Ledger Recover: Controversial New Feature Raising Eyebrows
Last updated on May 31st, 2023 at 03:46 pm
As cryptocurrencies continue to gain traction worldwide, the need for secure storage solutions like hardware wallets becomes increasingly important.
Cryptocurrency hardware wallets are essential tools for securely storing and managing digital assets such as Bitcoin, Ethereum, and other cryptocurrencies.
These wallets provide a layer of security between your crypto assets and the internet, making them an invaluable tool for cryptocurrency investors.
As the crypto space has continued to mature Ledger has become the industry leader in providing secure hardware wallets that have helped usher in a new era of safe and practical cryptocurrency investing.
Who Is Ledger?
Ledger is a French company founded in 2014 that specializes in developing secure hardware wallets for cryptocurrency investors.
Ledger’s mission is to make sure that everyone can access the world of crypto assets safely and securely. They have been at the forefront of innovation when it comes to creating reliable hardware wallets that offer users peace of mind when it comes to their digital asset storage needs.
Ledger’s flagship product, the Ledger Nano X, is one of the most popular hardware wallets on the market today due to its intuitive design, ease-of-use, and advanced security features.
Ledger stands out from its competitors by offering a wide range of features including support for over 1,000 different cryptocurrencies, Bluetooth connectivity for mobile devices, an easy-to-use interface with clear instructions on how to use their products, and advanced security measures such as two-factor authentication.
Ledger has positioned itself as the go-to choice for cryptocurrency investors looking for secure storage options due to its reliable products and commitment to customer service excellence.
By providing users with innovative solutions backed by robust security protocols, Ledger has set the standard for cryptocurrency hardware wallets and, until recently, had almost unsung industry leader status in this space.
On May 16th, Ledger announced the rollout of a new tool. This release drew unexpected backlash from the crypto community.
Ledger Recover Rollout
In their recent communication, Ledger casually revealed the rollout of its new Private Key recovery feature called “Recover.”
This feature is designed to provide users with a backup for their Secret Recovery Phrase.
Ledger’s Recover feature is an ID-based key recovery service that allows users to securely store their private keys and restore them in case of loss or theft.
As many of you undoubtedly know already, if you lose your private key, you will not be able to access your wallet or its funds. This is why it’s so important to have a backup plan in place in case something happens to your private key.
However, the lack of details released by Ledger has not only lead to speculation and security concerns, but it left many wondering exactly how this new feature will function.
How Recover Works
The Ledger Recover system is activated via an over-the-air firmware update and works by providing users with a unique ID-based key recovery service.
Ledger considers this an extra layer of security for its users to guard against the loss of their private keys. By allowing them to link their Secret Recovery Phrase (SRP) or Seed Phrase with their identity.
Though the exact process has yet to be detailed, presumably, a user will be able to access their SRP by using their ID card or passport.
As of this writing, this service will be optional to users at a cost of $9.99/mo.
This service adds additional points of failure when it comes to securing a users private keys and maintaining their anonymity.
Third Party Entities
With Ledger Recover, users have the choice to securely back up their seed phrases with trusted third-party entities.
Ledger Recover works by linking your SRP with three external companies: Ledger itself, Coincover – a crypto custody firm – and EscrowTech – a code escrow provider.
When you sign up for the service, these companies will securely store your SRP so that you can retrieve it if needed.
When you need to recover your wallet, you will need to provide proof of identity and answer several security questions before being granted access to your SRP.
However, this process being utilized by Ledger is not something new to cryptography. As a matter of fact, this was developed in 1979.
Shamir Secret Sharing (SSS)
To ensure the highest level of security, Ledger has implemented Shamir Secret Sharing (SSS) as a way to break down a user’s private keys into shards.
What is Shamir Secret Sharing?
Shamir Secret Sharing (SSS) is an algorithm developed by Adi Shamir in 1979 which allows for the secure distribution of information among a group of participants.
The algorithm works by splitting up a secret into multiple parts, called “shards” and distributing them among different participants.
Each shard on its own does not reveal any information about the secret, but when all the shards are combined they can be used to reconstruct the original secret.
Ledger’s Implementation of SSS
Ledger’s implementation of this process begins with the generation of a 24-word seed phrase which is used to generate the user’s private keys.
This seed phrase is then split into multiple shards using SSS, and each shard is distributed among several different locations. In Ledger’s case, Ledger, Coincover and EscrowTech.
This ensures that if one shard is lost or stolen, it will not compromise the security of the user’s private keys since a quorum of the other shards must be present in order to reconstruct them.
SSS allows Ledger to create “n-of-m” schemes where n out of m total participants are required in order for a seed phrase to be reconstructed and used to generate private keys.
