Seppuku in Crypto Land: Did Ledger Just Stab Itself and Users?

June 1, 2023

By Murtuza Merchant

Renowned for its non-custodial hardware wallets, Ledger has recently stirred controversy with its “Ledger Recover” proposal, a plan designed to aid users in retrieving a misplaced seed phrase. 

Yet, the community response has been overwhelmingly negative, and the fallout could bring significant damage to Ledger’s reputation and undermine trust in hardware wallets.

Ledger CEO, Pascal Gauthier meanwhile, referred to as an “unintentional communication mistake” that resulted in consumers not fully grasping the concept of Recover.

In an open letter addressing the concerns, Gauthier emphasized the company’s commitment to the necessity of a service like Ledger Recover.

Recent Developments

Ledger revealed a delay in its controversial plan. More details on this matter can be found here. The plan essentially would allow the Ledger firmware to keep an encrypted copy of a user’s seed phrase.

Consequences of the Announcement

The crypto community’s alarm is valid. Hardware wallets, like those provided by Ledger, are supposed to serve as secure, offline “cold storage” for cryptocurrencies. Introducing a recovery solution effectively transforms these into “hot wallets,” thereby making Ledger, Coincover, and Escotech potential targets for cyberattacks.

Among several industry stalwarts who slammed Ledger on the controversial service, Cardano founder Charles Hoskinson urged users to go for open-source software instead of closed-source solution like Ledger. In his opinion, developers and contributors perform regular audits on open-source software in an effort to ensure decentralization, maximum security, and utmost transparency.

Tracing the Origins

Ledger’s decision to roll out an update containing the Ledger Recover feature was questionable. The functionality enables users to back up their seed phrase and recover it if lost. The process involves dividing the seed phrase into three parts and distributing these to Ledger, crypto custodian Coincover, and Escrotech, which holds the code in escrow.

Concerns and Backlash

In the event of a cold wallet loss due to missing private keys, two of the three custodians could combine their codes to regain access to the wallet’s assets. This very feature is causing an uproar since it presents a clear risk and undermines the core purpose of hardware wallets.

A Disaster in Waiting?

The security of digital systems is never absolute. The only way to make your keys entirely inaccessible is never to store them digitally. Your backup should ideally be a piece of paper, secure unless someone physically accesses it. Yet, Ledger’s recent move seems to disregard this basic principle.

A Self-Inflicted Wound

This situation draws parallels to OnlyFans’ controversial announcement to ban adult content, a decision they quickly reversed. Unlike OnlyFans, however, Ledger hasn’t demonstrated similar foresight. Instead, they’ve further inflamed the situation, insisting that extracting seed phrases from Ledger devices was always technically feasible.

An Uproar in the Crypto Community

The crypto community has taken note, with many questioning the nature of hardware wallets. While the firmware needs to read keys for transactions, the manner in which Ledger conveyed this information has resulted in a public relations disaster. Several users have even destroyed their Ledger devices in protest.

Potential Threats

The “Ledger Recover” feature introduces a potential avenue for attacks. Furthermore, it may allow authorities to access your wallet by subpoenaing two of the three companies holding parts of your seed phrase. While security may be robust, this development raises the specter of potential government intervention and broadens the attack surface.

What Lies Ahead?

The future for Ledger is uncertain. Regaining user trust will undoubtedly be a slow process. It’s expected that many will transition to other hardware wallets that aren’t in self-destruct mode. The question remains if Ledger will retract the Ledger Recover plan or continue its current path.

In summary, this debacle demonstrates the risks involved in implementing ill-conceived features. If you’re a Ledger device owner, it’s crucial to stay informed and make decisions that best safeguard your interests.

About the author

Murtuza Merchant is a senior journalist and an avid follower of blockchain and cryptocurrencies.

Translate Now