- Ledger found itself at the center of unwanted drama in the past week.
- The firm has made a move to put an end to recent concerns.
- The damage may have, however, already been done.
In the past week, crypto hardware wallet manufacturer Ledger has dominated discussions in the crypto space, but not for reasons it would prefer.
Ledger opened a can of worms to quell outrage over its newly announced seed phrase recovery service. In a now-deleted tweet, the firm noted that accessing user seed phrases with a firmware update has always been possible, but users trusted Ledger not to do so. The statement contradicted previous assurances to customers and reignited concerns over the lack of visibility into the hardware wallet’s codebase.
The situation worsened as former Ledger Chairman Eric Larcheveque suggested that the government could theoretically gain access to the wallets of Recover subscribers with a subpoena. With mounting pressure from the community, Ledger has decided to hit the brakes on the Recover service. But several community members suggest it may be too late to undo the damage to Ledger’s reputation.
In a message to customers on Tuesday, May 23, Ledger Chief Executive Officer Pascal Gauthier asserted that the firm had learned its lessons from recent events, revealing that it would hold off on launching the recovery service until it makes as much of its codebase as possible open-source.
However, comments from several community members indicate that the damage to Ledger’s reputation may have already been done.
ZenGo wallet co-founder and security researcher Ta’al Be’ery argued that the main issue with Recover was that it was possible to access user private keys and send them over the internet with a firmware update, something Ledger had previously claimed to be impossible. “Open-sourcing only the recovery code does not help,” Be’ery argued.
Crypto journalist Jeremy Nation echoed Be’ery’s sentiments, adding, “I can never trust your product again though.”
Despite these comments, it is worth noting that the response to Ledger’s decision has not been completely negative. The firm managed to sway “foobar,” one of the most vocal critics of the Recover service.
Happy to see these changes,” foobar tweeted, praising the firm for its plan to allow customers to choose their sharded seed phrase backup providers.
Ledger Recover is a planned subscription-based service designed to tackle one of the biggest problems crypto users face with self-custody: keeping their private keys safe. Ledger initially designed the service to create an encrypted version of customer seed phrases split into three fragments to be held by three firms, including Ledger.
However, the hardware wallet provider received backlash from crypto community members who argued that the service created an exploitable backdoor in the product.
On the Flipside
- Ledger can not make all its code open source because of its Secure Element chip, which protects the device from unauthorized access.
- Crypto community members have suggested that Ledger create an entirely new line of products for the Recover service.
Why This Matters
Ledger hardware wallets are believed to be among the most secure wallets in the crypto space.
Read this to learn more about why Ledger Recover sparked outrage:
Here’s Why Ledger’s New Recovery Service Raised Alarms
Governments could access the funds of Ledger Recover users on request. Find out more: