- >News
- >Is Ledger Still Safe? Recent Controversy Highlights Crypto Security Conundrum
Is Ledger Still Safe? Recent Controversy Highlights Crypto Security Conundrum
Crypto has long had an issue with its unforgiving approach to security. Yes, you are the only one who can access and move your bitcoin if you’re the only one with the private key to your Bitcoin wallet. But the flipside of this insurance is that, if you lose your keys, you also lose your BTC. And such a mishap has happened to more than a few individuals during crypto’s brief history, with there being no shortage of stories of people struggling vainly to recover lost fortunes.
Ledger recently set out to help such people when it announced Ledger Recover, a service that will enable owners of its Ledger Nano X hardware wallet to retrieve the seed phrase that enables wallet recovery. In principle, the service seemed likely a timely and user-friendly one, insofar as it would ensure that wallet owners would never lose their crypto, even if they mislaid their physical (or digital) record of their seed phrase.
However, large chunks of the crypto community quickly responded to Ledger’s announcement with a mix of shock and outrage, accusing the wallet manufacturer of inadvertently introducing a potential backdoor into its devices. But while Ledger has so far been unsuccessful in quelling such concerns, it can be argued in its favor that something like Recover is necessary if the industry is to encourage greater cryptocurrency adoption and more self-custody, which has become increasingly necessary in the context of exchange hacks and bankruptcies.
Ledger Recover Draws Criticism Despite Opt-In Features
In the abstract, Ledger Recover is simple to understand. Basically, the service splits a wallet’s seed phrase into three encrypted shards that would be stored with three separate providers (Ledger, Coincover, and EscrowTech). By doing this, the owner of said wallet would be able to re-access its seed phrase in the event that their own record of the phrase were lost.
A cryptocurrency wallet’s seed phrase is a set of either 12 or 24 randomly generated words that can be used by a wallet owner to retrieve its private keys, which have to be used in order to transfer funds out of the wallet. In other words, if you lose the private keys, you can use the seed phrase to regain them. In turn, Ledger’s aim with Recover was to introduce another line of defense on top of this, providing a means of restoring what you need to restore the keys.
As Ledger explains on its website, you will need to “verify your identity using your ID card” in order to register for Recover, with the inclusion of know-your-customer measures necessary to ensure that it’s really you using the service, and not a bad actor. It’s this use of KYC that also enables wallet owners to retrieve the encrypted fragments of their seed recovery phase, with the fragments useless on their own.
Source: Twitter
On top of this, Ledger affirms that Recover is an opt-in service, meaning that you don’t have to subscribe to it if you don’t want to. However, such features failed to prevent a fairly sizable wave of criticism, which was centered largely around the fear that the service could somehow be used as an attack vector for hackers.
For instance, cryptocurrency investor Ryan Berckmans wrote on Twitter, “Ledger firmware v2.2.1 installs Ledger Recover, a negligent service that extracts your hardware wallet private keys and sends them over the internet.” His wasn’t the only reply to Ledger’s announcement which criticized the French firm, with Web3 advisor Vanessa Harris suggesting that the service is “just begging to be exploited.”
The crux of such criticisms is that, with the arrival of Ledger Recover, Ledger devices will have firmware that makes them capable of sending a wallet’s private keys over the internet. Yes, Ledger has repeatedly affirmed in its defense that users have to opt into the service to actually use it and that private keys can’t be reassembled without proof of identity. Nonetheless, the fear is that with this core capability written into the devices’ code, enterprising hackers may find some way to exploit it.
Trezor Reports Sales Spike, Ledger Delays Rollout
In the wake of such fears, Trezor has reported a 900% increase in the sale of its devices, although without offering any real breakdown of this figure or supporting data. Still, given that some people have gone so far as to claim that Ledger has “all but destroyed their reputation,” it’s entirely plausible that Trezor has enjoyed some kind of sales increase. This would come despite the fact that security firm Unciphered announced — soon after the Ledger controversy — that it was able to physically hack the Trezor T hardware wallet, and that the bug is “unfixable at the chip level.”
Facing this crisis, Ledger has unsurprisingly moved to address the community’s concerns. Most immediately, it announced via a blog post that it would be delaying the launch of Recover and making the latter’s code open source, so that developers and community members can vet this code for themselves (and potentially see that it’s secure).
On top of this, it has posted a Ledger Recover FAQ that directly answers various questions and demands raised by the community. This includes the affirmation that your device’s private key can be accessed “only after you manually approve and confirm it” on the device. It also states that there would be no security benefit in having two separate operating systems (as suggested by some commentators), with one having the Recover capability and the other not.
That said, Ledger CEO Pascal Gauthier has acknowledged the theoretical possibility that a seed phrase backed by the Recover service could be accessed via a government subpoena, forcing the service’s three independent providers to hand over the phrase’s fragments. This admission underlines the hard fact that every security solution introduces its own problems, with Recover being no exception. But despite its possible weaknesses, some in the community have affirmed that the service may be necessary for those who lack the technical expertise to safely store their seed recovery phrases themselves.
Indeed, Recover can actually be celebrated for taking an important step towards making self-custody more accessible to many more people, given just how unforgiving crypto can be in the event you lose your private keys. In fact, glassnodes has estimated that around three million BTC — worth around $83.46 billion — has been lost forever, underlining the potential cost of Bitcoin’s ultra-strict security system. If nothing else, this shows that something like Recover is definitely needed if more retail and institutional investors are to buy into cryptocurrency, and even if Ledger may not have got the details exactly right, it has taken a step in the right direction with its new service.