May 19, 2023

The biggest crypto news and ideas of the day

Were you forwarded this newsletter? Sign up here.

Don't want this newsletter? Unsubscribe

Welcome to The Node. This is Daniel Kuhn, here to take you through the latest in crypto news and why it matters. In today's newsletter:

In the news: Pakistan's finance minister said crypto will "never be legalized." A new NFT marketplace is using "Really Good for Bitcoin" smart contracts. And JPMorgan analysts see major headwinds for stablecoins.

The takeaway: Chief Insights Columnist David Z. Morris writes about the controversy over Ledger's most recent update.

By the way, CoinDesk just turned 10. Read about it and what we've learned from a decade of crypto history in Consensus Magazine this week.

Learn more

Cross Border

Crypto will "never be legalized in Pakistan," finance minister Aisha Ghaus Pasha said Wednesday during a Senate hearing in the country. Local reports indicated the Financial Action Task Force (FATF), the dominant international watchdog, have held meetings with the State Bank of Pakistan (SBP) and other government ministries (beginning in at least 2022) urging them to curtail crypto use. U.S. dollar-denominated stablecoins, in particular, have seen increasing adoption in Pakistan amid a weakening rupee and political instability – with one exchange operator estimating national trading volumes have climbed to $25 billion from $18 billion last year, based on Pakistan-based wallet activity. Elsewhere, the New York Federal Reserve and Monetary Authority of Singapore (MAS) published a report Thursday examining crypto's role in central bank digital currency (CBDC) design. While the project, called Cedar/Ubin, "does not reflect any decision to implement" a CBDC, the analysts found blockchain atomic swaps could improve interoperability and speed "cross-border payment flows including for less liquid currencies."

Bitcoiners Says

MicroBT unveiled what it claims to be one of the most powerful bitcoin mining machines now on the market, at Miami's Bitcoin2023 conference Thursday. The WhatsMiner M53S++ delivers 320 terahash per second (TH/s) of computing power, which is in the ballpark of Bitmain's Antminer S19 XP Hydro can achieve but apparently MicroBT's is more efficient. The news is the latest sign of increasing competition among mining manufacturers, as the biggest brands begin to chart out models better suited for "green energy" sources like solar power. Elsewhere in the world of Bitcoin, the network has a new marketplace dedicated to NFTs dubbed DIBA. The marketplace is backed by notable VC Tim Draper and deploys an emerging solution called "Really Good for Bitcoin" (RGB) smart contracts, which allows users to trade assets issued on any Bitcoin layer 2, DIBA co-founder Gideon Nweze said in a statement.

Web3 Headwinds

Coinbase (COIN), the major crypto exchange, is now offering a subscription service called Coinbase One in the U.S., U.K., Germany and Ireland. For $29.99 per month, customers can access zero-fee trading services and get higher staking rewards. The service has been in beta testing since 2021 and plans to expand to 35 countries. Separately, web browser Opera has integrated MultiversX (formerly known as Elrond) as its latest supported blockchain. The mashup will allow users to explore the "decentralized internet," trade NFTs and access dapps supported by the MultiversX network. Finally, despite the news of expansions and team-ups, JPMorgan analysts argue the crypto economy will continue to shrink as it faces macroeconomic and regulatory headwinds. The bankers said that trend may reverse if the "stablecoin universe" could begin growing, though the fact that major stables including USDC and USDT are backed by U.S. Treasury's, which are implicated in a possible U.S. debt default, is a bad sign for sentiment.

The Takeaway: Update --> Ledger-gate

Ledger, the Paris-based hardware wallet maker, has had a terrible week. And in large part, it seems they have themselves to blame.

Things started out badly enough. Ledger's May 16 introduction of the "Ledger Recover" seed phrase recovery service was greeted with skepticism from the crypto community, who worried about new security risks being introduced to one of the most widely-trusted hardware wallets on the market.

Then it all got much worse. By midweek, Twitter filled with wild speculation that Ledger devices were now compromised. There were even Ledger-smashing videos of a sort normally associated with far-right culture war boycotts. In part that was thanks to spiraling paranoia, social-media hyperbole and basic misunderstandings of crypto architecture. But Ledger's own communications also poured fuel on the fire.

