- Discontent has surged as Ledger’s feature sparks outrage among wallet owners.
- Ledger Recover promises added security but raises industry eyebrows.
- Concerns have been voiced by security specialists and influential figures over the risks involved.
This past week has seen a tumultuous period for crypto security, with hardware wallet provider Ledger releasing an update that introduced a new service known as Ledger Recover. The service was designed to offer an additional layer of security to users of their hardware wallet.
However, it appears that the company’s hopes for the service were met with less enthusiasm than they expected. If you would like to find out more, you can read this article by my colleague, David Okoya.
The update sparked significant controversy in the community over concerns about a potential backdoor. I decided to dive deeper into the issue and explain exactly what the service does and where the community’s complaints are coming from.
Ledger Introduces Subscription-Based Crypto Security Service
Ledger Recover offers users an additional layer of protection for their private keys. This approach involves the fragmentation and encrypting of the user’s seed phrase into three distinct parts, which are then dispatched to separate external entities. The fragments are then combined and decrypted to reconstruct the original seed phrase.
According to the wallet provider, Ledger Recover is an optional subscription particularly useful for users who want to back up their secret recovery phrase. However, users who prefer to manage their recovery phrases themselves can still do so, as the subscription is not mandatory.
Despite the benefits of the Ledger Recover service, it has faced criticism from crypto community members, including security specialists. The service’s detractors argue that outsourcing the storage and protection of one’s private keys to external entities is risky.
Ledger Recover Sparks Outrage in Crypto Community
Mudit Gupta, the chief information security officer at Polygon Labs, strongly criticized the idea, emphatically advising against enabling this feature. Gupta took to Twitter to elaborate, cautioning that the encrypted key portions are sent to three corporations that possess the ability to reconstruct users’ keys.
Changpeng Zhao, the founder and CEO of Binance, joined Gupta’s thread, expressing his concerns by stating, “So the seed can leave the device now? Sounds like a different direction than “your keys never leave the device.”
Ledger Clarifies Concerns Over ‘Ledger Recover’
Ledger attempted to provide some clarification amidst the rising concerns. The team emphasized that Ledger Recover is primarily aimed at newcomers to the world of self-custody. They intended to cater to individuals who may find managing their recovery phrase independently challenging.
Furthermore, Ledger stressed that there is no backdoor in the system. They sought to reassure users that they would remain in control of their assets and information.
On the Flipside
- While concerns have been raised about the involvement of external entities in the reconstruction process, the encryption and dispersal of the seed phrase fragments aim to maintain a high level of security.
- Ledger’s previous data leak incident, although regrettable, does not necessarily indicate a direct correlation with the security of the Ledger Recover feature.
- The introduction of Ledger Recover provides an alternative solution for users who may prefer the convenience of a recovery service rather than solely relying on managing their recovery phrase independently.
Why You Should Care
Ledger’s reputation has been called into question due to past data leaks, and now, with the introduction of this service, concerns are raised about the security and control users have over their private keys.
The comments from industry experts and influential figures like Mudit Gupta and Changpeng Zhao further highlight the apprehension and skepticism surrounding Ledger’s latest offering.
To learn more about Ledger’s response to the uproar over their wallet recovery service, click here:
“There’s No Backdoor”: Ledger Responds to Uproar Over Wallet Recovery Service
For the latest on Ripple claiming victory over the SEC in the Hinman document claim, read here: