Ledger hardware wallet support?

For those not aware, here is a good thread on Twitter about the hack (link below)

Ledger Hardware support will add confidence and security from such hacks.
My heart goes out to the Solana community and I hope the Incognito Devs are putting in place measures to prevent this from happening to this amazing project.

If anything like what happened to Solana was to happen to Incognito, I think it would spell the end of the project and all the hard work of the Devs. I feel people set the bar higher for “Privacy” projects, hence by adding Ledger Hardware support will be another step towards enabling a higher bar to be set.

Hey @Jared, here’s an idea…

After the Next Roadmap is published, can the Marketing Team send out an email to all folks and also publish a poll on this Community Forum to gather feedback/suggestions and perhaps rank the community members excitement for each of the “Proposed Features” on the roadmap?

Then the marketing team could share the feedback to the Devs and publish the results for all of us to see. Thoughts?

This is an excellent point @abduraman.

If the Devs and Growth Teams at Incognito can reach out to Ledger and find out what’s involved in getting listed within the Ledger Live Supported Services Marketplace, that would be good.

LedgerSupportedServices1009×772 95.9 KB

Can you imagine the visibility Incognito would get from being the “1st Privacy DEX” on Ledger Live?

I’d be very surprised if this didn’t cause more funds to flow into Incognito’s Liquidity Pools as a result of this integration.

Yeah, but what do I know, I’m not a programmer so I wouldn’t have a clue how much effort there would be in rolling this feature out. So I leave that up to the experts , but all I wanted to say is do not discount the huge Marketing and Branding opportunities that may arise by adding this support.

Nobody serious, with enough money to invest, is going to put their money into a protocol that does not have, at the very least, compatibility with a hardwallet.

When I say “no one serious”, I mean the people in the traditional financial market, who have learned a little bit about cryptos and who are the ones who really have money to invest heavily. The first thing they have learned is that you don’t have the “security” of the traditional system, but in compensation there are harwallets and they keep your cryptos even more secure than in the bank.

Now this project is focused on embracing the world instead of focusing on security! This was supposed to be ready years ago. From the beginning I suggested it myself and followed it for a while, but time went by and nothing, so I gave up. Just like I gave up on putting big money into this project, because they haven’t delivered what they promised about the update that would change everything regarding security.

This is the message that is being sent to the market.

Looks like ledger was put on the backlog again, where it seems it will permanently stay. This is extremely disappointing.

9 bridges/integrations are planned for Q3 yet the team couldn’t find a slot to seriously look in to getting ledger support added. I dunno about anyone else but I think the writing is on the wall. They don’t seriously plan to ever add ledger support.

…

Hey guys, thanks for bringing up the interesting topic, I just wanted to clarify something around the ledger hardware support…

First of all, I believe that anyone would agree security is important, especially in financial platforms. While the proportion of people in crypto that use a hardware wallet is pretty low, when they do, they hold much money obviously.

But the point here is that what is our goal at the moment? Let me describe my thoughts in two directions below:

1. If we focus on the hardware wallet:

• We would need to allocate most development resources we now have to it and might take a quarter or even a couple of quarters since integrating a Ledger wallet with a privacy blockchain is more complex than a non-privacy one (Monero did it though, it doesn’t mean we could make it quickly). We are building the wallet extension and in our experience, it’s far more complex and demand much more effort for preserving user’s privacy than its non-privacy counterparts.

• In the entire one or two quarters, we couldn’t either build any new features or improve the current features. The only main feature we have right now is swap and we don’t have a product-market fit yet. There are not many users using the current swap and nothing can guarantee when we have the hardware wallet, the product market fit will come automatically only with an assumption: people will put more liquidity into the Incognito exchange and there will be more users swapping coins on there only because of the hardware wallet while the feature is still the same.

2. So if the goal is finding a product market fit:

• We need to keep looking for new features or improving existing ones based on the current infrastructure. It turned out that with supported smart contract bridges, their arbitrary message sending capability, and pToken unification we can support cross-chain swap feature with liquidity from outchains’ DEXs. Apparently, we still need to grow liquidity for the bridges’ vaults but it should be easier compared to AMM pools.

• In this direction, having more bridges and more DEX integrations will help a lot in terms of userbase, cross-chain options, and liquidity (from those DEXs)

• We believe that cross-chain swap is also less competitive than the AMM swap.

That’s not really a “pick one of two” dilemma but could be “pick one of two at a time for prioritization” in my opinion. Once we find the product market fit, we can always revisit the hardware wallet support then.

I respectfully disagree.

