Executives in the blockchain industry often speak of “decentralization,” self-sovereignty,” and “trustlessness.” They espouse a vision of a future financial and internet ecosystem that is free from rent-seeking middlemen and unreliable intermediaries.

The failures of major blockchain projects and companies are not uncommon. Users are often surprised and furious to discover that they had unknowingly put their trust in substandard code, centralized entities, or hardware with security issues.

This article was featured in The Protocol’s latest issue, our weekly newsletter that explores the technology behind crypto one block at a tim. Subscribe here to receive it every Wednesday.

Ledger is the latest example. The Paris-based crypto hardware company announced on Tuesday, after a firestorm of public relations last week, that it was delaying plans to release an controversial new wallet recovery feature called Ledger Recover.

Ledger accidentally drew the attention when it announced the proposed feature, last week. The company could theoretically move wallet seeds phrases off-device through user-approved firmware updates. The company had previously given the impression that their devices were designed to avoid this scenario.

Ledger vehemently denied allegations that its capabilities amounted to a “backdoor.” But the company’s initial response to outrage, pointing out (in a now-deleted tweet) that users were always trusting Ledger not extract user keys, only served as fuel for the furor. Ledger has vehemently rejected allegations that it is a “backdoor”. But its initial response, which pointed out that users always trusted Ledger to not extract user keys, only served to further fuel the furor. One widely circulated video showed a user smashing the Ledger with a hammer before blowing torching the device into flames.

In a email sent to Twitter on Tuesday by Ledger CEO Pascal Gauthier, he apologized to his customers and promised to open source “as much as the Ledger Operating System as possible.” He also said that he would delay the release date of Ledger Recovery.

Ledger is still theoretically capable of moving user keys through future software updates, but this ability has been limited by the way Ledger wallets and other similar wallets have been designed.

The incident was a valuable lesson in the limitations of hardware wallets. These are generally considered to be the safest way to store crypto. The fiasco was a valuable lesson in the limitations of hardware wallets, which are generally considered the most secure way to hold crypto.

Ledger’s PR meltdown

Ledger made a mistake in its marketing in the weeks leading up to last weekend. It emphasized crypto’s “trustless’ ethos. It was a message that appealed to crypto enthusiasts, but left a false impression about Ledger’s technological capabilities.

Eric Larcheveque , former CEO of Ledger and co-founder, argued on Reddit , that the “meltdown,” which occurred last week, was a “total public relations failure but not a technological one.”

Larcheveque is a Ledger share holder but does not work at the company. He wrote that, as Ledger grew in popularity, so did the misperception that Ledger wallets required zero trust from their users.

He wrote: “People began to think Ledger is a solution that cannot be trusted, but this is not true.” Ledger’s product must be used with some level of trust.

Users didn’t understand the nuance. Larcheveque then linked to a Reddit user’s explanation of what happened: “Fundamentally, nothing has changed in the lLedger software or hardware,” cmplieger wrote. What has changed is the lLedger developer’s decision to add a new feature, taking advantage of their small computer and the flexibility it provides. People finally understood the product and the trust factor involved.

Reddit user Florian995 made the most upvoted comment: “What I have learned is that I don’t know anything about the wallet that I am using.”

Hardware limitations

You can be upset when companies oversell products. But trustlessness and decentralization are on a continuum, and crypto-acolytes may be disappointed if they think that they can leave one company and switch to a more pure, ideologically pure, alternative.

The case of Ledger shows how the current state of blockchain technology is not up to some of the industry’s most ambitious promises.

Ledger claims that their USB thumb drives store user keys on a “secure component” – an impenetrable mini computer chip. Ledger’s claims of “trustlessness” are centered around the secure component, and the company has explicitly assured users that they cannot reach inside the element to get user keys.

Christopher Allen, Chief Architect at Blockchain Commons (a non-profit crypto infrastructure), said that chip technology has not reached the point at which Ledger can make such a promise.

Allen, a CoinDesk reporter, said: “Ledger was caught up in a weakness which all wallets have to some extent today due to chip technology.” Secure element chips cannot perform the type of cryptography required to encrypt all user keys on device. (Allen said his team at Blockchain Commons are working to fix this, but the technology isn’t yet ready.

Allen argued that Ledger was not necessarily flawed. They inadvertently exposed a structural weakness that was all over the place.

Bradley Keoun is the editor.