Ledger’s new product called Recover is an intentional “compromise” that allows you to extract encrypted private keys from hardware wallets. This was stated by the CTO of the manufacturer Charles Guilleme.
According to the top manager, Ledger Recover is aimed at people who want more security than what an online exchange or hot wallet provides. This category of users is still too inexperienced to be willing to own a hardware wallet whose password can never be recovered if lost, he added.
“When you’re not tech-savvy, this thing can be intimidating. We need to find a way to attract newcomers to ensure mass adoption. [технологии]»Guilleme explained.
On May 16, 2023, the company introduced a tool that allows you to create a backup copy of the seed phrase to resume access to the Nano X device.
The decision on consent to Ledger Recover is made by the user independently. The tool splits the Secret Recovery Phrase into three fragments, which store three different sides in encrypted form.
If necessary, the owner of the wallet gets access to the backup copy of the phrase to restore the private key through confirmation of personal data. The initiative was criticized by the community and experts.
The company tried to explain that the device remains secure despite the introduction of new functionality.
“Some users were a little surprised to realize this. The software running inside the protected element is something that can be changed, something that has access to the password”, – acknowledged the CTO of the company.
Guilleme recalled that Ledger Recover is optional. The product is not a substitute for the company’s traditional offering.
The specialist emphasized that it is not the original seed phrase that leaves the wallet, but its encrypted fragments.
“This is one step closer to non-custodial storage and sovereignty. When you use this feature, you make a small compromise by saying “I’m not completely independent, I’m not the only one who can manage my backup.” But the compromise is acceptable, because […] you must have at least two of the three fragments to be able to combine the password”, explained CTO Ledger.
According to Guilleme, the cryptographic element only works inside the secure wallet module. Seed recovery will never require you to leave the device unless users want to activate Ledger Recover.
“This part is really important and it has never changed”he assured.
On the day the podcast aired, the company’s support team pointed out that the software “always allowed key extraction.” The tweet was subsequently deleted.
Such a statement led to a sharp reaction from users. To mitigate it, company representatives issued a clarification, indicating that the previous message was “taken out of context.”
Part 1 of this two-part Tweet is getting taken out of context.
To elaborate code can be written to make it do whatever you want it to.
But with Ledger firmware, there are layers of protection and governance in place to ensure that no attacker (even internal) has the ability…
— Ledger Support (@Ledger_Support) May 17, 2023
“When using embedded Ledger software, there are layers of protection and control that ensure that no attacker (even internal ones) can embed malware,” — assured in the company.
Recall that in March 2023, Ledger announced the expansion of its Series C funding round amid rising sales after the collapse of FTX. Presumably, the valuation of the manufacturer of hardware wallets will be €1.3 billion.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!