Ledger hardware wallet support?

Looks like ledger was put on the backlog again, where it seems it will permanently stay. This is extremely disappointing.

9 bridges/integrations are planned for Q3 yet the team couldn’t find a slot to seriously look in to getting ledger support added. I dunno about anyone else but I think the writing is on the wall. They don’t seriously plan to ever add ledger support.

Hey guys, thanks for bringing up the interesting topic, I just wanted to clarify something around the ledger hardware support…

First of all, I believe that anyone would agree security is important, especially in financial platforms. While the proportion of people in crypto that use a hardware wallet is pretty low, when they do, they hold much money obviously.

But the point here is that what is our goal at the moment? Let me describe my thoughts in two directions below:

  1. If we focus on the hardware wallet:
  • We would need to allocate most development resources we now have to it and might take a quarter or even a couple of quarters since integrating a Ledger wallet with a privacy blockchain is more complex than a non-privacy one (Monero did it though, it doesn’t mean we could make it quickly). We are building the wallet extension and in our experience, it’s far more complex and demand much more effort for preserving user’s privacy than its non-privacy counterparts.

  • In the entire one or two quarters, we couldn’t either build any new features or improve the current features. The only main feature we have right now is swap and we don’t have a product-market fit yet. There are not many users using the current swap and nothing can guarantee when we have the hardware wallet, the product market fit will come automatically only with an assumption: people will put more liquidity into the Incognito exchange and there will be more users swapping coins on there only because of the hardware wallet while the feature is still the same.

  1. So if the goal is finding a product market fit:
  • We need to keep looking for new features or improving existing ones based on the current infrastructure. It turned out that with supported smart contract bridges, their arbitrary message sending capability, and pToken unification we can support cross-chain swap feature with liquidity from outchains’ DEXs. Apparently, we still need to grow liquidity for the bridges’ vaults but it should be easier compared to AMM pools.

  • In this direction, having more bridges and more DEX integrations will help a lot in terms of userbase, cross-chain options, and liquidity (from those DEXs)

  • We believe that cross-chain swap is also less competitive than the AMM swap.

That’s not really a “pick one of two” dilemma but could be “pick one of two at a time for prioritization” in my opinion. Once we find the product market fit, we can always revisit the hardware wallet support then.

4 Likes

I respectfully disagree.

It is on a solid foundation that a good project is built.

There is no point in wanting to embrace the world without first ensuring the minimum.

What does someone who arrives at incognito for the first time find?
Answer: just another project like thousands of others! That does a lot of nice things, some a little different than the others and so on, but when they think about investing or when they put some capital to test, they soon realize that it is a hotwallet with a precarious login protection. Then you go to see about hardwallet integration and find a promise from the development team left aside.
Now I ask: what message does this send?

You can put in as much functionality as you want, you can integrate all the blockchains in the world, but the users won’t stay and they won’t put in big money, to leave it for a long time (which is what every project wants to grow and have money to reinvest), as long as you don’t have the minimum login security and that means integration with some kind of hardwallet.

4 Likes

Completely agree with @Iksolon. This project took a LONG detour to get some specific infrastructure items done like pdexv3, staking v2, etc. We all sat patiently by as features, and other items (including growth team) were set aside. And the dev team worked hard, and came through. They did a great job in getting those core items done. That being said, given the state of things, the next biggest core item the dev team can do, is integrate hardware wallet support.

This project needs to stand out to others as privacy, and security focused. Without hardware wallet support, the project has a glaring weakness. While the project has remained under the radar for the most part… as the project awareness grows and more people come in it makes our wallets a bigger target for scammers and thieves. I am becoming increasingly worried about my assets not being protected by a hardware wallet.

Another point I am confused about… you say that all developers will need to work on the hardware wallet and put everything else aside. Isn’t that an issue of resource management, that can be solved by bringing in other skilled Devs? Regardless, even if it means not working on anything else, and taking 3 -4 quarters to solve, it is still important to be done. In fact even more so. The fact that it will take so long to solve means putting it on the back burner is more dangerous then ever.

Hardware wallet has been on the back burner now for about 2 - 3 years. If it is not made a priority now, it likely never will.

3 Likes

What about integrating other cold wallet solutions before integrating with a Ledger Nano (long term goal)?
A QR-Code based solution like https://airgap.it/ for example, using the same way it integrates in Metamask (or their wallet).

With this solution you keep the keys/seed on a dedicated device (Android, for example an old smartphone), completely offline, disabling everything not needed. This will be the “signer” device. Then on the main Wallet or the Web extension you integrate a “Connect” feature to import the information needed to view the wallet info and request the signature to the signer App using QR-codes.