It is on a solid foundation that a good project is built.

There is no point in wanting to embrace the world without first ensuring the minimum.

What does someone who arrives at incognito for the first time find?
Answer: just another project like thousands of others! That does a lot of nice things, some a little different than the others and so on, but when they think about investing or when they put some capital to test, they soon realize that it is a hotwallet with a precarious login protection. Then you go to see about hardwallet integration and find a promise from the development team left aside.
Now I ask: what message does this send?

You can put in as much functionality as you want, you can integrate all the blockchains in the world, but the users won’t stay and they won’t put in big money, to leave it for a long time (which is what every project wants to grow and have money to reinvest), as long as you don’t have the minimum login security and that means integration with some kind of hardwallet.

Completely agree with @Iksolon. This project took a LONG detour to get some specific infrastructure items done like pdexv3, staking v2, etc. We all sat patiently by as features, and other items (including growth team) were set aside. And the dev team worked hard, and came through. They did a great job in getting those core items done. That being said, given the state of things, the next biggest core item the dev team can do, is integrate hardware wallet support.

This project needs to stand out to others as privacy, and security focused. Without hardware wallet support, the project has a glaring weakness. While the project has remained under the radar for the most part… as the project awareness grows and more people come in it makes our wallets a bigger target for scammers and thieves. I am becoming increasingly worried about my assets not being protected by a hardware wallet.

Another point I am confused about… you say that all developers will need to work on the hardware wallet and put everything else aside. Isn’t that an issue of resource management, that can be solved by bringing in other skilled Devs? Regardless, even if it means not working on anything else, and taking 3 -4 quarters to solve, it is still important to be done. In fact even more so. The fact that it will take so long to solve means putting it on the back burner is more dangerous then ever.

Hardware wallet has been on the back burner now for about 2 - 3 years. If it is not made a priority now, it likely never will.

What about integrating other cold wallet solutions before integrating with a Ledger Nano (long term goal)?
A QR-Code based solution like https://airgap.it/ for example, using the same way it integrates in Metamask (or their wallet).

With this solution you keep the keys/seed on a dedicated device (Android, for example an old smartphone), completely offline, disabling everything not needed. This will be the “signer” device. Then on the main Wallet or the Web extension you integrate a “Connect” feature to import the information needed to view the wallet info and request the signature to the signer App using QR-codes.

When you have to do a transaction, exchange, that requires a signature, the main app will show a QR code that must be scanned with the offline App, that will sign the message with the private key and show the result in a QR code that you have to scan with the main App (using the camera or the PC webcam) to broadcast the transaction to the node.

With this configuration, you can re-use the code you have for the Android/iOS App, separating, exchanging the information between the singer and the broadcaster (user wallet) through QR-codes, without the need of internet. It won’t be like a Ledger, but leveraging, for example, an encrypted Android phone, de-googled, or a custom android-based device, you can achieve a high degree of security, keeping the keys offline, and easier to maintain (same pieces of the current Wallet). This could also solve the issue of keeping the keys in the Wallet extension, always online.

What do you think @duc?

Hey @duc, I agree with what you’ve said above. The Wallet extension is a much needed part of the ecosystem. However, I wanted to hopefully raise this topic from the ashes. FYI @Jayce_Nguyen, we spoke about this on today’s call.

Now that the Incognito Web Extension
( https://chrome.google.com/webstore/detail/incognito-wallet/chngojfpcfnjfnaeddcmngfbbdpcdjaj )
has been released and is being used, is there any plan to incorporate Ledger Hardware Wallet integration with the Web Extension?

The reason I bring this up is because there is a growing number of online hacks and scammers (more than ever) and hence security is paramount.

I’d feel a lot safer (and I’m sure others in this community too) if private keys and transaction signing via the incognito web extension took place on a Ledger Nano. This may increase the usage of the web browser extension.

For me personally, I’ve suffered a web wallet hacked and hence I’m very cautious and promised my self never to use a online web wallet that doesn’t have hardware wallet integration.

@duc / @Jared, can you please discuss this with the Devs and see if they are open to putting the Ledger integration back on the roadmap?

Do others in the community support this idea?

Thank you Linnovations for this sharing.

Your ideas and product experience would help us shape Incognito product’s features in the upcoming release. From a user’s perspective, your point of view makes every sense to urge us to do something addressing this issue. Let me check with the Development Team and will keep you posted.

Feel free to message me if you also come up with other feedbacks or if you know any other collaboration opportunity.

