If you have been following the outcry around the hardware wallet ledger over the past 48h, you might have questions:
- Why?
- What?
- How?
- So?
Let me give you the exec summary, so you can make an educated decision of whether you still trust Ledger or drop them for good.
Ledger, the Paris-based provider of crypto hardware wallets, recently introduced a new service, Ledger Recover: https://www.ledger.com/recover . This optional feature aims to solve a long-standing issue in the realm of hardware wallets: the potential loss of seed phrases.
A seed phrase, as you might know, is a vital key to recover a wallet. Traditionally, users are instructed to write down this phrase and keep it in a secure location. But what if it gets lost? Ledger Recover is intended to address this by offering a $9.99 per month seed phrase recovery service .
Here’s how it works: Ledger Recover encrypts a user’s private key and splits it into three fragments using Shamir Secret Sharing. These encrypted fragments are then stored by three different parties on cryptographically secure Hardware Security Modules . This process occurs on the secure element of the user’s device, assuring that the Secret Recovery Phrase is not at risk.
However, Ledger’s solution has sparked a considerable debate within the crypto community:
- Some critics argue that the requirement for Ledger Recover customers to provide a government-issued ID could potentially violate core crypto tenets around privacy
- Critics also point out Ledger’s past data breach incident and voice concerns over the possibility of a similar occurrence with this new feature
- And most of all, people are worried that if the seed can be exported voluntarily, it may also be exported involuntarily… an absolute crucial issue that Ledger had said in the past, should not be possible.
It is important to note that this should only affect the newer models of Ledger Nano S Plus and the Ledger Nano X. If you are like me, and on the older models like the Ledger Nano S, this is absolutely not possble anyways from today’s understanding.
Despite the outcry, Ledger maintains that Ledger Recover is secure and emphasizes that this service is entirely optional and does not automatically activate with any firmware updates . They also stress that the company has no access to the user’s Secret Recovery Phrase, which is securely generated on the user’s device . They also promised open-sourcing that part of code to appease customers.
For more detailed understanding, I highly recommend you to read Ledger’s official announcement and FAQs regarding Ledger Recover here: Ledger Recover FAQs
So, what are your thoughts on this? Do you think this development is a step forward for crypto security, or is it a step too far?
Personally, I use the Ledger Nano S, so I have zero interest in switching or changing, but I fully understand some of the worries people might have now, especially if they own quite a fortune in self custody.
Nevertheless, it highlights, the importance of not only diversifying your funds among different investments, but also via different providers. If you agree, check out my company Cake, if you are not already doing so!
I look forward to hearing your thoughts.
Julian
CEO CakeDeFi.com
P.S.: Want to receive future previews and exclusive updates like this via email? Sign up here: https://ceonews.cakedefi.com/
