Subscribe to our newsletter!
Editing by Nathaniel Cajuday
- Ledger faces community backlash for introducing “Ledger Recover,” which enables users to back up their private keys with third-party custodians.
- Users express concerns about privacy violations due to the requirement of providing a government-issued ID for Ledger Recover.
- Ledger exacerbates its public relations situation by acknowledging the technical possibility of developing firmware for key extraction, raising doubts about the security of users’ assets.
One after another, crypto wallet maker Ledger continues to take the backlash from the community after they unveiled their new service called “Ledger Recover,” which enables users to back up their private keys with third-party custodians, should they choose to use that option.
The firm further worsened its public relations situation after its support team acknowledged the technical possibility of developing firmware that enables key extraction.
Ledger Recover is a backup service that aims to simplify and improve accessibility for crypto users, addressing the needs of individuals who lack a safe storage solution or the expertise to safeguard their secret recovery phrase.
And while it enables users to enjoy the benefits of self-custody and full control over their assets on web3 platforms, it also provides the option to regain access to the crypto wallet using identification in the event of a lost or stolen Ledger device and the absence of the Secret Recovery Phrase.
“Ledger Recover was developed for users who want to securely restore their private keys regardless of wherever they are in the world or whatever they’re doing. It’s a completely optional service, designed to help users take custody of their assets, no matter their situation,” the developers stated.
The requirement by Ledger Recover for customers to provide a government-issued ID has been a significant concern raised by users. This step is viewed by some members of the crypto community as a violation of the fundamental principles of privacy associated with cryptocurrencies.
Alistair Milne, a prominent Bitcoin investor on Twitter, expressed his skepticism about Ledger’s new ‘Recover’ service, noting what would be the use of using a hardware wallet if users were to give their private keys, personal information, and ID.
Chainlinkgod.eth, the community ambassador of web3 services platform Chainlink, tweeted that Ledger, which he recalled as a company that suffered several security breaches resulting in the exposure of customers’ personal information, is now proposing a concerning approach.
He also noted that the firm requests users to export their private keys from their hardware wallets and distribute fragments to Ledger, Coincover, and an undisclosed third party—an arrangement that creates a situation where any two of these entities could potentially access and withdraw funds.
“And to facilitate recovery, they need you to dox yourself and give even more of your personal information, allowing anyone with your identity documents (e.g., from other data breaches) to take your funds. This seems poorly thought out,” Chainlinkgod.eth added.
Ledger: ‘Technically’ Possible to Extract Users’ Keys
Accordingly, the firm received further intensified public backlash when its support team made a tweet stating that it was technically possible to develop firmware allowing key extraction, thus enabling the company to access users’ keys.
“Technically speaking, it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware, whether you knew it or not,” Ledger stated.
The now-deleted tweet implied that Ledger had the ability to compromise the security of customers’ assets, although it assured users that the company had not deployed such firmware. Ledger emphasized the importance of trust in the chosen hardware wallet developer for securely storing assets, acknowledging the inherent reliance users place on these developers for maintaining a secure device.
After deleting the tweet, Chief Technology Officer Charles Guillemet also went to Twitter in an attempt to mitigate the backlash.
Prior to this, Ledger CEO Pascal Gauthier defended their new feature, stating that “this is what future customers want.”
“You have always trusted Ledger not to deploy such firmware whether you knew it or not… It’s important to understand that at the end of the day, any hardware wallet solution a user chooses to go with will always require that person to trust this developer to build and maintain a secure device to store your assets,” the company said in a tweet
What is Ledger?
Ledger, a Paris-based company, offers crypto hardware wallets that provide secure storage for cryptocurrencies. These hardware wallets, also known as “cold storage” devices, connect a person’s crypto to a USB thumb drive.
In contrast to browser-based “hot wallets,” which carry some level of risk due to their online connectivity or holding crypto on behalf of customers, like MetaMask, or exchanges like Coinbase and Binance, hardware wallets are widely recognized as the most secure method for holding cryptocurrencies.
Last March, Ledger partnered with Trust Wallet to integrate Ledger’s hardware support into the Trust Wallet Browser Extension, granting its users access to web3 capabilities and secure management of digital assets. This integration combines the benefits of a cold storage wallet like Ledger with the convenience of a hot wallet like Trust Wallet.
This article is published on BitPinas: New Ledger Recovery Service Faces Backlash from Crypto Community
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.