Example of a recent Web Wallet hack.

https://concealnetwork.medium.com/cloud-infrastructure-attack-and-shut-down-7ff72af6e81b

Hey @Horus87, just read through your proposed solution, that’s great idea (sometimes great solution is unnecessarily a perfect solution) since it will pragmatically save much development effort as compared to the full Ledger support. However, we should consider about UX tradeoff, is that an acceptable UX?

@brico84, @Iksolon, @SPAddict25, @Linnovations and others, due to growing number of hacks, your request does totally make sense. Let’s do it in the next quarter. The team will be researching a solution for it and starting out development once we have a good enough one. In my opinion @Horus87’s solution is pretty cool and worth for us to consider, what do you think, guys?

@duc I’ve been waiting for ledger support since almost the beginning of the project. I already have a ledger I use with other wallets. This “hack” would be another device and method I have to worry about and keep track of.

Please focus on getting the promised ledger support… That is what we have all been waiting for and was promised

I didn’t know that Ledger has support for so many chains: https://support.ledger.com/hc/en-us/sections/4404369637521-Crypto-assets?docs=true . Do I miss something? I wonder whether the ledger co or the chains’ communities have developed most of them. If the former is true, maybe the ledger team can implement some basics for Incognito.

Maybe… but this featured has been promised since almost the beginning and keeps getting de-prioritized by the team. Getting super frustrated since it was promised early on.

I support the sentiments of @brico84 @abduraman & @Iksolon and @SPAddict25 shared an excellent article on recent hack.

When I first got involved with this project the Ledger Hardware Wallet integration was on the roadmap and this did excite me. I saw this ‘upcoming’ feature vitally important to securing assets. In my opinion Security and Privacy go hand-in-hand.

Now with that said, I do not think the QR code solution is a good long term solution (no offense to @Horus87, I do thank you for offering this idea). My issue with the QR code solution is it introduces a point of failure that is NOT industry standard practise. It introduces a separate hardware device that needs to be secure and safe. The beauty with having a ledger, is if my ledger device breaks. I can buy another one and restore my 24 word seed phrase and viola, I’m back in business.

IT MAY NOT BE TOO MUCH WORK
Disclaimer: I’m not a developer.

Since the PRV token is a BEP-20 token, this means Incognito could piggy back off the existing “Binance Smart Chain BNB” Ledger App for signing transactions ( https://support.ledger.com/hc/en-us/articles/4405365395857-Binance-Smart-Chain-BNB-?docs=true ) See below excerpt from the page above…

BEP20-supported-by-ledger963×268 47.2 KB

Hence, there is no need for Incognito to develop and maintain it’s own stand-alone Ledger App. If this proves to be possible then Incognito could take a similar approach to THETA Network.

The THETA Token is an ERC-20 token.
When accessing Theta’s Web Wallet - https://wallet.thetatoken.org/unlock/cold-wallet (see below)

Theta-Web-Wallet628×635 36.3 KB

I can use a Ledger Hard wallet to sign-in and sign transactions. To do this I use the Ethereum App on the Ledger device.

Hence, a similar approach could be taken with the Incognito Web Wallet Extension, have it connect to Ledger’s “Binance Smart Chain (BNB)” App.

Here’s the Github for Theta Web Wallet - https://github.com/thetatoken/theta-wallet-web

I’m not a developer but I thought this may help the amazing Incognito Dev team see how Theta built their Ledger integration. It may help to fast track a similar solution.

NEXT STEPS
Hey, @duc @Jared & @Jayce_Nguyen, can someone please bring this up with the Incognito Dev Team on your next call?

In the previous comment, I said that the team will prioritize the hardware wallet support in the next quarter (Nov, Dec and Jan) - not sure why we keep getting criticisms…

This will begin with research for a good solution. Contributions by community members by proposing a solution to the team for consideration should be encouraged in any way, thanks again to @Horus87 and @Linnovations for that.

@Linnovations PRV is not BEP20 token, but a native token of a privacy blockchain so the approach would be different, we need to research more to figure out a way to achieve that.

Sorry for my misunderstanding that PRV was a BEP20 token on Binance Smart Chain. I learn something new from folks in this community forum.
This will mean a significant investment in Dev resources, but I still believe that with all the hacks going around (thx for the recent example @SPAddict25 ) privacy and security need to walk hand-in-hand. Support for hardware wallets will be a very positive move forward for the overall ecosystem. This level of security will make user more comfortable adding more liquidity to the network.

Thanks @duc for the excellent news on prioritizing Hardware Wallet support next Quarter!

Hey @Wallart, you should be happy about this latest news, thanks for this post