SCANDAL! Ledger Accused of Exposing User Seed Phrases

SCANDAL! Ledger Accused of Exposing User Seed Phrases
Table of Contents

Hardware wallet provider Ledger has recently faced criticism and concerns from the crypto community regarding its newly announced Ledger Recover service. This service, introduced in the latest firmware update, aims to provide an ID-based key recovery solution by backing up users’ seed phrases. However, the crypto community has raised significant concerns about the potential risks associated with this service.

To utilize Ledger Recover, users are required to provide their passport or national identity card to confirm their identity. Three encrypted fragments of the seed phrases will be entrusted to Ledger, Coincover, and another third-party escrow provider. This arrangement has raised concerns among some users, who must now rely on the security of these companies.

Crypto community demands clarification from Ledger

Despite the fact that the service is optional and costs $9.99 per month, there are concerns that security flaws could affect even those who opt-out. These worries skyrocketed when Reddit user Joe Smith Reddit asked a specific question about whether Ledger’s systems had a built-in backdoor for accessing users’ private keys.

Is there a backdoor? Yes or No
by u/Joe_Smith_Reddit in ledgerwallet

Joe_Smith_Reddit’s question specifically referred to Ledger’s recover service, designed for Nano X device holders to recover their crypto in case they lose both their wallet device and recovery phrase.

Ledger Accused of Exposing User Seed Phrases

In response to customer complaints, Ledger reaffirmed its dedication to self-custody. The business clarified on Twitter that the Ledger Recover service is entirely optional and is not turned on by any firmware update automatically. They stressed that the user’s secret recovery phrase is generated securely on the device and is not accessible to the firm.

Despite these assurances, there are still some worries in the community, mostly related to the idea that Ledger devices might not offer users’ private keys the level of protection that the manufacturer claims.

Some opine users stop using the hardware wallet

Many users have expressed their lack of confidence in Ledger’s ability to protect digital sovereignty as a result of this, saying they can’t continue to recommend the hardware wallet manufacturer to anyone who values their privacy.

This opinion was echoed on Twitter by well-known cryptocurrency developer, author, and auditor “foobar,” who urged followers to stop using Ledger wallets immediately.

For existing customers who demanded the highest level of security from their devices, Ledger should have introduced a separate wallet offering a seed recovery service rather than adding it as a firmware update, according to many members of the community.

It’s worth noting that Ledger has faced previous incidents compromising user security, such as accidentally leaking the personal information of over 270,000 customers in July 2020. However, it is important to highlight that this particular incident did not impact the security of users’ private keys.

While the company asserts the service’s optional nature and highlights its commitment to users’ self-custody of funds, doubts remain regarding the overall security of private keys.

RELATED POSTS

Follow us on Social Networks

Crypto Tutorials

Crypto Reviews

Ads