• Decentra Daily
  • Posts
  • #215 - Why are degens worried about a Ledger update?

#215 - Why are degens worried about a Ledger update?

Plus, Senate and Sam Altman discuss AI

GM and welcome to Decentra Daily.

We're the web3 newsletter made for that 5-min scroll between waking up and starting your day.

Today,

  1. Does Ledgers new feature create a security risk?

  2. Sam Altman tells Washington to create an AI agency

  3. The 6-figure Discord mod & HVY-MTL Evo 1 reveal

Plus, all the web3 headlines, memes, and Tweets of the day.

D-Daily takeaway
No significant changes among the top collections.

What's this?
Our floor price index tracks the biggest, most influential pfp projects, art collections, and gaming assets.

Did Ledger create a potential backdoor to its wallets?

This week, Ledger announced a new feature. Its called Recover.

What does it recover?

The recovery phrase to your hardware wallet, aka, its seed phrase.

People locked out of their self-custodial crypto wallets can recover access by entering these cryptographic combinations of random words which should be a secret to everyone but the wallet owner.

How does it work?

Recover backs up your Secret Recovery Phrase and links it to your identity.

Users opting in can submit ID confirmation to Ledger, who will encrypt their recovery phrase, break it into sections, send them to independent custodians, and link it all to the ID.

In the event that a user loses their phrase, they can connect their wallet to Recover, verify ID, and regain access.

So, I dont need to worry so much about losing my seed phrase, and my crypto?

Thats the idea.

Great!

Maybe not.

Oh.

Soon after Ledger announced Recover, Crypto Twitter got worried.

Lots of people think that online duplication of a seed phrase goes against the entire point of having a physical hardware wallet.

No matter how encrypted, many believe that saving a seed phrase opens a potential backdoor for hackers.

Even worse, some degens have suggested that Recover means a backdoor now exists for all Ledger products, even if you dont opt-in:

The new firmware update SHOULD be PHYSICALLY IMPOSSIBLE for the device to do. The secure enclave should not be able to do this. The worry is that there is now a backdoor regardless of update.

Part of Crypto Twitters uneasy reaction is due to the recent news of a series of crypto hacks, which gained entry to self-custody wallets that were supposedly offline or cold.

If the hacked wallets were genuinely cold, it suggests that either (1) a hacker has obtained leaked user data, or (2) there is some, currently unknown way to obtain a wallets private key

Thats bad, right?

Bad if true. No person or company should ever be able to access a wallets seed phrase even wallet providers.

And even those who dont see a back door risk with Recover are finding it hard to understand the case for handing over their keys:

(Ledger previously suffered a customer info data leak in December 2020.)

So what does Ledger say?

First up, Ledger says that Recover is not an auto-update but an optional subscription吃ou dont have to use it and can continue managing your recovery phrase yourself.

They also confirmed that the mechanism used to store recovery phrases does not give Ledger access to your keys.

And, in response to the idea that Recover exposes a potential malware opportunity for hackers, Ledger simply says that there is no backdoor to a [seed phrase] backup.

Ledgers co-founder also repeated via Reddit that seeds are broken into shards and sent to different companies for storage:

(Neither of these responses seems like a direct answer. 仄儭)

After more unrest, Ledger held an AMA Twitter Spaces last night. There, they pitched Recover as a feature for crypto newcomers and casual users:

If you know how to back up your 24 words securely, Ledger Recover isn't for you.

A security risk, or Twitter overreaction?

Any feature that connects a hardware wallet or its seed phrase to online services does introduce risk.

Its up to wallet holders to decide exactly how much risk were talking about here.

For many, the idea that a seedphrase can theoretically leave a device is enough of a red flag to stop using that product.

The big question is: if/how the Recover firmware update affects the wallets of users who dont enable the feature.

The wider point

It seems like Ledger could be moving towards a model where your identity becomes the key to your wallet.

This security model is also favored by Sam Altman (OpenAI CEO, see todays second story), whose own crypto wallet company WorldCoin is based on the idea of a single, universal online ID.

While seed phrases are secure, theyre also annoying, and surprisingly hard to keep safe.

