crypto fund that is using leisure to hold its investments?
Yeah, absolutely.
there are a few crypto funds that have the needs to keep the funds of their customers secure
and basically they use segregation of the funds by having as many hardware wallets as they have accounts or customers.
So from a physical point of view, it's really a vault which is full of nano-s.
So it's a first good step to bring a solution to the problem.
security and custodianship. But obviously it's not enough because you want to have a real
process of how you handle the funds. And here you still have the risk that someone is going to
open the vault, take the physical device, take the pin code, and run with it. So that's why we
needed to have, let's say, a more complex solution involving all governance. Yeah, I've had one of
the crypto funds on my show talking about how they do use. I actually don't know which hardware
device it is, but how they do use that to hold their customer funds. It's Ari Paul, by the way,
a block tower. And he was saying that they then wrap it in, shoot, it's something like tamper
evident plastic. And then they will put glitter nail polish on it and take a photo of it
because it's very difficult to replicate the pattern.
So anyway, it was pretty an elaborate setup, I guess, in order to protect their funds.
But, you know, as you were describing for your institutional offering now, that is one where
instead of needing this kind of like physical protection, it's governed by rules.
So what do you mean by that?
Like, how does that work exactly?
So we created, we sought to create, you know, a multi-
authorization governance solution to eliminate the single points of failure and make sure that
we're still securing the endpoints. So we came out with four governance levels for the
Enterprise Vault solution. You have the shared owners, which are three people that create
one third of the master seed. And then our software, once each individuals create their own
one third of the seed, we combine that into the master, the master.
seed. We also have three other individuals that create a third of the wrapping key custodian,
which is really encrypting the environment within the ledger vault infrastructure. So further securing
that no one has access to the private keys that are sitting within our on the vault.
Then we have administrators and operators. The administrators are the folks within the form that
set up each individual wallet. So the vault can have multiple wallets and each wallet can have
its own governance protocols. So you could have what we'd like to say the vault is very temperature
agnostic. So if you want to design a particular wallet that needs to be extremely, that replicates
something that's very cold, you can have eight of eight M of N approvers. You could also have a time
limiter on there for further folks to evaluate that particular order and approve, or you can
have the vault have two or three M of N approvers to have something that's much more warm and a hot
wallet. And then the operators are the fourth component of governance, which are the ones that are
submitting the orders to place within the infrastructure. So you've got that four layers of governance
protocols within the ledger vault infrastructure. So you're a security. So you're a
securing the endpoints and you're providing multiple approvers in order for transaction to be completed.
Wow. Okay. And do you approve the setup that each company does because what if they do it in such a way?
I think you may recall with the BitFinex hack that Bicko was involved in some way, but Bicko later said that it was the way Bipfinex had implemented their setup, I think.
that was the issue?
So what we're doing is we're, Ledger Vault is doing something a little bit different.
We're providing the technology infrastructure for firms to completely manage and control
100% of their cryptocurrencies.
The firms that we are providing this infrastructure for are the ones that are setting up
their governance principles and policies and procedures for each wallet and each security.
So they manage 100% of their private keys.
has nothing to do with that particular process or approval process at all. We're not a custodian.
We're providing the technology infrastructure for them to self-manage their assets or provide
a custodial services to their customers in the marketplace.
Okay. So essentially, if there is some sort of breach or something, it's entirely on them,
because then it indicates that there was some, I guess, lapse in the way that they set up their
procedure. Is that it? In essence, yes. We're providing them the infrastructure to manage their
entire assets. We have no view into managing their private keys. What we provide is really with
the security of the private keys. We make sure that the governance cannot be broken. But it is true
that if they set rules that they do not follow or if they give away the hardware wallet to
access the funds to anyone or if they do like obvious procedural mistakes, it sure that it defeats
the purpose. However, when we talk to our customers, we can give them and we discuss about best
practice. And when they set up the vault, it's quite a complex solution. They of course make sure
to have a governance that cannot be easily breached. So I also want to ask you about another one,
your offerings, which is the ledger operating system, the BOLOS, the blockchain open ledger operating
system. What is that? And why did you make it possible to use that with any hardware, not just
ledger? So BOLOS is an operating system which has been designed to run on secure hardware.
