Controversial New Ledger Service to Store Wallet Recovery Phrase; A new security concern for users?
Ledger, the maker of cryptocurrency hardware wallets, has come under fire from many prominent members of the industry after introducing its controversial new service. While the company’s CEO believes that this feature could replace the use of paper in the future, critics argue that the service will compromise users’ privacy and security.
Community reaction
To Report Cointelegraph, Ledger Recover is a shared service that allows users to use an additional layer of protection to preserve their private keys. This service uses a technique where the user’s seed phrase is split into 3 encrypted pieces, each of which is sent to a different external storage company. Once these pieces are combined and decoded, they can be used to reconstruct the wallet recovery phrase.
The Ledger wallet maker has announced that Ledger Recover is an optional subscription service for those users who want to back up their recovery statement.
The company explained:
It is not mandatory to use this service, and if you have purchased Ledger because you want to manage your own wallet recovery statement, you can continue to do so.
However, the introduction of this idea has angered many users of the cryptocurrency community, especially security professionals.
Mudit Gupta, Chief Information Security Officer at Paligan Labs, said:
Ledger Recover is a terrible idea, don’t use it. The problem here is that the pieces of encrypted keys are sent to 3 companies and they can reconstruct your key.
Changpeng Zhao, the founder and CEO of Binance, also mentioned Gupta’s words:
It means that now the recovery phrase can be sent outside the device? This seems to go against the idea that your private key never leaves your wallet.
Chris Dunn, Bitcoin investor and podcaster, also mentioned the leak of Ledger user data in 2020:
First they leaked their customers’ mailing addresses, phone numbers, and email addresses… and now a way to get wallet recovery phrases. It’s time to say goodbye to Ledger.
DCinvestor, a digital currency investor, also pointed to the leak of Ledger users’ information in the past, which exposed them to vulnerability.
I recall that several years ago, the names and home addresses of all Ledger customers were exposed through a data leak. The last thing you want stored on their servers is your private key.
Alistair Milne, an entrepreneur and Bitcoin investor, also criticized this new service and said:
Of course, you can use the new Ledger Recovery service and give them control of the private keys of your assets, as well as a copy of your ID and other personal information. But why bother buying a hardware wallet in the first place?
Milne believes that the Ledger Recovery service questions the most important feature of using hardware wallets, i.e. self-custody.
Ledger’s answer
according to Report Kevin Desc, Pascal Gauthier, CEO of Ledger defended this new service on Twitter and said:
You say this is not what customers want. But in reality, this is what prospective customers are looking for. This is a way that could bring hundreds of millions more people into the digital currency market.
Emphasizing that the ledger recovery service is a necessary step to attract new users of digital currencies, he added:
Sorry, but the era of using a piece of paper is over, while Ledger Recover is the solution of the future. We will never compromise to maintain security.
Ian Rogers, Ledger’s senior director of experience, also noted that using the service is optional and that the company is transparent about working with third-party organizations.
He added:
The reason people are so scared is probably unwarranted… As a consumer, you have a choice and you can figure out who is the company you trust.
In April, Ledger introduced the Ledger Nano S Plus wallet; A specialized wallet designed to hold Non-Featured Tokens (NFT). This new wallet aims to increase user safety and provide an improved user experience for Web 3.0 clients who trade NFTs on an ongoing basis. The introduction of this product sought to integrate Clear Signing technology into Ledger Live, which strengthened the security of users.
Ledger was founded in 2014 (1393) and during this time it has become a leading global player in the field of cryptocurrency hardware wallets. According to reports, the company has released 6 different wallet models and sold about 4.5 million wallets.