But the benefits of the SSS model don’t stop there.
Benefits of Using SSS
The primary benefit of using SSS over other methods for securing private keys is its increased level of security due to its decentralized nature.
By splitting up the seed phrase into multiple parts, and distributing them among different locations, the risk of theft or loss is greatly reduced. Simply put, no single participant holds all the information needed to reconstruct a seed phrase on their own.
However, Recover has left a bad taste in the crypto community’s mouth.
Ledger Recover Controversy
Despite its innovative approach to crypto security, Ledger Recover has sparked controversy and raised some eyebrows among the crypto community.
The main concern is that the service could potentially create a backdoor for hackers or governments to access user’s funds.
This worry has been echoed by several key industry players such as Cardano creator Charles Hoskinson, who commented that social contracts shouldn’t be broken.
Customers have also expressed their worries about using the service, citing potential security risks.
Security Concerns
Critics argue that the introduction of third-party backups in Ledger Recover could potentially expose users to security risks and vulnerabilities.
Hackers
The primary concern expressed by experts is that Ledger Recover could be vulnerable to hacks due to its reliance on third-party servers.
Primarily, this means that if hackers were able to gain access to these servers, they could potentially gain access to user funds stored in wallets protected by Ledger Recover.
Secondarily, in order to take advantage of this service, the shards created in a user’s Ledger device will have to be transmitted from the wallet to the respective third-party provider. This requires an internet connection.
Once this information is committed to the internet, it is vulnerable to any number of potential vectors.
Government Subpoena
The introduction of third-party backups in Ledger Recover also carries the risk of government or law enforcement subpoena.
This means that if the government or enforcement agency could potentially issue a subpoena to one of the service providers, they could potentially gain access to a user’s private keys and ultimately their funds stored in wallets protected by Ledger Recover.
Furthermore, a country could create legislation compelling one of these service providers to comply even without a subpoena.
Currently, these third parties are located in France, the UK, and the United States. None of these countries are considered particularly crypto friendly.
In such a case, users would be unable to protect their funds using the Ledger Recover service.
This could have serious implications in terms of privacy and financial security.
Privacy Concerns
Another point of contention is the potential privacy implications of sharing seed phrases with third-party entities, which could lead to unwanted data sharing or surveillance.
The Recover feature allows users to create an encrypted backup of their secret recovery phrase which ultimately ends up connected to their identity. Because of this, concerns have been raised regarding KYC (Know Your Customer) requirements.
This uneasiness has been compounded by previous reports of compromised data in the past.
All of this has led to even more worry about data sharing and surveillance among many users. For those who have been using Ledger for years, having full control over their assets is paramount.
Self-custody is a core value for many cryptocurrency users, and they don’t want to give up control over their own security by trusting a third party with sensitive information like their seed phrase.
User Complacency
Additionally, some experts have argued that the use of Ledger Recover could lead to users becoming complacent with regards to securely storing their Secret Recovery Phrase.
As with most things in life, humans generally look for the path of least resistance. By coming to rely too heavily on the service as a backup, users could allow their security consciousness to begin to slip, leading to increased vulnerabilities.
Ledger had such a poor level of communication during the rollout of Recover, it makes one wonder what their response is now.
Ledger’s Response To The Controversy
In response to all the fuss from users, industry leaders, and the crypto community at large, Ledger’s co-founder has clarified that there is no backdoor in the Recover firmware update and that user privacy remains a top priority.
According to the company, Ledger Recover has also taken steps to ensure user data is secure by encrypting all data stored on its servers and using two-factor authentication for all logins.
However, in an interview on the Bankless Podcast, the CTO Charles Guillemet stated that cryptocurrency wallets, what they are and how they operate are misunderstood by most people in the crypto space.
This defense was also seen in an interview on the What Bitcoin Did podcast. The interview was with CEO Pascal Gauthier, he did admit that even though a subpoena is highly unlikely, receiving one is a concern.
Despite this clarification from Ledger, many people remain skeptical of the new feature due to its potential security risks.
It remains to be seen if customers will continue to use Ledger Recover or opt for other methods of securing their funds.
Reclaiming Control After Recover
As the crypto world continues to evolve, innovative solutions like Ledger Recover will inevitably face scrutiny and debate, making it crucial for users to stay informed and make well-reasoned decisions about their digital asset security.
Ultimately, Ledger Recover provides new and non-tech savvy users with a powerful tool to protect their digital assets and reclaim their private keys.
Before utilizing this service, users need to weigh the advantage of this service vs the potential security and privacy concerns.
Disclaimer
The information provided here is for INFORMATIONAL & EDUCATIONAL PURPOSES ONLY!
View our complete disclaimer on our Disclaimer Page