So if you have Android for smartphone or iOS, so bolos is basically the same thing, but
for embedded secure devices.
And operating systems usually are designed
to run on different kinds of hardware.
So we have the hardware wallet that we built,
obviously like the nano-s, the blue, the nano-X.
But we also provide solutions for a secure enclave in smartphones.
So basically in some smartphones such as Samsung phones,
for instance, you have what we call.
secure enclave, which is secure hardware inside the phone.
So we can basically run a hardware wallet or anything else on top of our operating system,
which is not Android.
So even if Android is breached, then the hardware wallet stays safe and the private keys cannot be exposed.
We do the same on hardware security modules, which basically are ultra-secure computers,
that run inside of the computer,
so it's a little bit like computer inception,
and we build a little vault on top of that.
We also have a version of our voting system for Intel SJX.
So we really want to make sure that any platform,
any secure platform can run a secure hardware wallet or secure applications.
And why we design our operating system to be open,
is because our vision is really to provide the ecosystem
with a global open platform
that can basically be used to have hardware wallet everywhere.
We were talking about the importance of having a hardware device.
It may be a solution acceptable for the first maybe 100 millions of people
or tens of millions of people interested in two cryptocurrencies.
But if we want to go to real mass adoption to billions of people,
then of course it's not really possible to have specific hardware
that we have to give to anyone.
So we have to make sure that smartphones can run hardware wallet securely.
We have to make sure that PCs can run hardware wallet securely.
And our objective is really to have bolos deployed
in all these kind of platforms
and that we can have in three years, in five years,
it's hard to see exactly when
that you have the possibility to have secure hardware wallet
on any kind of consumer electronic computer device.
So that's really the vision.
So there's like a whole new wave of smartphones
that have secure enclaves inside to store crypto.
Do you think that those are a threat to,
business model? No, not at all. They are more like an extension. So we have launched the first
hardware wallet running on Samsung phones on secure enclave in 2016, so almost three years ago.
And so we have the technology for a while. And we believe that in the future, when the
secure enclave will be ready, because right now there is a lot of fragmentation. It is quite
complex to use it consistently on different kind of platform or smartphones.
But when it will be ready, and I think it can be in three years, then we will have the
opportunity to deploy our hardware wallet technology, to deploy our technology directly on
the fronts.
So in three years, I believe that we will continue, of course, to sell hardware wallets because
it will still be needed.
but we will have a new market where we can address billions of smartphones and deploy our technology
through some kind of licensing deals. So it's more like big opportunities that Lager have in the future.
And I also want to zoom back out. We've been talking about storing your crypto on a hardware device,
but obviously there are so many other ways that somebody could store their crypto. They could
have it on, you know, a company like Coinbase or, or, you know, right on an exchange where they
might be trading or obviously there's at the other end of the spectrum, you could even create a paper
wallet. So can you just describe for me sort of all the different ways and then amongst all those,
like why it is that somebody should choose either ledger or any hardware wallet as their preferred
method. Like, you know, who, who is that the right choice for?
Well, there is a saying in Bitcoin, which is in crypto, like not your keys, not your
bitcoins. So the first question that you have to ask yourself is, do you wish to own your
crypto? Or do you want to give it to a third party and really do not care about it? So it's
It's a little bit the same approach that when you want to buy gold, physical gold,
are you really to buy physical gold and keep it yourself in your safe at home or in a bank,
or are you going to buy paper gold?
Are you interested into really owning the product, the asset, or do you want just to speculate?
So that's the first philosophical approach.
And I think that a lot of the crypto-enthusiasts are interested into crypto.
because they can really own it.
And so if you are in crypto because you really want to own these alternative assets,
then it's not to have them on an exchange.
