- While the Ledger Recover is completely optional, the company noted that those who opt-in will have their key phrases stored by 3 different parties on cryptographically-secure Hardware Security Modules.
- The community was outraged by the update since Ledger has in the past been compromised leading to phishing attacks on users.
The Ledger hardware wallet is under harsh scrutiny after enabling a software update that could leak crucial security data. In the latest firmware update dubbed version 2.2.1, the Paris-based company announced a new feature called Ledger Recover to ostensibly help users backup their seed phrases with a third party through an ID-based system.
Available in several markets – including the European market, Canada, the United States, and the United Kingdom -the software update has been dubbed controversial as Ledger had previously marketed its services as a non-sharing private key platform.
As a result, most of the Ledger Wallet users have been outraged by the firmware update, which could cause losses of billions of dollars. The Ledger hardware wallet has in the past been compromised exposing crucial customers’ data. The Ledger data breach led to a phishing attack on the affected users.
With the latest update, which is touted as optional, most Ledger users are skeptical of storing high amounts of digital assets in fear of backdoor attacks. Furthermore, it is only a matter of time before the third party sees phrase recovery companies are compromised leading to losses in billions of dollars.
One Twitter user @oklahodl1 shared a video of a Ledger Nano X being destroyed after the firmware update announcement. Several similar videos have emerged on different social media platforms as Ledger users urge others to ditch the hardware wallet.
Check out my new #ledger Nano X tutorial! pic.twitter.com/bxSN4tqtXP
— OKLAHODL (@oklahodl1) May 16, 2023
Ledger in Defense
After a huge uproar by the crypto community, Ledger has defended the firmware upgrade stating that it is optional. According to Ledger CTO, Charles Guillemet, the company remains focused on self-custody and will never have or create a backdoor on users’ wallets.
Ledger Recover is an optional subscription for users who want a backup of their Secret Recovery Phrase. You don’t have to use it, and can continue managing your recovery phrase yourself if that’s why you bought a Ledger,
Furthermore, Guillemet noted that the sharing of users’ secret key phrases happens in a secure channel to the three different companies. Notably, the encrypted fragments are stored by three different parties on cryptographically-secure Hardware Security Modules.
If you choose to subscribe, Ledger Recover encrypts a version of your private key and splits it into three fragments (using Shamir Secret Sharing) – all of this happens on the Secure Element chip, so your Secret Recovery Phrase is not at risk.
— Ledger (@Ledger) May 16, 2023
The company has fragmented the key phrases into three different third parties to help strengthen self-custody. Furthermore, the individual encrypted fragments are completely useless since they cannot access a wallet without users’ verification. “When you want to restore your keys, 2 of these 3rd parties will send back their fragments to your Ledger device (and not us as an organization), which will be able to reconstitute your Secret Recovery Phrase,” Ledger added.