Why Did Ledger’s New Recover Function Cause Controversy?
Key Points:
- With the new Ledger Recover upgrade, the hardware crypto wallet now offers a subscription service that allows you to securely store your recovery seed phrase.
- Nonetheless, the news has been heavily attacked by a segment of the Web3 community.
- Ledger Recover essentially encrypts a user’s seed phrase and shards it into three pieces, each of which is shared with a separate custodian.
Ledger was in hot water this week after announcing intentions to launch Ledger Recover, an optional, paid membership service for Ledger Nano X wallet users that offers a seed phrase recovery method involving third-party custodians. The new functionality, according to the company, is a breakthrough that will enable cryptocurrency and NFT holders to retrieve their funds in the case of a lost or forgotten seed phrase.
Nevertheless, the news has been heavily condemned by a segment of the Web3 community, who allege that the firmware upgrade that allows the service to existing violates Ledger’s longtime policy of ensuring a user’s private key never leaves the device. Such issues have cast doubt on the wallet’s purported dedication to privacy and security, which the firm rejects.
Ledger launched the Nano X cold wallet 2.2.1 firmware upgrade on May 16, which includes a key mnemonic recovery tool named “Ledger Recover” as an ID-based key recovery service.
Backs up the user’s private key in order to recover the seed phrase, and needs a membership ($9.99 a month) to utilize. Presently, an EU, UK, Canadian, or US passport/ID document is necessary to subscribe to the service, but additional nations and papers will be supported in the coming months.
Nevertheless, the publication of this capability has prompted many Web3 users to be concerned about privacy and security, particularly since it entails storing private key mnemonic phrases and correlating them with passports or ID papers, which clearly contradicts the encryption community’s privacy ideals.
Controversial new feature
Ledger is one of the world’s most well-known and popular producers of hardware wallets, valued at more than $1 billion and with an estimated annual sales of more than $53 million. Hardware wallets, often known as “cold storage” devices, are USB thumb-drive-like equipment that provides a highly secure method to store crypto. They are seen to be preferable to “hot wallet” competitors such as MetaMask and WalletConnect, which are simpler to use but have the disadvantage of keeping private keys online, exposing them to significantly more danger.
Setting up a Ledger wallet entails producing a unique seed phrase, which is a set of randomly generated words that serve as the private keys for crypto wallets. Although secure, this system has usability issues. Losing the seed phrase implies losing access to the money, which might lead to a wallet breach if it gets into the wrong hands.
According to reports, the basis of this new function is to fragment the user’s mnemonic phrase and split it into three pieces before encrypting it. At the same time, consumers must offer their own ID and selfie record, as well as trust three custodians. Humans safeguard this information for you.
There is, however, an issue with Ledger doing this.
To begin, in order to utilize this “mnemonic recovery” method, you must correlate your ID-identifying information with your account, resulting in a KYC pain point, data leakage, hacking, censorship, and surveillance.
Second, you must trust a third party and provide them with your ID information as well as knowledge about encrypted cash. Data breaches or hacks are quite possible in this circumstance; after all, user data is extremely valuable (both now and in the future), and any “approved third party” may decide to utilize your data as a source of money at any moment.
Moreover, the Recover function jeopardizes user privacy. At the moment, most users choose to use the Ledger Live software service, which will use the Ledger node to synchronize all wallets, which contain all the details of cryptocurrency activities in the wallet, users using Ledger Live are at a higher risk than users binding their own ID to the Leger account.
A security analyst touting a gadget that stores a fully untouchable and immovable private key and then abruptly revealing that the key might be accessed and shared with other parties did not sit well with most of the Web3 community.
Particularly distressing was the notion that users would be required to produce a government-issued ID in order to participate in Recover.
The disclosure of the upgrade sparked outrage in the crypto world, with charges that Ledger’s new function contradicted previous assurances about keeping private keys off the internet.
Others who feel doubters are exaggerating have referred to the fact that the wallets are intrinsically upgradeable to alleviate concerns about their accessibility and security, as well as to offer clarity on the fundamentals of how wallets function in the first place. Hardware wallets would lose usefulness if they could not be updated since blockchains themselves improve over time, and any device interacting with the blockchain must be able to adapt properly.
Whatever the subscription service is or is not, it demonstrates the difficulties of explaining new features in Web3’s rapid-response environment. The Recover debate, like many others before it, highlights the constant battle faced by blockchain-centric businesses; achieving a balance between user experience and respecting the crypto community’s basic beliefs is a difficult undertaking.
