Hardware wallet provider Ledger has recently faced criticism and concerns from the crypto community regarding its newly announced Ledger Recover service. This service, introduced in the latest firmware update, aims to provide an ID-based key recovery solution by backing up users’ seed phrases. However, the crypto community has raised significant concerns about the potential risks associated with this service.
To utilize Ledger Recover, users are required to provide their passport or national identity card to confirm their identity. Three encrypted fragments of the seed phrases will be entrusted to Ledger, Coincover, and another third-party escrow provider. This arrangement has raised concerns among some users, who must now rely on the security of these companies.
Exciting update, Ledger has a new product, Ledger Recover, that’s launching soon: https://t.co/nT1VHnnSYz
🧵Here’s what Ledger Recover is and what it isn’t, explained by @P3b7_ & in the thread below. pic.twitter.com/RW1w07H6pK
— Ledger (@Ledger) May 16, 2023
Crypto community demands clarification from Ledger
Despite the fact that the service is optional and costs $9.99 per month, there are concerns that security flaws could affect even those who opt-out. These worries skyrocketed when Reddit user Joe Smith Reddit asked a specific question about whether Ledger’s systems had a built-in backdoor for accessing users’ private keys.
Is there a backdoor? Yes or No
by u/Joe_Smith_Reddit in ledgerwallet
Joe_Smith_Reddit’s question specifically referred to Ledger’s recover service, designed for Nano X device holders to recover their crypto in case they lose both their wallet device and recovery phrase.
In response to customer complaints, Ledger reaffirmed its dedication to self-custody. The business clarified on Twitter that the Ledger Recover service is entirely optional and is not turned on by any firmware update automatically. They stressed that the user’s secret recovery phrase is generated securely on the device and is not accessible to the firm.
Self-custody remains and will always be the core principle of Ledger. The ethos of self-custody is that it’s your choice – you can choose to manage all your assets yourself, or you can have a backup with Ledger Recover.
It’s up to you – and that won’t change.
— Ledger (@Ledger) May 16, 2023
Despite these assurances, there are still some worries in the community, mostly related to the idea that Ledger devices might not offer users’ private keys the level of protection that the manufacturer claims.
Some opine users stop using the hardware wallet
Many users have expressed their lack of confidence in Ledger’s ability to protect digital sovereignty as a result of this, saying they can’t continue to recommend the hardware wallet manufacturer to anyone who values their privacy.
This opinion was echoed on Twitter by well-known cryptocurrency developer, author, and auditor “foobar,” who urged followers to stop using Ledger wallets immediately.
Stop using Ledger hardware wallets. Migrate away from them immediately. They’ve shown nothing but gross incompetence and wild misunderstanding of their own purpose. And now they’ve publicly admitted to intentionally backdooring their own proprietary hardware. Stop using Ledger pic.twitter.com/LLFFUsOW4y
— foobar (@0xfoobar) May 16, 2023
For existing customers who demanded the highest level of security from their devices, Ledger should have introduced a separate wallet offering a seed recovery service rather than adding it as a firmware update, according to many members of the community.
It’s worth noting that Ledger has faced previous incidents compromising user security, such as accidentally leaking the personal information of over 270,000 customers in July 2020. However, it is important to highlight that this particular incident did not impact the security of users’ private keys.
While the company asserts the service’s optional nature and highlights its commitment to users’ self-custody of funds, doubts remain regarding the overall security of private keys.