I mean, you can do some speculation, to buy, to sell on exchange,
but for long-term storage, it's not recommended because you are putting all the security
of the ownership in the hands of the third party.
and basically it's limited to the capacity that you have to protect your password of your email
and also if you have a second factor of authentication to make sure that your phone is not hacked.
We have seen countless of horror stories.
And also the exchange can also decide to phrase your account to not allow you to take your bitcoins or cryptos with you.
beginning of January, there have been the proof of keys movements where basically everyone was
invited to put out their crypto into their own wallet to make sure that the exchanges are not
running on fractional reserves because as well, there are no third-party audits?
So are you sure that when you give your crypto to a third party, that they are really owning it,
They are not lending it to a third party, et cetera.
So, I mean, either you do not care about ownership and then maybe it's fine to give a third party.
But one thing is for sure is that if you decide to own yourself your crypto, then using a hardware wallet, whatever it is, is really the best solution.
Why?
Because obviously, a software wallet on a computer or a smartphone, it's just a question of time before you lose everything.
It's like buying physical gold and keep it on your chimney.
I mean, it works, but it doesn't scale.
And if you can use paper wallet, it's more like for experts.
And also a paper wallet because you can make mistakes.
You have to make sure that when you print the paper wallet,
your computer, your printer is not connected,
that you do not have the information in your cash, et cetera.
And at some point, if you want to use your crypto,
if you want to spend your paper wallet,
you have to scan it.
put it online and then you are back to square one.
And I think that, of course, you can also buy your computer, install Linux, remove all the
connections and really basically build a hardware wallet yourself.
But that works only if you know exactly what you are doing because cyber security is not
an easy task.
So that's why hardware wallets are very convenient and are today recognized as the best
solution for keeping your assets. Yeah, except, I mean, I think that like the other methods,
there is some sort of security procedure that you must undertake on your own and take responsibility
for keeping your wallet, your hardware wallet safe and your seed safe. Because, you know,
I personally can think of a lot of ways where if I'm keeping this at home,
own on my own that I could mess up as well. So I think like there's a lot of education that
needs to happen in order for customers of hardware wallets to make sure that they don't lose
their friends as well. I completely agree. I think education is one of the big challenge for
ledger and other let's say crypto companies because you are completely right. Being your own bank
is not easy.
I mean, if you have a lot
of responsibilities
and you need to make sure
that you have to keep safe
your seed, your recovery phrase,
et cetera.
So it is sure that it's only
if you want to take the time
to understand what you do,
if only if you want to take the time
to understand
what are the right steps
because you can make mistakes.
And it's true as of today
that
mass adoption is maybe not for tomorrow regarding that because it's not effortless.
You have to stop, think a few minutes about what you are doing because if you make a mistake,
no one is going to give you back your crypto. So it's sure that education is really, really
important for the time to come. Yeah. So I'm going to ask you a few quick questions before we
turn to our ad break. But the first one is, how many crypto assets do you support? So we support
about 1,100 crypto assets and tokens. Wow. Okay. And how do you decide, which I mean,
it sounds like it's a very low bar. How do you decide which ones to support? So we decide to
support basically we have third party developers who can build the support. So it's not ledger
with developing everything,
we have an open platform
and so these developers
can support the coins themselves.
So it's true that it's quite open
and easy as long as the developers
do the right job of
putting the support for their coins
and ledger is going to publish it.
It's a little bit like an app store.
So that's the beauty of an open ecosystem
is that you can have a lot of developers
working to add support
for cryptos.
And who are your customers?
And let's do the full range in terms of the everyday consumer.
And then if you can name any of the institutions that have started to use your enterprise
offerings, that would be great.
The customers for the vault are pretty much asset managers, hedge funds, crypto funds,
family offices, and everything in between.
Also, exchanges are possible customers for us as well.
We have a few exchanges using the ledger vault in testing out our enterprise capabilities.
Also, a lot of the folks that are supplying the trading technologies and infrastructures to the exchanges are also logical opportunities for us,
as well as the folks that providing, you know, data center infrastructure and services and cloud-based services into the marketplace could be also other opportunities for the enterprise ledger vault to provide.
a full range of customer support for the fintech community and also folks that are managing assets
and crypto assets.