Does Ledger keep track of your seed phrase?
The upgrade to Ledger Recover claims to encrypt and split your seed phrase into three parts. After that, you will provide identification evidence and a selfie video, and three separate custodians will protect the shards for you. Ledger, Coincover, and a third company will serve as custodians. It highlighted that this is a supplementary service, and customers may continue to carry their recovery seed phrases as previously. This change sparked outrage on Twitter from several internet privacy activists.
Why is it dangerous?
According to the information provided, all KYC data is gathered by a company named “Onfido,” which will handle things like KYC information verification. When Ledger users upload/verify their identities, user IDs, selfie videos, photo/video/sound, and an overall picture of the user’s device and current activities are retained.
This implies Onfido will have complete access to your ID and the information that you are a Ledger user. Of course, they are aware that you have cryptocurrency. Onfido will also have complete knowledge of the authentication devices you use, so you now not only trust Ledger and “approved third parties” with your identity data, but you also trust Onfido with your devices and more.
All of these actions have the potential to create new risks. Let us now look at it from a technical standpoint.
Users must trust Ledger “100%” from a technological standpoint since the code for the whole process is closed and unverifiable. Although Ledger co-founder Nicolas Bacca said that his team intends to open up its code in the future to enable customers to view how the wallet’s recovery service securely encrypts user data and functions safely behind the scenes, the company is also making its recovery service publicly available. Select and be upfront about agreements with third-party custodians, however, as of this writing, Ledger has not open-sourced the required code, which means that no one except Ledger can verify what is happening/security.
If everything goes as planned, the user’s seed phrase should never leave the device unencrypted. Nevertheless, we have no method of confirming this or guaranteeing that the seed phrases are correctly completed or encrypted.
But one thing is certain: the code is now running on your Ledger, and you may transmit your mnemonic through USB/BT. From another angle, your wallet will no longer be a “cold wallet” at this point but rather a “transition from cold to hot.” Not only that but being able to “hot” your wallet with a few keystrokes opens up a slew of new phishing and malware attack routes where hackers might accidentally get your seed phrase.
We are unable to establish if Ledger has built-in security safeguards to prevent someone from transmitting the encrypted shard mnemonic to one person, three distinct custodians, or whether the shard mnemonic can only be delivered by The user will decode it himself.
Another issue is that you don’t sure how the mnemonic recovery or decryption processes function. Users must check in to Ledger and confirm their identity, but since decryption can only be performed on their own device, how does the new device get the decryption key?
There is normally a mechanism to authorize a new device and send it the decryption key in an end-to-end encryption (E2EE) situation, however in the instance of a lost Ledger, the user can’t actually do that, thus someone else must have the device they sent to. Mnemonic recovery requires a copy of your Ledger decryption key.
Who holds the decryption keys in this case? Is this the Ledger? Or is it encrypted and stored elsewhere after Ledger Recover and ID verification? If this is the case, how is the decryption key kept, encrypted, and authenticated?
Moreover, if someone discovers that you used Ledger Recover and obtained your ID, they may conceivably take all of your cryptos, even if your Ledger is safe and well in a drawer someplace.
It is worth noting that CoinCover, the custodian of Ledger Recover, and Onfido, both stated above, are based in the United Kingdom. Another custodian is not named in the original document, however, EscrowTech in the United States is reported to be one. If the story is accurate, it implies that you will be subject to the authority of the “Five Eyes Intelligence.”
Conclusion
The most concerning aspect of the problem is an apparent loss of confidence between Ledger and its users, which has been sparked by discrepancies in the firm’s assertions.
Users that opt in for the Recover upgrade, on the other hand, will have their identities connected to their cryptocurrency wallets, bringing the experience closer to that of a centralized exchange with know-your-customer (KYC) checks.
Onfido collects all KYC information. When you upload/verify your identification, the firm also performs KYC onboarding and maintains track of your device and current behavior. You not only trust Ledger and other authorized parties, but you also trust Onfido with your sensitive information. Is it a calamity in the making?
The debut of the Recover service by Ledger may not be a smart idea since it violates all of the concepts of utilizing hardware wallets (cold storage) and involves KYC. At the same time, the “non-open source” method makes many Web3 users skeptical of its claims.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News