Developer REKTBuilder claims to have discovered a “genuine device check” that transmits data about users’ wallet usage, including which apps they install.
Ledger Live software tracks its users and accumulates data about them, according to a report from pseudonymous software developer and privacy advocate REKTBuilder. The developer investigated the software’s Python code and allegedly found that it performs a “genuine device check” every time the user connects their Ledger device to their PC or phone. This check lists every app installed on the device, REKTBuilder claimed, allowing Ledger to know which networks the wallet owner is using.
REKTBuilder is a pseudonymous researcher who posts to Crypto.bi forums and on X (formerly Twitter). On Dec. 6, they published a report claiming that Ledger Live was recording users’ crypto balances. The following day, they released what they claimed to be a “tracker free” open-source alternative to Ledger Live, called “Lecce Libre.”
REKTBuilder now claims to have discovered an even bigger privacy issue with Ledger Live. According to their Dec. 27 post, they discovered that multiple lines of code contain the phrase “genuine check.” When they added “tracing prints” to this code, they found that it didn't run at the time when the software appeared to be checking the device. With their curiosity piqued, REKTBuilder investigated further and found that the actual check is embedded within a “listApps” subroutine. The check can be used by Ledger to determine the time and date of each moment that a user connects their device, REKTBuilder claimed.