And obviously the banks and the trust companies that are specifically focused on crypto or the
traditional ones that are contemplating and hearing from their customers that they want them
to support crypto moving forward.
We're providing that infrastructure to them.
In essence, we're the digital plumbing for them.
to provide this capability and this service to their customer base.
And Eric, for the everyday consumers, like, what demographic do they fit?
So it's a good question because by design, we do not want to know who are our customers.
We do not ask them anything about what they do, why, et cetera.
However, we do have some guest inmates regarding the type.
So we have an estimation of one third of our customers who are really traders
because they want to use the device all the time
and they have a lot of different cryptos.
So they are like traders or people who really like to jungle between different cryptos.
And we have more than half that are what we could call hodlers.
I mean, they just buy the device.
They put the crypto on it, and then they are not going to use it for months or maybe for years.
And then the rest is a kind of mixed of the usage.
And our customers are really distributed globally.
We are selling in 165 countries.
And basically, it's one-thirds Americas, one-third Europe, and one-third Asia.
We're going to discuss more about Letcher's security and how it's scaled, but first a quick word from our fabulous sponsors.
Issuing a digital security on the blockchain can be a significant undertaking, particularly to ensure compliance requirements are met.
Tokensoft's trusted platform provides security in a world of uncertainty by working with top legal and financial experts so that your digital assets are secure.
Tokensoft leads the market in providing technological tools to support tax,
banking and securities regulations for issuers of digital assets, we are honored to have supported
leading companies in 2018. To learn more about issuing digital securities successfully, visit
tokensoft.io or follow them on Twitter at Tokensoft Inc. Within months, cryptocurrency anti-money laundering
regulations go global. Are you ready? Avoid stiff penalties or blacklisting by deploying
effective anti-money laundering tools for exchanges and crypto businesses, the same tools used by regulators.
CipherTrace is securing the crypto economy. Face it, regulations can stall or kill a fast-moving
crypto business. New Financial Action Task Force and European Union cryptocurrency AML laws are coming soon.
You could be hit with stiff fines or blacklisted, no matter where your servers are in the world.
Prepare now. Deploy the same,
powerful cipher trace tools used by regulators.
Protect your assets, streamline your compliance programs, and keep your exchange or
crypto business out of the regulators' crosshairs.
Learn how effective anti-money laundering tools help keep your crypto business safe and trusted.
Learn more at ciphertrace.com slash unchained.
Ciphertrace is securing the crypto economy.
Getting your blockchain app off the whiteboard and into production can be a big undertaking.
From connecting user interfaces to integrating disparate systems and data, blockchain app development can be time intensive and costly.
Well, the folks at Azure have you covered. With a few simple clicks, the Azure Blockchain Workbench can create a blockchain network for you,
pre-integrated with the cloud services needed to build your app. And with their new development kit, users can extend their app to ingest messages from bots, edge devices, databases, and more.
It's free to download and gives you the tool.
you need to get your first app running in less than 30 minutes.
To learn more about the DevKit and how to get started, visit AKA.m.m.S.
Unchained or follow them on Twitter at MSFT blockchain.
Back to my conversation with Ledger.
So how many units have you sold overall?
So since the beginning of Ledger in 2014, we have sold about 1.5
million units.
And you mentioned how 2017 was a crazy year that you projected you would sell 30,000 and sold
a million instead.
Describe what happened at Ledger during that time and how you managed to scale so quickly.
Well, in one word, chaos.
When we, I mean, we always knew and we always believed that one day crypto we are going to scale.
that it will be like nice times.
But the speed at which crypto has been growing,
and the speed at which the demand for our devices has been growing
has been completely crazy.
And we were doing all the assembly of our devices in France,
and we had to scale production in China in a matter of weeks.
So it has been a lot of work for the operation and production guys.
And also we had to build from like a real customer support solution.
We were like one and a half to do the customer support.
Now we are more than 10.
