Ledger Wallet Still Safe – The technology behind cryptocurrency and blockchain is very strict with security. Having your private key means that you have full control over your assets and you alone have the permission to move them.
But on the other hand, a little carelessness with these private keys can result in you losing all your holdings. Sadly, there have been lots of news almost daily of individuals who lost their assets due to a private key breach.
Ledger has unveiled “Ledger Recover”, a service that allows users of its Ledger Nano X hardware wallet to get the seed phrase that enables wallet recovery. In theory, the service appeared to be timely and user-friendly, as it would assure that wallet users would never lose their crypto, even if they misplaced their physical (or digital) copy of their seed phrase.
But a sizable part of the cryptocurrency community reacted angrily to Ledger’s revelation with a mixture of surprise and fury, accusing the maker of digital wallets of unintentionally building a potential backdoor into its products. However, even though Ledger has so far been unable to allay these worries, it can be argued in favor of Recover that it is essential if the industry is to promote greater cryptocurrency adoption and more self-custody, which has become more and more important in the wake of exchange hacks and bankruptcies.
Crypto community criticizes Ledger Recover
Ledger Recover is easy to comprehend in the abstract. The solution, which is offered by Ledger, Coincover, and EscrowTech, basically divides a wallet’s seed phrase into three encrypted shards that are kept by three different service providers. In the case that their own copy of the phrase was lost, doing this would allow the owner of the wallet to access the seed phrase again.
The seed phrase of a cryptocurrency wallet is a collection of 12 or 24 randomly generated phrases that may be used by the wallet’s owner to acquire the private keys required to withdraw money from the wallet. In other words, you can recover your private keys if you misplace them by using the seed phrase.
By offering a way to recover the items required to restore the keys, Ledger’s goal with Recover was to add another level of protection on top of this.
You must “verify your identity using your ID card” in order to sign up for Recover, as stated by Ledger on its website. Know-your-customer procedures are also required to make sure that you are the person utilizing the service and not a malicious person. Due to the usage of KYC, wallet owners may also obtain the encrypted portions of their seed recovery phase, even though such portions are meaningless on their own.
Additionally, Ledger states that Recover is an opt-in service, so you are free to choose not to sign up for it. Such safeguards, meanwhile, were unable to stave off a considerable wave of criticism that was primarily motivated by worries that hackers may exploit the service as a means of attack.
For instance, bitcoin trader Ryan Berckmans stated on Twitter that “Ledger firmware v2.2.1 installs Ledger Recover, a negligent service that extracts your hardware wallet private keys and sends them over the internet.” He wasn’t the first one to attack the French company in response to Ledger’s statement; Web3 adviser Vanessa Harris said the service is “just begging to be exploited.”
The core of these objections is that Ledger devices will contain firmware that enables them to communicate a wallet’s private keys over the internet once Ledger Recover is released. Yes, Ledger has consistently maintained in support of its position that users must voluntarily sign up for the service in order to utilize it and that private keys cannot be reassembled without identification documentation. However, the concern is that since this core capability is encoded in the devices’ code, resourceful hackers may discover a method to exploit it.
Trezor sales reportedly surge over 900%
In response to these worries, Trezor has claimed that sales of its products have increased by 900%, however, it hasn’t provided any concrete breakdowns or supporting information. Although others have gone so far as to say that Ledger has “all but destroyed their reputation,”
it is quite conceivable that Trezor has seen a rise in sales. This would occur despite the fact that security company Unciphered claimed to have physically hacked the Trezor T hardware wallet shortly after the Ledger scandal and that the problem is “unfixable at the chip level.”
Unsurprisingly, Ledger has taken action to address the community’s concerns in the face of this problem. The first thing it did was declare through a blog post that it would delay Recover’s release and make the latter’s code open source so that developers and community members could check it out for themselves (and maybe determine that it is secure).
Additionally, it has published a Ledger Recover FAQ that directly responds to a variety of queries and requests made by the community. The confirmation that access to your device’s private key is permitted “only after you manually approve and confirm it” is a part of this.
Additionally, it claims that contrary to what some observers have suggested, having two distinct operating systems—one with the capacity to do a Recover and the other without—would not increase security.
However, Ledger CEO Pascal Gauthier admitted the hypothetical potential that a government subpoena may be used to access a seed phrase supported by the Recover service, requiring the service’s three separate providers to turn over the phrase’s pieces.
This acknowledgment highlights the unavoidable truth that every security solution has its own drawbacks, and Recover is no exception. Some in the community, however, have asserted that the service could be required for people who lack the technological know-how to securely store their seed recovery phrases themselves, notwithstanding any potential flaws.
Given how harsh crypto might be in the event that you lose your private keys, Recover can actually be praised for making self-custody more accessible to many more individuals. In reality, according to Glassnodes, three million BTC, or around $83.46 billion, have been irretrievably destroyed, highlighting the possible cost of Bitcoin’s stringent security measures.
Even if Ledger may not have gotten all the specifics just right, it has made a step in the right direction with its new service. If nothing else, this illustrates the fact that something like Recover is unquestionably required if more individual and institutional investors are to engage in cryptocurrencies.