When you have to do a transaction, exchange, that requires a signature, the main app will show a QR code that must be scanned with the offline App, that will sign the message with the private key and show the result in a QR code that you have to scan with the main App (using the camera or the PC webcam) to broadcast the transaction to the node.

With this configuration, you can re-use the code you have for the Android/iOS App, separating, exchanging the information between the singer and the broadcaster (user wallet) through QR-codes, without the need of internet. It won’t be like a Ledger, but leveraging, for example, an encrypted Android phone, de-googled, or a custom android-based device, you can achieve a high degree of security, keeping the keys offline, and easier to maintain (same pieces of the current Wallet). This could also solve the issue of keeping the keys in the Wallet extension, always online.

What do you think @duc?

2 Likes

Hey @duc, I agree with what you’ve said above. The Wallet extension is a much needed part of the ecosystem. However, I wanted to hopefully raise this topic from the ashes. FYI @Jayce_Nguyen, we spoke about this on today’s call.

Now that the Incognito Web Extension
( https://chrome.google.com/webstore/detail/incognito-wallet/chngojfpcfnjfnaeddcmngfbbdpcdjaj )
has been released and is being used, is there any plan to incorporate Ledger Hardware Wallet integration with the Web Extension?

The reason I bring this up is because there is a growing number of online hacks and scammers (more than ever) and hence security is paramount.

I’d feel a lot safer (and I’m sure others in this community too) if private keys and transaction signing via the incognito web extension took place on a Ledger Nano. This may increase the usage of the web browser extension.

For me personally, I’ve suffered a web wallet hacked and hence I’m very cautious and promised my self never to use a online web wallet that doesn’t have hardware wallet integration.

@duc / @Jared, can you please discuss this with the Devs and see if they are open to putting the Ledger integration back on the roadmap?

Do others in the community support this idea?

4 Likes

Thank you Linnovations for this sharing. :pray:

Your ideas and product experience would help us shape Incognito product’s features in the upcoming release. From a user’s perspective, your point of view makes every sense to urge us to do something addressing this issue. Let me check with the Development Team and will keep you posted.

Feel free to message me if you also come up with other feedbacks or if you know any other collaboration opportunity. :incognito:

2 Likes

Example of a recent Web Wallet hack.

https://concealnetwork.medium.com/cloud-infrastructure-attack-and-shut-down-7ff72af6e81b

1 Like

Hey @Horus87, just read through your proposed solution, that’s great idea (sometimes great solution is unnecessarily a perfect solution) since it will pragmatically save much development effort as compared to the full Ledger support. However, we should consider about UX tradeoff, is that an acceptable UX?

@brico84, @Iksolon, @SPAddict25, @Linnovations and others, due to growing number of hacks, your request does totally make sense. Let’s do it in the next quarter. The team will be researching a solution for it and starting out development once we have a good enough one. In my opinion @Horus87’s solution is pretty cool and worth for us to consider, what do you think, guys?

3 Likes

@duc I’ve been waiting for ledger support since almost the beginning of the project. I already have a ledger I use with other wallets. This “hack” would be another device and method I have to worry about and keep track of.

Please focus on getting the promised ledger support… That is what we have all been waiting for and was promised

1 Like

I didn’t know that Ledger has support for so many chains: https://support.ledger.com/hc/en-us/sections/4404369637521-Crypto-assets?docs=true . Do I miss something? I wonder whether the ledger co or the chains’ communities have developed most of them. If the former is true, maybe the ledger team can implement some basics for Incognito.

1 Like

Maybe… but this featured has been promised since almost the beginning and keeps getting de-prioritized by the team. Getting super frustrated since it was promised early on.

1 Like

I support the sentiments of @brico84 @abduraman & @Iksolon and @SPAddict25 shared an excellent article on recent hack.

When I first got involved with this project the Ledger Hardware Wallet integration was on the roadmap and this did excite me. I saw this ‘upcoming’ feature vitally important to securing assets. In my opinion Security and Privacy go hand-in-hand.

Now with that said, I do not think the QR code solution is a good long term solution (no offense to @Horus87, I do thank you for offering this idea). My issue with the QR code solution is it introduces a point of failure that is NOT industry standard practise. It introduces a separate hardware device that needs to be secure and safe. The beauty with having a ledger, is if my ledger device breaks. I can buy another one and restore my 24 word seed phrase and viola, I’m back in business.

IT MAY NOT BE TOO MUCH WORK
Disclaimer: I’m not a developer.