We had to build a legal department because we had to export in all the countries.
It happened a lot of questions, a lot of work.
And so basically what we had to do is to hire a lot of people.
We were 20 before the craze of the crypto began,
and now we are about 200 in five locations globally.
So the company has really had to grow.
We also have raised a lot of capital.
We closed a series B around last year in January, 2018,
of 61 million euros, $75 million.
So it helped us have all the visibility.
to really scale the company
because not only we had to scale on the consumer electronics
and scale the infrastructure and the production and everything,
but also we had to build new SaaS product with the vault
and also to answer all the demand and the growth that we are having on the IoT.
So it has been a very, and it still is a very busy day, every day at later.
Yeah, and I was curious because the markets are down this year,
so, or now we're in 2019, but obviously there was the downturn that started in 2018.
How have sales changed from 2017 to 2018?
So for sure, there was an impact.
We have roughly, if last year we have sold one million device.
This year we have sold half a million device.
And we have sold a lot of these devices in the first quarter of 2018.
because when the price is going down, the interest in crypto is going down, and also the media coverage is going down.
And so generally speaking, the traffic is going down and so we sell less.
So there is a lot of impact of the Bitcoin price and crypto price to our, let's say, to our sales.
But what is funny is also when we have a major crash like we had in basically in November,
there was a lot of mention in the media of Bitcoin.
You know, Bitcoin is dead and et cetera, et cetera.
And we had more traffic and it generated also more sales.
A good indicator of the health of the market is the Black Friday.
And the Black Friday of 2018 was a very good.
compared to 17.
So it showed that despite the fact that we have seen a lot of, let's say, the price has been plunging
and there was a lot of bad titles in the press regarding cryptocurrencies, the general interest
and the dynamism of the market has been still good.
So let's now talk about security.
Last spring, Salim Rashid, a hacker from the UK, who said he said,
he was 15, which is pretty amazing. He published a blog post showing how he was able to hack
ledgers in a few different ways. And from what I understand, the crux of the issue seems to be that
you have the secure element, but then I think that doesn't really communicate outside. So then you
have this other thing called the microcontroller, which is what enables the user to communicate with
a secure element and get information from it. And from what I understand, it looks like maybe that is the
part of the ledger that can be subject to attack, whether through the supply chain, meaning that
the device can be compromised before the customer even receives it, or through a so-called
evil-made attack in which someone could temporarily gain access to the device, such as a maid in
a hotel room and compromise it in that time period or through malware that's put on the victim's
computer. Do you plan on changing the architecture of your devices to address this issue? Why or why not?
So you are correct.
We had Salim.
It's really 15 years old and he discovered a vulnerability in the nano-s,
which indeed allowed to change the non-sexual microcontroller firmware
and to do some kind of man in the middle attack of the device
and open the way for a supply chain attack.
So thanks to the discovering of Salim.
we have patched the threat and corrected the issue.
But security is always a game of cat and mouse.
And that's why we have a bounty program with responsibility disclosure solutions.
And we have all the time, let's say, security researchers who are publishing and sharing with us
findings, and so we are always trying to have enhancement of the security.
What we have done regarding the architecture is to go to the next level, and this is what
we have done with the nano-X that we have recently announced. The nano-X has its secure chip,
which is a much more powerful secure chip, and with more, let's say, capacity to connect to the
to screen and buttons.
And so in this new architecture,
the secure element is driving directly the buttons and the display.
And so all this kind of attack is now impossible
because we have changed the architecture.
So to answer your question, yes,
we have enhanced and evolved our architecture.
And now we have a solution,
which is, let's say, at a higher level of security,
and this kind of attack threat on the nano-X won't be possible.
But you still sell the nano-S?
Yeah, but the nano-s has been patched.
All the threats that has been divulgied to us by Salim has been corrected.
And as of today, there is no known...
attack that can change the unsecure microcontroller.
But of course, in the future, security researcher
could always discover something
because nothing is unacable.
But as of today,
we do not know any, let's say, threats on the nano-s.
