Have you been following all the commotion surrounding the hardware wallet provider Ledger in the last 48 hours? If so, you might have some questions: Why? What? How? And then what? Let me give you a summary so that you can make an informed decision about whether to continue trusting Ledger or abandon them altogether.
Ledger, the Paris-based provider of crypto hardware wallets, recently introduced a new service called Ledger Recover. This optional feature aims to address a long-standing issue in the hardware wallet space: the potential loss of seed phrases.
As you may know, a seed phrase is an important key to restore a wallet. Traditionally, users are instructed to write down this phrase and keep it in a secure place. But what if it gets lost? This is where Ledger Recover comes into play, offering a seed phrase recovery service for $9.99 per month.
Here's how it works: Ledger Recover encrypts a user's private key and splits it into three fragments using Shamir's Secret Sharing. These encrypted fragments are then stored on three different parties' hardware security modules. This process takes place on the user's device's secure element, ensuring that the secret recovery phrase is not compromised.
However, Ledger's solution has sparked significant debate within the crypto community:
- Some critics argue that the requirement for Ledger Recover customers to provide a government-issued ID could potentially violate core crypto principles surrounding privacy.
- Critics also point to Ledger's previous data breach and express concerns about the possibility of a similar incident with this new feature.
- Most importantly, people worry that if the seed phrase can be voluntarily exported, it could also be involuntarily exported...an absolutely critical question that Ledger had previously stated should not be possible.
It's important to note that this should only affect the newer models of Ledger Nano S Plus and Ledger Nano X. If, like me, you are using older models such as Ledger Nano S, this is absolutely not possible as of today's understanding.
Despite the outcry, Ledger emphasizes that Ledger Recover is secure and highlights that this service is entirely optional and not automatically enabled through any firmware updates. They also stress that the company does not have access to the user's secret recovery phrase, which is securely generated on the user's device. They have also promised to make this part of the code open source to reassure customers.
For a more detailed understanding, I recommend reading the official posts from Ledger explaining the Ledger Recover service.
We hope this helps you make an informed decision. And, of course, as with anything in the cryptocurrency space, it's important for you to conduct your own research and not make investment decisions based on rumors or panic.
What are your thoughts on this? Do you still trust Ledger? WE DON'T. That's why we no longer recommend Ledger to our customers, even though we were looking forward to their latest product, Ledger Stax. We have now canceled our orders for it.