The incident's key takeaway for other crypto companies is simple: It's not enough to be technically correct, especially in a crisis. As crypto attracts more and more users with limited technical knowledge, it's more important than ever to communicate clearly and carefully.

In other words, it's important to not make tweets like this. For the sake of our industry.

You can't handle the truth

Some of those piling on to attack Ledger have simply misunderstood that the new Ledger Recover service, and the identity documentation involved, are entirely opt-in. Ledger Recover is aimed at less rigorous crypto users who may want an insurance policy against losing their private keys. Strategically for Ledger, and frankly for crypto as a whole, offering this sort of middle-ground security option makes sense.

But the backlash only spun further out of control after someone at Ledger, purportedly a customer support agent, tweeted that "technically speaking it is and always has been possible to write firmware that facilitates key extraction."

Now here's the thing: while Ledger has wisely deleted and rephrased its message, this tweet seems to be basically accurate. As cryptography pioneer Christopher Allen laid out in this Twitter thread, "all it requires is a signed firmware update and seeds can go wherever they want." And that applies to many kinds of hardware wallets, not just Ledger.

But boy oh boy, is "you have always trusted Ledger not to steal all your money" not the right way to put it. Despite being seemingly accurate, the message added immensely to the confusion, fueling even more panicky rhetoric on Twitter – including claims that Ledger devices have been revealed to have some deep flaw or "back door."

The offending comment seems to simultaneously affirm all of the worst fears being floated – and also belittle the worriers for not catching on sooner. Regardless of intent, both "technically speaking" and "whether you knew it or not" will be heard as condescending, even dismissive. "Yes we can do the thing you're most worried about, but you shouldn't be worried about it because we could always do it, and you're kind of dumb for not already realizing that" is not a way to calm anybody down.

(A note on responsibility here: If they were indeed a rank-and-file customer service rep, whoever wrote this tweet should not have felt empowered or responsible to make such a broad statement at all. True culpability for the misstep lies further up the chain of command.)

Even worse, the message commits a sin that we in journalism call "burying the lede." A second tweet, threaded onto the "technically speaking" post, emphasized that every update has to be manually approved by the user. This is the core of Ledger's rebuttal of the ongoing attacks against it.

You can still use a Ledger

While the technical nuances are beyond my scope here, some extremely trustworthy experts have rebutted the most extreme worries circulating about Ledger.

Most significantly, Taylor Monahan, founder of the MyCrypto wallet and now part of the Metamask team, has vigorously condemned the worries about Ledger as "sensationalist bullshit." Haseeb Qureshi of Dragonfly Capital also notably walked back his initial concerns, writing "now I'm in the 'nvm it's fine'" camp.

It's too soon to completely sign off on the idea that everything is fine, but the main misunderstanding here is clear. A hardware wallet needs an updatable operating system (OS), including to be able to add support for new tokens and chains. So users have to allow updates at some point, and most Ledger users have likely gotten an update or two before the current controversy popped off.

That is, they've trusted Ledger, whether they knew it or not. The fact that an update would be used to implement a recovery scheme was what finally drew attention to the process. The alternative isn't to buy a different hardware wallet, but to store your seed phrase on a piece of paper in a safe.

The one ding on Ledger that does seem valid is that these updates, and the Ledger code, are not open source, while many other hardware wallets' code is. This genuinely makes the trust placed in Ledger even higher than with other wallets. But this real question has become muddled with a lot of off-base and ill-informed speculation, and Ledger has so far failed to quell either the real concerns or the mistaken ones.

One way of thinking about this unfortunate drama is that language is not like computer code. If you're writing a smart contract or a physics engine, you can construct the same function a half dozen different ways with little functional difference. When you're writing a tweet, by contrast, tiny variations matter immensely to how it will be received. It's art, not science – and the gap between the two is only going to grow wider as more and more average folks adopt crypto.

– David Z. Morris

@davidzmorris

david.morris@coindesk.com