Ledger faces backlash for charging fees on ‘free’ security upgrade
Yesterday, hardware wallet manufacturer Ledger announced support for “clear signing” on its devices for multisig users.
The move was initially praised as an important step to protect against attacks reliant on “blind signing” such as February’s $1.5 billion ByBit hack.
However, the fine print revealed that the “free” service would actually cost $10 per transaction or 0.05% of the amount transferred, on top of gas costs.
Read more: Crypto exchange Bybit hacked for over $1.4 billion
Why ‘clear signing’?
Multisig wallets are seen as highly secure; they require a specified threshold of signers to approve transactions.
For this reason they’re used to hold vast quantities of funds across the decentralized finance (DeFi) sector.
Safe{Wallet}, the most well-known multisig, claims that over $60 billion worth of assets are held in its wallets.
Until now, though, Ledger’s screens show raw transaction data, leading to so-called blind signing, where signers must rely on a user interface to verify before approval.
The weak link in the aforementioned ByBit hack was Safe’s UI which was hacked to show malicious transactions as perfectly harmless.
Clear signing decodes the raw data to be human-readable and, ideally, prevent such incidents from happening in future. Ledger says that it supports asset transfers, governance actions and “complex contract interactions.”
‘Free’ with fees
Ledger CTO, Charles Guillemet, announced the new feature as “free. No extra cost. No complexity.” He added that the upgrade means “there’s truly no excuse” if things go wrong.
After Protos contacted Ledger for comment, Guillemet replied to his initial post which he claimed contained “a typo.”
He clarifies that “Multisig is a paid service.”
The official Ledger X account was more cautious with its wording, saying that Multisig support had “no subscription fees.”
The FAQ section of Ledger’s Multisig site details a variable fee of “0.05% of the transferred amount for token transfers” and a flat $10 fee for all other transaction types.
Guillemet’s post also states that “the transition is instant. No migrations… It just works,” which suggests that multisig signers may be opting into fees inadvertently.
Safe{Wallet} launched as Gnosis Safe in 2018 and claims to have processed over $1 trillion in transfers since, an average of approximately $140 billion per year.
If all these transfers were to use Ledger’s clear signing feature, it would generate over $70 million in annual revenue.
Not impressed
Voices from across DeFi spoke out, urging Ledger to listen to the “honest feedback” about slapping fees on such an important security feature.
Blockchain investigator ZachXBT said it’s “excessive” to charge fees on top of the device’s initial cost. Especially given that many saw blind signing as a flaw in the product in the first place.
Security Alliance member Pascal Caversaccio accused Ledger of trying to turn its interface into a “single choke point for all crypto so you can squeeze everyone through it,” adding that the feature isn’t open-source so cannot be independently verified.
Caversaccio previously wrote his own clear signing script in response to last year’s $50 million hack of Radiant Capital, a precursor to the larger ByBit incident.
Read more: The solution to crypto’s Lazarus problem could be simpler than expected
Ever-diplomatic Aave delegate Marc Zeller praised Ledger’s hardware while claiming that the company is run by “max extract sociopaths allowing their greed to hurt their own business.”
Micah Zoltu pointed out that, with fees only applying to outgoing transfers, “people may move money in thinking free like the announcement said, and then are surprised to pay to withdraw.”
Given crypto’s commonly cited mission to cut out the middleman, Ledger’s latest move puts a whole new spin on the phrase “banking the unbanked.”
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.