The Paris-based crypto hardware wallet provider Ledger found itself in hot water this week after revealing plans to introduce Ledger Recover, an optional, paid subscription service for Ledger Nano X wallet holders that provides a seed phrase recovery system involving third-party custodians. Ledger touted the new feature as an innovation that would allow crypto and NFT holders to recover their assets in the event of a lost or forgotten seed phrase.
But the announcement has been criticized severely by a portion of the Web3 community, who claim that the firmware update that enables the service to exist goes against Ledger’s longstanding policy (and main selling point) that guarantees a user’s private key will never leave the device. Such concerns have raised questions about Ledger’s professed commitment to privacy and security, accusations the company denies.
So, who’s right? If you use a Ledger hardware wallet, is your seed phrase safe?
The Ledger controversy
Valued at over $1 billion and with an estimated annual revenue of over $53 million, Ledger is one of the world’s most well-known and popular providers of hardware wallets. The company’s hardware wallets, often referred to as “cold storage” devices, are USB thumb-drive-like tools that offer a highly secure way to store cryptocurrency. They are considered superior to their “hot wallet” counterparts, such as MetaMask and WalletConnect, which are generally easier to use but have the downside of storing private keys online, exposing them to far greater risk.
Setting up a Ledger wallet involves creating a unique seed phrase, a collection of randomly generated words that constitute the private keys associated with crypto wallets. This system, while secure, has usability drawbacks. Losing the seed phrase means losing access to the funds, and if it falls into the wrong hands, it could lead to wallet compromise.
For years, Ledger has marketed its wallets on the idea that users’ assets are safe because their private keys never leave their devices. So, it came as a surprise to many in the Web3 community when the company confirmed plans for an optional paid subscription service on Tuesday, May 16, via a Twitter video featuring Ledger CTO Charles Guillemet.
In essence, Ledger Recover encrypts a user’s seed phrase and shards it into three parts, each shared with a different custodian. Ledger is one of those custodians, with Coincover and EscrowTech, (a crypto custody and code escrow company, respectively) being the others.
“If you choose to subscribe, Ledger Recover encrypts a version of your private key and splits it into three fragments (using Shamir Secret Sharing) – all of this happens on the Secure Element chip, so your Secret Recovery Phrase is not at risk,” wrote the company in the Twitter thread accompanying the video. If a user loses or forgets their private key, they will go through an identification confirmation service to recover and restore it.
The community reacts
A champion of security advertising a device that houses a completely untouchable and immovable private key and then suddenly announcing that the key actually could be accessed and shared with third parties did not sit well with much of the Web3 community.
Similarly upsetting was the fact that, to take part in the service, users would need to provide a government-issued ID if they wished to subscribe to Ledger Recover.
In the midst of the backlash on Tuesday, Ledger hosted a Twitter space (that was attended by more than 48,000 people) to address the controversy. Guillemet, company co-founder Nicolas Bacca, Chief Experience Officer Ian Rogers, and CEO Pascal Gauthier took turns fielding questions from an agitated and curious community.
“Each shard [is stored with] each partner,” Guillemet clarified in the space. “Whenever you want to recover, you go through your account, through those partners as well, and an ID identification process to make sure it’s you. The two partners verify it’s you, if there is any doubt, the process is stopped. There is plenty of different mitigation and measure to make sure you are the one recovering your seed.”
The team also made it clear that they plan to open-source the code for the service in the future, letting users see how it works and even use it to make their own version if they want.
Gauthier leaned into the company’s new development in no uncertain terms. Responding to criticisms that Ledger has been proven untrustworthy in the past and that Ledger Recover goes against the desires of the crypto community, Gauthier said, “People that get upset with these products don’t realize there are hundreds of millions of people who have many ways of backing up their seed in many ways that are very insecure.”
“This is what our future customers want. I’m sorry, but the piece of paper is a thing of the past. There is no compromise in our security. I see people on Twitter saying they are sure this will be hacked in the next six months. Ok, well, let’s see. When you have a track record of excellence, you know you can trust the next move to be very similar.”
Ledger Recover’s true risks
The key issue surrounding the controversy is whether or not users who choose not to opt into the service will have a backdoor opened up via a firmware update to their private keys that hackers could potentially leverage. And, while Bacca did admit during the Twitter space that those who opt into the service technically open themselves up to a new attack vector, some in the Web3 community believe that those who don’t subscribe to the service really don’t need to worry.
Those who believe skeptics are overreacting have pointed to the fact that Ledger wallets are inherently upgradable to quell fears about their accessibility and security, as well as to provide clarity on the basics of how wallets work to begin with. Without the capability to be upgraded, hardware wallets would lose their functionality, as blockchains themselves upgrade over time, and any device interacting with the blockchain needs to be able to adapt accordingly.
If a Ledger were an un-upgradeable box with a private key inside, then it would need every algorithm that every blockchain will ever use already available inside the box. And if they didn’t think to include a newer algorithm, you’d have to throw it away and buy a newer model.
— Haseeb >|< (@hosseeb) May 17, 2023
However harmless the subscription service may or may not be, it illustrates the challenges of communicating new features in Web3’s rapid-response environment. The Ledger Recover controversy, like many before it, also brings to light the ongoing struggle faced by blockchain-centric organizations; striking a balance between user experience and upholding the core principles of the crypto community is a challenging task.
Ultimately, Gauthier believes the community will decide for themselves whether or not to continue trusting the company.
“If you feel Ledger is going in the wrong direction, there are a bunch of players that are also our friends in the industry, and we’re trying to build a secure space with,” Gauthier said near the end of the Twitter space. “I have no problem that you disagree, and you can definitely use another service. It’s very easy to switch from us to someone else. Of course, I don’t encourage you should do it; I think Ledger is the most secure product in the industry today.”