And our own security team,
we have 10 people at Ledger
who every day are attacking our solutions.
are making sure that such threats are not existing.
So we stand behind the nano-s.
And there is, as of today, there is no known attack vector to do supply chain attacks,
etc.
Because we have patched it through thanks to new firmware updates.
But anyway, when we have decided to work on a new device,
we have upped the security architecture to have something.
that provide with, let's say, a better architecture, a better security architecture.
So even though the nano-s is still a dual-chip architecture, we stand behind it,
and we are going to continue to sell the nano-s and continue to support the nano-is.
And there was also a different conference recently, the 35C3 conference,
where some researchers presented the different ways they had hacked some ledgers and treasers.
And again, they were sort of like supply chain, but another one was even taking control remotely of the ledger to perform a transaction.
Do you find those issues that they raised to be credible threats for consumers who own the nanoS?
So they are more like Tom Cruise's impossible mission threats, so they are quite fun and interesting.
But what they are doing basically is opening the nano-s, installing some kind of remote device on it,
and then observing you with a camera or something when you want to, let's say, approve the transactions,
since they have put a malware on your computer, they are going to send a wrong transaction,
and then they are going to manually press a button on their side,
which is going to press a button on the NOS and activate the transaction.
So we believe that it's not really a credible solution
because most probably it's much easier to put a camera,
to see you put the pin code and then steal the device.
I mean, I think it's easier to do that.
And the other attacks that is shown on the ledger blue is basically to record all the electromagnetic signals that you have when you press your pin code on the device.
And then to be able to extract the pin code from this emanation of electromagnetic signal.
And again, even though it's quite fun and we like this kind of attack, which are called side channel attacks,
it's not really practical because if you move the device, let's say, by one inch or a quarter of an inch, then it will change everything.
So it's not something that you can really exploit in the wild.
But still, we appreciate to have this kind of attacks.
And the more security researchers are going to get some interest into hardware wallet and crypto security in general, the best it will.
will be because we will always have to, let's say, to come with even better solutions.
And as for the NanoX, if you enable Bluetooth connections on that, does that introduce any other
vulnerabilities? No, not at all. So the private keys are never going out of the secure chip.
So they are never on the transmission. It's exactly the same than USB cable. At worst, what can happen is if you
break the Bluetooth encryption because it's a
end-to-end quite strong encryption.
But let's say that if you manage to break the encryption,
then the worst is a privacy.
It means that you can see the transaction that you want to sign,
like the amount and the destination address,
these kind of things.
So from the security of the private key,
it doesn't change at all the model.
and having a Bluetooth doesn't expose the user to more or less security threat.
And then I also wanted to ask about the ledger blue because some of the attacks that these hackers
performed were on the ledger blue, which is the device being used in the ledger vault.
So do any of those attacks have any implication for the security of ledger vault?
From the vaults perspective, it is configured differently than the retail ledger blue device.
It's configured for the enterprise use.
It's only for the authorization and putting your pin code in to authorize a transaction and authorize the user itself.
And also, the user has to have a digital certificate on their laptop that will authenticate that blue device and authenticate that user to communicate to the HSN.
to initiate a transaction.
So there's no keys stored on the ledger blue device in the enterprise model.
It's just for authentication of a transaction.
And again, depending upon the use case and depending upon the users and the wallets,
there's multiple approvers that would need to authenticate that person's initiation of a transaction.
And nevertheless, what we plan to do is an easy fix to that,
even though the threat is not really practical.
An easy fix is just to scramble the PIN code.
So instead of having one, two, three, four, et cetera,
each time that you press a PIN,
then it's going to scramble the position of the numbers,
and then it will render completely inoperative the side channel attack.
And then the other thing I was curious about,
and I think this is an issue for even like an online wallet,
like blockchain or something.
How do you protect against rogue employees installing something in the hardware or in the
operating system that could compromise customers' coins?
So, well, first, you cannot compromise the operating system because it's on a secure chip.
