2026-05-28 · ledger
Ledger's latest security article is about identity, but the practical lesson applies directly to custody and cold storage. The company argues that in a deepfake-heavy world, any internet-connected screen can be manipulated, which means software-only approval flows are no longer trustworthy enough on their own. The post makes the case for hardware-backed verification and physically isolated signing surfaces as the root of trust. That is the same logic behind cold storage: keep the authority to sign away from systems an attacker can reach remotely.
Ledger published 'Proof of Personhood: How Your Signer Proves You're Human' on May 22, 2026. The article argues that synthetic voice, video, and identity attacks make it unsafe to trust what appears on a phone or laptop screen. Ledger says its secure screen and secure element provide a physically isolated approval path that malware cannot tamper with.
When a signer or approval flow is spoofed, the loss is immediate and usually irreversible. In custody and payments, a fake confirmation can authorize transfers, approvals, or identity actions that cannot be rolled back once broadcast. The cost is not just stolen assets but also the loss of trust in any software-only confirmation layer.
Cold storage works because the signing authority stays inside hardware that is not exposed to the internet. Ledger's argument is that the secure element and secure screen create a root of trust that a compromised computer cannot fake. For high-value holdings, that hardware boundary is what turns a suspicious click into a safely rejected action.
Read Original Post →