Finding ways to link online security to personal identity could make navigating the metaverse a more seamless experience.

Notable Tweets

On the web3 wire

Axie Infinity is coming to the Apple App Store
The rollout of the crypto game will begin in South America and select parts of Asia for a data gathering phase, before the global launch.

Montenegro court accepts Do Kwons $$$ bail
As a flight risk, Do Kown was required to pay the serious sum of $400,000 Euros to leave jail, pending his trial.

Floor price tumbles as HVY-MTL Evo 1 metadata is revealed 儭
The first iteration of Yuga Labs new NFT collection has been revealed as cute battle robot companions. Traders were ready to sell the news.

The Senate + Sam Altman discuss AI regulation

Even AIs bosses think its too powerful to be left to its own devices.

Yesterday, a Senate sub-committee in Washington started the conversation about how Congress should respond to AIs sudden explosion into mainstream society.

Theyre thinking about how AI might affect things like personal security, employment, and the democratic process.

As an opening remark, Connecticut Senator Blumenthal did the classic get GPT to write my speech bit using a voice clone app to read out comments on how AI will impact society.

Then Senator for Missouri Josh Hawley brought the drama with his opening statement:

Is AI going to be like the printing press宇hat empowered ordinary everyday individuals她r is it going to be more like the atom bomb.

Hint: Its OK. ChatGPT is not going to be like the atom bomb.

More interesting than Washington politicians freaking out about whether ChatGPT is going to overthrow society was a panel of actual AI experts, who gave statements on their views.

Heres what they said:

Sam Altman

CEO of OpenAI and vocal fry, Sam Altman, took a similar stance to his recent 60 minutes interview.

He said that GPT and wider AI have the potential to change the world for good and bad impacting things like climate change, cancer research, and presidential campaigns.

On that last point, he underlined the need for some kind of regulation.

Were gonna face an election next year and these models are getting better宇his is a significant area of concern

The big thing that Sam requested?

He wants a new agency specifically responsible for AI regulation.

Ideally, that agency should be able to do things like grant and revoke licenses to operate AI models, plus send out independent auditors to check on AI companies.

Other things Sam would like to see:

  • A way for people to know when they are talking to an AI bot

  • Some kind of universal content trust scoring system

Gary Marcus

Also speaking to senators, NYU professor Gary Marcus agreed that the best way to handle AI is to create a brand new government department.

My view is we probably need a cabinet-level organization within the US to address this地 nimble monitoring agency.

He emphasized that Washington should make this agency now before systems improve further.

He also pointed out that Sams company was initially founded on a mission to benefit humanity, but now, they are basically owned by for-profit Microsoft. Shots fired.

Christina Montgomery

IBMs Chief Privacy Officer said that its the right time to make some rules, but she doesn't think that a new agency will help AI companies or the public.

She voiced concerns about the time it would take for a new agency to get off the ground.

Its true: even if a Washington agency was already formed and well-run, how could it keep up with the current pace of AI development?

I mean Just yesterday, the SEC told Coinbase that theyre still preparing 宇o begin working on 多ow they might one day 圭reate some clear regulations for crypto exchanges.

You can watch the full committee hearing here.

Decentra Daily is brought to you by ProfilePicture.AI

What's the first thing people notice when they meet you online? Your profile picture.

And do they judge you based on your pfp? Oh buddy, you bet they do.

So what's the easiest way to improve your digital game? By enhancing your pfp, using the power of artificial intelligence.

ProfilePicture.AI generates professional-quality profile picturesfor your LinkedIn, Tinder, and personal website using the latest AI tech.

They take around 20 real-life selfies and produce over 100 chiseled, air-brushed profile pictures for you to use.

What's the deal?

  • 4K format and 300 dpi

  • Over 279 styles to choose from

  • No subscription required

They've already churned out nearly 1.5 million pfps for their customers who all just got a lot more attractive.

With realism, artistic, and funny modes, there's an AI profile pic for every occasion Oh, and they also make profile pictures for pets, too.

Meme of the day

Have a gud day!

What we're reading this week

business x blockchainweb3 topics & the companies evolving them