But let's say that you could compromise, as you said before, with the supply chain attack of
Salim, the unsecured chip, or if you want to enter to put inside some kind of remote device,
then if you think that you can get subject to this kind of attack,
then you have to be maybe a little bit more paranoid.
Because first, probably what exactly is going to happen
is that someone is going to observe your PIN code because they work with you.
And at some point, maybe they will steal the device.
And so it's a question of process.
And that's why when you have a lot of fun,
especially if you are in a company,
especially if you are a professional environment
and you have coworkers,
then that's why you should use the ledger vault
because with the ledger vault,
such attack is not possible
because there is a governance
and it's not about compromising one person at what time.
Sorry, but I'm asking about ledger's employees.
Like if I'm just a consumer ordering,
then, yeah, how do I know that
there isn't some ledger employee
who's compromised it in some way.
Yes, yes, of course.
Sorry.
So internally, we have processes.
Basically, if we want to sign a new firmware
and to flash the device with a new firmware version,
it has to be signed using a protocol, using governance.
Basically, we are using ourselves a ledger vault,
not to keep cryptocurrencies,
but to authorize the signature of a new firmware, of a new application.
And so there is a code review, and it has to be signed by a quorum of different key people at Leisure.
So, of course, you could say, but what if everyone at Leisure wants to release, let's say, a firmware with a backdoor,
which is a fair question, then the answer is that we believe there is more value at Leisure,
a global leader in hardware wallet and cryptocurrencies rather than trying to get a few millions
of tens of millions or even hundreds of millions by stealing them by using a firmware backdoor.
So we have these internal processes and after it's a question of reputation and thinking that
we have much more to lose by stealing our customers rather than building a military.
billion dollars company in the future.
And you have a pretty interesting way of shipping out the devices, which is to not put
tamper-proof packaging on the devices, claiming that the hardware itself is tamper-proof.
Do you plan to continue not doing that?
Yes, of course.
Well, and if you have seen the CCC wallet.fail presentation, it started to say, they started
to say that temper-proof stickers are irrelevant.
They are what we call security theater.
And so what we use is a cryptographic attestation of the genuineness of the firmware.
And we believe it's a superior solution compared to using stickers.
So for sure, the nanoX doesn't have any anti-tempering sticker because it's security theater.
And there have been these instances of people being held at gunpoint or kidnapped and forced to send their coins to their assailants.
to their assailants addresses.
I saw in a blog post that you wrote that you said that ledger uses a distributed governance
or multi-singerage process to make that infeasible.
So how does that work?
So that's something that has been put into the vault.
It is called like a delayed opening.
Oh, so that's not for consumers.
That's not for consumers.
However, we plan to introduce such solutions in the future using external or
where you can have accounts that are going to sign only if the external oracle is going to say yes.
But of course, it means that you still have to make sure that your 24 words, the backup, is not accessible.
Because if anyone at gunpoint access your 24 words, then it's game over.
That's why being your own bank has a lot of responsibilities.
Yeah.
And I also wanted to ask about this Ledger dungeon team.
I don't know if I'm saying that right.
Yeah.
Who are they and what do they do?
So the dungeon.
The dungeon team is the security team of Ledger.
There are like 10 professionals who are coming from various security practice doing security
evaluation.
So they have a lot of tools like lasers, like osseioscope, like a lot of bench and tests.
and the mission is to evaluate the security of our products by attacking them relently on the hardware, on the software at any levels,
and also doing the security evaluation of the competition, because we have to make sure that we stay ahead.
So the dungeon is really the guys at Ledger who make sure that everything that we do is secure.
All right. So I actually also want to ask about this new trend that we'll probably see emerging over the next a couple years, which is a shift from proof of work to proof of stake or delegated proof of stake. So how would staking work if I have my coins on a ledger or in the ledger vault?
So if you have the coins on the hardware wallet, you will have the possibility to stake your coin. So we are working.
with a few cryptos such as
Tesos to start
implementing the baking
or the staking
and we want to make sure
to have the same
functionalities as well
into the vault
because for sure
that's a big feature
that is requested by
let's say
custodians or hedge funds
who have a lot of assets
and
a ledger is going to
deliver this year
in the ledger life
the first solutions to do the delegated proof of stake.
