A privacy advocate has alleged that the Ledger Live wallet software monitors its users and gathers information about them.
In an X post published on Wednesday, privacy advocate and app developer REKTBuilder reported that Ledger Live conducts a “genuine device check” whenever users connect their Ledger device to a PC or phone.
This check provides a list of all installed apps on the device, enabling Ledger to ascertain the networks being utilized by the wallet owner.
REKTBuilder’s discovery came after they investigated the software’s Python code. They had previously published a report on December 6th alleging that Ledger Live was recording users’ crypto balances.
The next day, REKTBuilder unveiled what they asserted to be a “tracker-free” open-source alternative to Ledger Live, named “Lecce Libre.”
REKTBuilder’s allegation stems from their discovery that multiple lines of Ledger Live’s code contain the phrase “genuine check.”
Upon incorporating “tracing prints” into the code, they discovered that it did not execute when the software seemed to be examining the device. REKTBuilder delved deeper into the matter and found that the actual check is integrated into a “listApps” subroutine.
REKTBuilder asserts that this check can be utilized by Ledger to discern the specific time and date whenever a user connects their device.
The researcher also said that trying to delete the tracking code resulted in the software becoming dysfunctional and unusable.
“I tried disabling the remote tracking and it’s impossible, it breaks if you do,” REKTBuilder stated. “Which means Ledger knows it’s you every time you plug the device in.”
Several commenters expressed disdain with REKTBuilder’s findings.
“They could easily be one of the best hardware wallets but they chose to ruin themselves,” commented user @DegenBread.
“Great work, ledger really doing everything they can to lose trust,” commented user @HODLCEO.
Despite the reported privacy concerns, REKTBuilder mentioned on X that they have no choice but to continue using Ledger Live, as there is “[n]o other HW [hardware] option on native #Avalanche.”