Hardware wallet manufacturer Ledger has announced the launch of its new Ledger Flex wallet, which builds on the design language and E Ink touchscreen interface established with its previous Stax model.
Priced at $249, the Ledger Flex sits beneath the premium $399 Ledger Stax in the firm’s line-up of devices. It sports a 2.8” E Ink capacitive touchscreen display with 600 x 480 pixel resolution—but without the Stax’s Tony Fadell-designed curved screen. It comes in one of two colorways; the firm’s signature black and silver design, or a special orange BTC Edition variant.
“Our new secure touchscreen category will make self-custody more accessible than ever before for more consumers and enterprises,” Ledger CEO Pascal Gauthier said in a press release.
Weighing in at 57.5g, the Flex also packs USB C, Bluetooth 5.2 and NFC connectivity into its 78.40 mm × 56.50 mm × 7.70 mm frame, along with a battery that promises “weeks or even months on one charge.”
Most importantly, of course, the Flex also packs in the company’s Evaluation Assurance Level (EAL) 6 certified secure element, which secures its line-up of devices. The secure element is the heart of the device, generating and storing the user’s private keys and powering Ledger’s secure screen.
The firm claims to have a “unique approach” to implementing secure elements, incorporating a proprietary operating system, BOLOS, alongside Donjon, a team of white-hat hackers tasked with finding and addressing vulnerabilities in its hardware and software.
Proof of You
The Flex is part of the company’s bid to “secure a world that’s embracing AI,” by providing “Proof of You,” the firm said in its press release. That initiative kicks off with a new Ledger Security Key app that enables users to create Two-Factor Authentication 2FA and Passkeys built using the open FIDO 2 specification on the device.
The app, available for both the Flex and Stax wallets, allows for passwordless login to sites such as Google, Amazon and crypto exchanges Binance and Coinbase, by tapping the device against a phone using NFC, or plugging it into a personal computer.
Ledger and security
Ledger has faced criticism over elements of its security in the past. In 2021, an email database of the firm’s customers was hacked, exposing the personal details of almost 300,000 Ledger users.
Last year, a malicious version of the Ledger Connect Kit was identified by developers posting on Twitter, leading the firm to warn customers to stop interacting with decentralized applications (dapps) while it implemented a fix.
More contentiously, in May 2023 the firm came under fire for Ledger Recover, an ID-based key recovery service that backs up users’ seed phrases. While Ledger reassured users that it was an opt-in service, some accused the firm of creating a “backdoor” on devices, arguing that “The code path to send private key material over the internet will be on your device, whether you opt in or not.”
The Paris-based company’s co-founder Nicolas Bacca said at the time that the service is “not a backdoor at all, because nothing will happen without your consent on your device,” adding that it did not increase attack vectors on the hardware wallets.
The hardware wallet company advertises the its Recover service as being supported on Ledger Flex from launch, adding that, “With Ledger Recover you never have to worry about recovering access to your wallet, even if your physical Secret Recovery Phrase backup is lost or destroyed.”
Edited by Stacy Elliott.