We believe it's part of the future of crypto,
and we want to make sure that we will provide
with the best interface to be able to do that.
And the vault provides the companies the opportunity,
because, again, you have instant access to your funds
based upon the governance principles that each firm sets us for the wallet.
So it provides a great entry point for this next development of proof of staking,
with our technology.
And something else that I was curious about was for decentralized exchange, if I have my
coins on a ledger, then the way that that would work is I would need to connect it to my
computer whenever I wanted to do a trade. Is that how users would be?
Yes, that's correct. And you will be able to verify on the ledger device, on the screen,
on the secure screen, what trade you do.
So that's correct.
You can use, basically when you are using a decentralized exchange,
you are taking all the responsibilities of the security.
And that's why hardware wallet compatibility is really critical.
And ledger has put some supports already for some decentralized exchanges,
and we want to continue to do so and also do some deep integrations in the ledger live,
which is the wallet interface used by our devices.
So I want to leave the listeners with some advice from you
because I know that you guys must be experts on security
and protecting your crypto assets.
So what advice would you give to listeners on how to make sure that they don't lose their coins?
Well, I think one of the biggest advice is to take time
and try to understand what you do.
ledger is bringing a lot of documentation, of blog post, about best practice, about what you should do, what you should not do.
And when you buy something new, like any device or anything, you always want to open and start to use it immediately.
You know, you take the documentation, you don't read it, and you just want to go with it.
And in crypto, you have to be very careful.
So my big advice would be take your time, read the documentation,
understand what you are doing. And if you are following the best practice, then there is
very little chance that you will do a mistake. Do not panic. Just take your time, read,
understand, and move forward. So I think that's the biggest advice I could give to anyone.
Well, one other question that I have is, you know, when you record your seed phrase,
I can think of different places where I might hide it, but I can't think of a place where I might hide it and then like not forget that I put it there.
So how do you recommend people figure that part out?
You know what I mean?
Or like where it wouldn't get lost or where it wouldn't be seen by somebody else.
So it's a very interesting question, which has a lot of ramification because maybe the next question is how do you make sure that if you have.
an accident or if you die, it's transmitted to your next off kin.
But I would say that the best, probably the most secure approach is to rent a safe,
a physical safe at your bank and to put it there.
It's because one, you are not going to forget that it's there because you have a physical
safe.
Two, if you are going to have, let's say, an assault, a physical assault at home at a
going point or anything, it will be much more difficult to go into the bank safe. And three,
I mean, if you dies or if you are hit by a bus, logically, the access to your bank safe
will go to your next off kin. And if you give all the documentation inside to explain what to do
with the 24 words, it can also solve how you can transmit your crypto to your loved ones.
Okay. And I suppose you should seal that because otherwise, what if a bank employee goes
in there and is like, oh, hey.
The bank employee cannot access the safe.
You know, usually you need two keys.
So, yeah, you have to take a repeatable bank and make sure that it's not possible to
open the safe without you, which normally should be the case.
Okay.
Okay.
All right.
Well, this has been an incredibly fascinating discussion.
Where can people learn more about you and Ledger?
Well, going to ledger.com and have a look at all our products and offering.
Great. Well, thanks to both of you for coming on Unchained.
Thank you. Thank you.
Thanks so much for joining us today. To learn more about Ledger, check out the show notes inside your podcast player.
New episodes of Unchained come on every Tuesday. If you have until ready, rate review and
subscribe on Apple Podcasts. If you liked this episode, share it with your friends on Facebook,
Twitter, or LinkedIn. And if you're not yet subscribed to my other podcast Unconfirmed,
I highly recommend you check it out and subscribe now. Unchained is produced by me, Laura Shin,
with help for Rayling Gallup Poly, Fractable.
recording Jenny Josephson, Corrin Fife and Daniel Ness. Thanks for listening.