This article explains why the Ledger Live app will not support the Ethereum POW fork immediately after the Merge.
- The Ethereum POW team announced they would be launching the fork within 24 hours after the Merge. Learn more here.
- You will not be able to access your ETHW coins until the Ethereum POW network officially launches.
- After launch, you will not be able to see your Ethereum POW account(s) and ETHW coins in Ledger Live.
- You will be able to access your Ethereum POW account(s) and ETHW coins with your Ledger device and third-party software like Metamask after the Merge.
- However, we strongly recommend not to move your ETHW coins and POW assets (tokens and NFTs) until the Ethereum POW chain becomes safe to use.
- We don't have an ETA for EthereumPoW support in Ledger Live.
- Read on to learn more.
There are two main security concerns regarding Ethereum POW: replay attacks and hashrate.
What is a replay attack?
A replay attack consists in taking a signed transaction from one network and "replaying" it on a different network.
Here's an example of a replay attack:
- After the Merge, you decide to access your Ethereum POW account with your Ledger device and Metamask.
- Using your Ledger device, you sign a transaction to move 10 ETHW coins from your Ethereum POW account to an exchange (for example FTX).
- A malicious attacker "listening" to the network gets ahold of your transaction and replays it on the Ethereum POS chain.
- Suddenly, you see 10 ETH move from your Ethereum POS account to FTX.
Replay attacks cannot steal your coins because the attacker never has access to your private keys. An attacker can only replay a transaction you already approved but not move your coins to their own wallet.
However, these attacks can be very disruptive and cause unwanted transactions.
All an attacker needs to carry out a replay attack is to access any transaction signed by your Ledger device. Then they'll be able to replay those transactions on any network that uses the same chain ID as the network you initially broadcast your transaction on.
Let's explore the concept of chain ID.
What is a chain ID?
A chain ID is a number that specifies the network on which a transaction is valid. For example, Ethereum's chain ID is 1. You can find a list of chain IDs for most Ethereum-compatible networks here.
When a transaction is created on Ethereum, your Ledger device automatically includes Ethereum's chain ID (1) in the transaction data to create a signed transaction that can only be accepted on the Ethereum mainnet.
If a malicious actor were to get ahold of that signed transaction and broadcast it on, say, the Arbitrum network (whose chain ID is 42161) this transaction would immediately be rejected and fail.
In summary, chain IDs are the way networks stay siloed and protect their users against replay attacks.
In the case of Ethereum POW, their core team has not yet been able to provide a secure chain ID to protect their users against replays. By secure, we mean a chain ID that's unique to the Ethereum POW network and that will be effectively enforced by its nodes.
This is a problem.
If the Ethereum POW team fails to provide a secure chain ID before the launch of the network, this will expose users to replay attacks on the Ethereum POS chain and vice versa.
But that's not all
The second concern we have regarding the security of the Ethereum POW chain is hashrate.
What is hashrate?
Hashrate refers to how much computing power goes into a network to mine blocks.
Typically the more hashrate goes into a network, the more difficult it becomes to mine blocks and the more that network is safe from 51% attacks.
In this sense, hashrate is a proxy for security. The higher the hashrate, the more secure the network becomes.
Regarding Ethereum POW, it's yet to be seen how much hashrate will ultimately go into the network after launch.
A low hashrate would make it easy for malicious miners to carry out 51% attacks on the network. 51% attacks are disruptive for users not because they can steal your coins but because they can "censor" your transactions by rolling back blocks.
They also create opportunities for double-spend attacks which are problematic for exchanges and merchants. You can learn more about 51% attacks here.
At Ledger, we put security first.
Security includes protecting our users against networks that could potentially cause them financial harm.
Given the current uncertainty around the Ethereum POW project, we have decided not to support Ethereum POW in Ledger Live for the time being.
Once (if?) the Ethereum POW network launches, we will continue monitoring the network, community, and code. When we're confident that the project has implemented adequate replay protections and has garnered enough mining power to be secure, we will reconsider integrating Ethereum POW into Ledger Live.
Of course, as a Ledger user, you have complete control over your private keys. This means that once the Ethereum POW network launches, you're completely free to use your Ledger to access your Ethereum POW account and ETHW coins.
Our role however is to make sure that you understand the risks associated with transacting on a network that could launch with severe security issues.
This is why we strongly recommend that Ledger users avoid transacting on the Ethereum POW chain until all security concerns have been cleared. Please follow us on Twitter for updates.
That being said, we wish you a happy and safe Merge, we're living through a pivotal moment in the history of Ethereum and we at Ledger are looking forward to a successful transition to POS.
Please stay safe and don't hesitate to reach out if you have any questions regarding the Merge. We'll be happy to help!
I understand the risks of using Ethereum POW, how can I access my ETHW coins?
- Once Ethereum POW is launched, you will be able to use your Ledger device and Metamask to access your Ethereum POW account and ETHW coins. Learn more here.
- We recommend keeping your ETH in a mainnet account for the ETHW snapshot.
- You might not get ETHW for:
- Wrapped ETH (WETH).
- Staked ETH derivatives like stETH or rETH.
- ETH kept in a roll-up account like Arbitrum or Optimism.
- ETH kept in a liquidity pool.