- Ledger has rolled out a firmware update.
- The update has attracted a lot of flak from the community.
- The wallet provider has pushed back against critics.
Deciding how to store crypto assets can be difficult for many, as each method has disadvantages. However, using hardware wallets, a technique known as cold storage, is often touted as the most secure option by core crypto proponents.
This is because hardware wallets have no connection to the internet, unlike other means of storing crypto assets, reducing the risk of hacks. Nonetheless, cold storage methods are not without flaws, as these devices can be misplaced, and, like other non-custodial methods, users can lose their seed phrases.
One of the most popular hardware wallet providers, Ledger, has attempted to tackle one of these perceived weaknesses but has received significant pushback from the crypto community for potentially creating another weakness.
On Tuesday, May 16, Ledger unveiled Ledger Recover, “an optional subscription” service that helps users back up their wallet seed phrase for $9.99 per month.
Ledger explains that the service will split customers’ seed phrases into three encrypted fragments stored separately with Ledger, Coincover, and EscrowTech.
While Ledger assured that the process was secure and opt-in only, these assurances failed to convince a cross-section of crypto users, who suggested that the new feature created a backdoor to customer wallets that bad actors could exploit.
Delegate Cash builder foobar, @0xfoobar on Twitter, was one of the most vocal critics of the wallet recovery service that came with Ledger’s latest firmware update. foobar, known for calling out security flaws in project contracts, urged crypto community members to “Stop using Ledger.”
"The code path to send private key material over the internet will be on your device, whether you opt in or not. Hackers can take advantage of this, and software bugs more likely to leak. Ledger’s business trajectory is one of wanton disregard for customer safety. Switch wallets," foobar argued in a lengthy Twitter thread.
Former Grant Thornton senior manager Aftab Hossain, popularly known as DCInvestor, reminded crypto community members that Ledger had experienced a data breach in 2020 that leaked the personal information of about 272,000 customers.
“The absolute last thing you want on their servers is your private key,” he added.
Ledger has refuted these criticisms.
Ledger Responds to Critics
Ledger has pushed back against critics of its wallet recovery service, asserting that the service does not create a backdoor to customer wallets.
"Here, the point which is important to remember is that you stay in control…there’s no backdoor, nothing will happen without your consent on the device…in the future, the whole protocol will be open, so you’ll be able to verify how the whole protocol works," Vice President of Ledger's Innovation Lab Nicolas Bacca asserted.
Ledger Chief Technology Officer Charles Guillemet suggested that the product was for people who were new to crypto technology and struggled to understand its sometimes intimidating user experience.
“Ledger Recover is what our future 100m of customers want – they will onboard into crypto in a secure way with Ledger Recover,” Ledger Chief Executive Officer Pascal Gauthier argued.
On the Flipside
- Trezor, another popular cryptocurrency hardware wallet provider, has recently sparked censorship concerns after integrating CoinJoin in a recent upgrade.
Why You Should Care
Following recent crypto industry blow-ups, trust in centralized platforms has significantly diminished, fueling self-custody campaigns that have seen many holders take their assets off exchanges.
Read this to learn more about hardware crypto wallets:
12 Best Crypto Hardware Wallets to Explore in 2022
The SEC has responded to Coinbase’s writ of mandamus. Find out how it impacts the case:
How the SEC’s Response Affects Coinbase’s Case