Reading 5 minutes Views 6 Published Updated
Several members of the cryptocurrency community, including Ledger wallet owners, have taken to social media to express their dissatisfaction with the release of Ledger’s latest feature. A recently introduced solution for extracting data from cryptocurrency hardware wallets, known as Ledger Recover, aims to provide protection in case users lose their original phrase.
Exciting update, Ledger has a new product, Ledger Recover, that’s launching soon: https://t.co/nT1VHnnSYz
Here’s what Ledger Recover is and what it isn’t, explained by @P3b7_ & in the thread below. pic.twitter.com/RW1w07H6pK
— ledger (@ledger) May 16, 2023
Ledger Recover is a subscription service that allows users to take advantage of an extra layer of protection for their private keys. This service uses a method in which the user’s original phrase is divided into three encrypted fragments, each of which is sent to different external entities. Once these fragments are combined and deciphered, they can be used to reconstruct the original original phrase.
The wallet provider has revealed that Ledger Recover is an optional subscription for users who want to back up their recovery secret phrase. “You don’t have to use it and you can continue to manage your recovery phrase yourself if that’s why you bought the Ledger,” the company explained.
However, this concept has infuriated many in the cryptocurrency community, including security professionals.
Mudit Gupta, director of information security at Polygon Labs, shared: “This is a terrible idea, DO NOT enable this feature.” Gupta continued in his Twitter thread: “The problem here is that parts of the encrypted keys are sent to three corporations and they can recover your keys.”
The problem here is not splitting the key in 3 parts. That’s actually good! I may or may not be doing that personally as well 🙂
The problem here is that the encrypted keys parts are sent to 3 corporations and they can reconstruct your keys.
— Mudit Gupta (@Mudit_Gupta) May 16, 2023
Binance founder and CEO Changpeng Zhao joined in Gupta’s thread, saying, “So the seed can now leave the device? Sounds different than ‘your keys never leave the device’.”
So the seed can leave the device now?
Sounds like a different direction than “your keys never leave the device”. ♂️
— CZ Binance (@cz_binance) May 16, 2023
Bitcoin (BTC) investor and podcaster Chris Dunn shared: “First they revealed the postal address, phone numbers and email addresses of their customers… Now they put a backdoor in the opening phrases. It’s time to say goodbye to Ledger,” referring to the Ledger data breach that exposed user information in 2020.
First they exposed mailing address, phone numbers, and email addresses of their customers…
And now they’ve put a back door into seed phrases.
It’s time to say goodbye to @Ledger ✌️ https://t.co/FsZw1jUt6h
— Chris Dunn (@ChrisDunnTV) May 16, 2023
Cryptocurrency investor DCinvestor also cited a previous Ledger data breach that left users unprotected and vulnerable, saying, “Remember, a few years ago, Ledger leaked the name and home addresses of all of its customers through a data breach…the absolute last thing you need.” they have your private key on their servers.”
reminder that several years ago, Ledger leaked the name and home addresses for all of their customers via a data breach
the absolute last thing you want on their servers is your private key https://t.co/z89xxLS6ie
— DCinvestor (@iamDCinvestor) May 16, 2023
Bitcoin investor and entrepreneur Alistair Milne shared: “Of course you *could* use Ledger’s new Restore service and provide them […] your private keys that manage your assets, as well as a copy of your ID and other personal information….. but why even bother with a hardware wallet then?” His post said that Ledger’s latest recovery service undermines the whole point of doing it yourself with a hard wallet .
Sure, you *could* use Ledger’s new ‘Recover’ service and give them the your private keys controlling your assets as well as a copy of your ID and other personal information…
… but why then bother with a hardware wallet in the first place? pic.twitter.com/ZI39B01gFV
— Alistair Milne (@alistairmilne) May 16, 2023
Related: Ledger data breach: ‘simple mistake’ exposes 270k cryptocurrency wallet buyers
In April, Ledger launched the Ledger Nano S Plus, a dedicated wallet dedicated to non-fungible tokens (NFTs). The Ledger Nano S Plus aims to improve user security and provide an improved experience for Web3 customers who regularly trade NFTs. This development follows Ledger’s recent integration of “clean signing” technology through Ledger Live, further strengthening user security measures.
Founded in 2014, Ledger has become a prominent global player in cryptocurrency hardware wallets. The company has reportedly sold around 4.5 million wallets and introduced six different wallet models.
