Ledger Nano X: Improved Ledger Nano S With Bluetooth Support, Coming in March

Siamak Masnavi

On Sunday (January 6th), the first day of this year's Consumer Electronics Show (CES) in Las Vegas, hardware cryptocurrency wallet maker Ledger announced the Ledger Nano X, an improved version of the USB-only Ledger Nano S that adds Bluetooth support, a larger screen, and larger storage space.

For its upcoming new product, the Ledger Nano X, has made five enhancements to its most successful product, the highly popular Ledger Nano S cryptocurrency hardware wallet:

  • Bluetooth LE support. The Ledger Nano X is still a USB stick just like the Ledger Nano X, but addition of Bluetooth support and a new mobile version (for both iOS and Android) of its wallet management app Ledger Live means that you can send or receive crypto wherever you go (even if you don't have your computer near you).
  • A slightly larger Organic LED (OLED) screen.
  • Buttons now on the front face of the device for easier navigation.
  • Higher storage space for apps (for each type cryptocurrency that you need to store on a Ledger device, you need to install an app that supports that coin/token). Although Ledger says up to 100 apps may be installed on the Ledger Nano X (compared to the up to 18 apps that can be installed on the Ledger Nano S), in practice, the actual number of apps that you will be able to install will depend on the cryptocurrencies that you have since some apps take up more storage space than others. For example, although on the Ledger Nano S you can theoretically store up to 18 apps, many users report that they can only fit apps for four or five of their favorite coins. 
  • A rechargeable built-in battery. This allows the Ledger Nano X, unlike the Ledger Nano S, to function even when it is not connected via a USB cable to a computer or a USB charger.

In case you are wondring if Bluetooth connectivity will make it easier for hackers to break into the Ledger Nano S, ledger CEO Éric Larchevêque said on Reddit (the "CryptoCurrency" subreddit) a couple of hours ago:

"The Nano X operates with the assumption that the Bluetooth connection (which is a bearer, exactly like USB) is compromised. The addition of BLE doesn't impact the security model. Transactions must always be physically verified on device by pressing both buttons. Moreover, on the Nano X screens and buttons are directly connected to the Secure Element (single chip architecture), which is also an enhancement of the general security design."

He added:

"We use LE secure connections with numeric comparison (highest level of BLE security protocol, mitigating MITM attacks). Of course nothing is unbreakable, so ultimately the security model requires the user to do the address validation on device. Our UX, documentation and best practices heavily push on this point. If you always verify transaction parameters on device, you are safe whatever happens."

According to Ledger's blog post,  can pre-order the Ledger Nano X from Ledger's website starting today, with the device shipping to you in March. The Ledger Nano X costs $119 (free shipping) in United States and £109 (free shipping) in the United Kingdom. As for the Ledger Live Mobile app, it will become available on January 28th in the iOS App Store and the Google Play store.

CES has given Ledger a huge welcome by giving the "CES Innovation Award in Cyber Security and Personal Privacy for 2019" to the Ledger Nano X.

Eric Larchevêque, the CEO of Ledger, said:

"The Ledger Nano X includes all of what you loved about your Nano S, but with new and improved major features. With its Bluetooth connectability and increased capacity, the Ledger Nano X provides an enhanced user experience while delivering the mobility and state-of-the-art security that customers expect from Ledger. It is exciting to be recognized by CES as the go-to leader for securing crypto assets.”

 

Featured Image Courtesy of Ledger

CZ Explains How Binance Dealt With Aftermath of $40 Million Theft

On Sunday (May 19), Changpeng Zhao (aka "CZ"), the Co-Founder and CEO of digital asset exchange Binance, told the crypto community what he and his team had been up to since the May 7 security breach that resulted in a theft of over 7,000 BTC from their Bitcoin hot wallet. 

What Happened on May 7?

According to CZ, the hackers involved in the security breach somehow managed to get control over a number of user accounts and structured large withdrawals from these accounts in such a way thay managed not to be detected/noticed by Binance's "pre-withdrawal risk management checks." Their "post-withdrawal risk monitoring system" only noticed something was wrong after the hackers had moved the stolen BTC off of the exchange via a single transaction, at which time it immediately suspended all "subsequent withdrawals." 

At first, the Binance team was not exactly sure what had happened, and so they decided that the safest course of action was for CZ to send out a tweet to say that the "withdrawal servers" were in "unscheduled maintenance mode" while the team was investigating the incident. 

Communication With the Crypto Community

Once the team had confirmed that the exchange had been hacked, information about the security incident was broadcast to the outside world via all of Binance's communication channels (such as Telegram, Twitter, and Medium). 

Since the team could not be sure which user accounts the hackers had access to, it was decided that it would be too risky to allow further withdrawals to be made until the team had the chance to make "significant changes" to the platform (to make it more secure). Binance's announcement on May 8 estimated that the exchange needed to do "a thorough security review" and estimated that this would take about "ONE WEEK," and that during this period, "deposits and withdrawals" would need to "REMAIN SUSPENDED."

By being fully transparent in their communication with Binance users, they were able to receive "tremendous support" from them.

CZ's Periscope AMA Session on May 8

Seeing CZ live put much of the Binance community "at ease." Unfortunately, because CZ had been up all night, he was not in an ideal mental state when he did the AMA. Just before the AMA, his team told him that a Bitcoin Core developer had suggested that it would be technically possible to roll back the single Bitcoin transaction carried out by the hackers by "hugely incentivizing the miners." CZ made the unfortunate mistake of mentioning this "reorg" idea (which he now realizes is a "taboo topic") during the AMA, for which he took a heavy beating (especially from hardcore Bitcoin maximalists) on Twitter (and elsewhere). 

CZ's Mental State Right After Being Told About the Bitcoin Theft

Although he was in a "F***, F***, F***” state" for around 10 seconds, a few moments later, he "began to come to terms with it," and a quick mental calculation told him that the theft of around 7000 BTC (equivalent of around $40 million at the time) could be fully covered by their SAFU fund. Meanwhile, his team had already gone into "War Mode", and their professionalism and support cheered up CZ. 

Support From the Crypto Community

Binance received support from many sources: people defending him and Binance on social media platforms, and helping to answer questions; the Binance Angels (who are all volunteers) "addressing questions" and "reassuring" users on "multiple communities"; analytics firms helping with the tracking of the stolen funds; exchanges and wallet services offering to help by blocking "any deposits associated with the hacker addresses"; and "numerous offers for help from law enforcement agencies around the world."

A Blessing in Disguise?

"Speaking with various team members, and as correctly analyzed by community members, such as Gautam Chhugani, this incident may actually be a good thing for us in the long run. Security is a never-ending practice. There are always more things to do in security, and we have implemented many of them in this last week and will continue to implement more in the future. Given this incident, Binance has actually become far more secure than before, not just in the affected areas, but as a whole."