Since the PRV token is a BEP-20 token, this means Incognito could piggy back off the existing “Binance Smart Chain BNB” Ledger App for signing transactions ( https://support.ledger.com/hc/en-us/articles/4405365395857-Binance-Smart-Chain-BNB-?docs=true ) See below excerpt from the page above…

Hence, there is no need for Incognito to develop and maintain it’s own stand-alone Ledger App. If this proves to be possible then Incognito could take a similar approach to THETA Network.

The THETA Token is an ERC-20 token.
When accessing Theta’s Web Wallet - https://wallet.thetatoken.org/unlock/cold-wallet (see below)

I can use a Ledger Hard wallet to sign-in and sign transactions. To do this I use the Ethereum App on the Ledger device.

Hence, a similar approach could be taken with the Incognito Web Wallet Extension, have it connect to Ledger’s “Binance Smart Chain (BNB)” App.

Here’s the Github for Theta Web Wallet - https://github.com/thetatoken/theta-wallet-web

I’m not a developer but I thought this may help the amazing Incognito Dev team see how Theta built their Ledger integration. It may help to fast track a similar solution.

NEXT STEPS
Hey, @duc @Jared & @Jayce_Nguyen, can someone please bring this up with the Incognito Dev Team on your next call?

2 Likes

In the previous comment, I said that the team will prioritize the hardware wallet support in the next quarter (Nov, Dec and Jan) - not sure why we keep getting criticisms…

This will begin with research for a good solution. Contributions by community members by proposing a solution to the team for consideration should be encouraged in any way, thanks again to @Horus87 and @Linnovations for that.

@Linnovations PRV is not BEP20 token, but a native token of a privacy blockchain so the approach would be different, we need to research more to figure out a way to achieve that.

3 Likes

Sorry for my misunderstanding that PRV was a BEP20 token on Binance Smart Chain. I learn something new from folks in this community forum. :pray:
This will mean a significant investment in Dev resources, but I still believe that with all the hacks going around (thx for the recent example @SPAddict25 ) privacy and security need to walk hand-in-hand. Support for hardware wallets will be a very positive move forward for the overall ecosystem. This level of security will make user more comfortable adding more liquidity to the network.

Thanks @duc :100: for the excellent news on prioritizing Hardware Wallet support next Quarter!

Hey @Wallart, you should be happy about this latest news, thanks for this post :slight_smile:

2 Likes

I think that Ledger Nano implementation is always the best solution, the de-facto most adopted and recognized hardware wallet, cheap and easy for the common user. But I would like to bring up also some points:

  1. Developing an integration with Ledger Nano requires more effort, because you have to develop a firmware, not just a piece of software using some high level SDK. And since the cryptography used by Incognito is more similar to the one of Monero that the one of a non-privacy chain this is more complex on a Ledger nano hardware. You cannot simply fork and build probably. Monero took more that 1 year to go on Ledger and integrate everything.

  2. If the problem is time, budget or manpower that can bring this to life, and if the roadmap is long, I would sacrifice the UX a little to have a better security and a cold wallet solution. If this solution will require 1/5 or even 1/10 of the efforts respect to integrate a Ledger Nano, both on desktop and Mobile with Bluetooth/OTG both on Android/iOS (most of incognito users are still from mobile probably), I will consider the QR solution because Incognito can recycle the code used in the current mobile App. PRO users will have an enhanced security.

  3. It is not true that QR are not an industry standard. What is exactly an industry standard in crypto? If you look at Metamask, both extension and mobile versions support QR code based cold signers, and it will support more in the future. It is a technology like others. And a cheap technology. You can use it even where you cannot buy or afford a Ledger Nano, or if you don’t like it. And of course you can opensource the whole signer, not only a part of it. You still introduce a separated device, that is not small and secured by a dedicated hardware, but if used offline on a clean phone is still better than no cold solutions at all.

So, TLDR:

If the Incognito team can deliver a Ledger Nano solution, effective on the desktop extension and on mobile with calculated efforts, quickly, without sacrifice other important developments, it would be the greatest thing and a big milestone. BUT if this is not possible and the QR solution is easy and quick to do, why not? It will be a plus, same codebase, easy to maintain, free choice for the user, effective. Keeping the Ledger nano as a long term goal. I think that everything is a compromise, only the Incognito team and devs can estimate the efforts, manhours, budget and time needed to develop the Ledger app, the integrations with the new browser extension and the mobile app, and give a priority to one task or the other. The only sure thing is that a cold wallet solution is needed, more about security that UX in my opinion.

4 Likes

Any update on status of ledger integration?

2 Likes

:point_up_2: @Jayce_Nguyen @duc @maisie @Jared - Any update on the Roadmap.

By adding this feature the platform will attract more assets as there would be a greater sense of security.

1 Like

Hey guys, please have a look at the topic to see status of the product. cc @Linnovations, @brico84. Thanks.