Ledger Recover is an opt-in service, and users are not required to use it. However, the tool has been met with criticism from crypto Twitter security experts, who argue that it could compromise the security of users’ funds.
- If you know how to self-custody your assets, there is no need to use Ledger Recover. Simply continue using your Ledger the same way you always have.
Ledger, a leading manufacturer of hardware wallets for cryptocurrencies, has released a new recovery tool that allows users to back up their private keys. The tool, called Ledger Recover, divides the user’s seed phrase into three encrypted shards and sends them to different third-party companies. If the user loses their seed phrase, they can recover it by providing ID verification to the third-party companies, who will then combine the shards and decrypt them.
Ledger Recover is an opt-in service, and users are not required to use it. However, the tool has been met with criticism from crypto Twitter security experts, who argue that it could compromise the security of users’ funds.
Here is the Tweet thread announcement from Ledger:
Exciting update, Ledger has a new product, Ledger Recover, that’s launching soon: https://t.co/nT1VHnnSYz
🧵Here’s what Ledger Recover is and what it isn’t, explained by @P3b7_ & in the thread below. pic.twitter.com/RW1w07H6pK
— Ledger (@Ledger) May 16, 2023
One of the main concerns is that Ledger Recover relies on third-party companies to store users’ sensitive data.
If one of these companies is hacked, it could potentially expose users’ seed phrases and allow attackers to steal their funds.
Some are referring to this move by Ledger as adding a “backdoor” for potential attacks.
Another concern is that Ledger Recover could make it easier for law enforcement to seize users’ funds. If a user is arrested for a crime, law enforcement could subpoena the third-party companies that store their seed phrases. This could give law enforcement access to users’ funds, even if they have not been convicted of any crime.
@Ledger held a Twitter space an hour ago addressing everyone’s concerns. Here’s the link if you want to listen back.
Join us today at 6:30pm CEST/12:30pm EST for an AMA about our new opt-in service, Ledger Recover.
Our CXO @iancr, CTO @P3b7_, and co-founder @btchip will be there to answer all your questions.https://t.co/DvQlF5Job5
— Ledger (@Ledger) May 16, 2023
Ledger has defended Ledger Recover, arguing that it provides an additional layer of security for users who lose their seed phrases. However, security experts continue to warn of the risks associated with the tool.
This is an opt-in service ($10/month) created in collaboration with @Coincoverglobal. If you decide to opt in, you will need to KYC.
Ledger’s rationale behind launching Ledger Recover is “this product is for our future customers”, meaning “normies” who are not typically tech-savvy.
Technical breakdown of Ledger Recover:
Technically, as soon as you opt in for the service, you’ll be asked if you are happy to opt-in for Ledger Recover. If you are – then you sign a transaction on your Ledger to shard your private keys into 3 shards, then it’s encrypted in the device, then a secure channel is created within the device for the 3rd party providers which allows the encrypted shards, which are encrypted again and then stored with the providers.
When you need to recover your seed, you will go through a ID Verification process (which is very comprehensive) to confirm your identity. After you are verified, the providers will send the encrypted shards to your Ledger Nano device directly. The device decrypts the shards in your device and you’re set.
Here, the point which is important to remember is that you stay in control…there’s no backdoor, nothing will happen without your consent on the device…in the future, the whole protocol will be open, so you’ll be able to verify how the whole protocol works.
Q: Is my seed phrase safe – is there a backdoor?
A: There are no backdoors in any Ledger. Your seed is secured in the Secure Element chip and on your paper. If you opt in for Ledger Recover, there’s an additional back up in the form of 3 encrypted shards stored with 3 different…— Ledger (@Ledger) May 16, 2023
There are three parties (in 3 different jurisdictions) storing the shards – one is @Coincoverglobal, which already works with several B2B offerings, that keeps one shard of and provides the $50k insurance plan; the other escrowtech, which backs up the 3rd shard. And there are two ID verification providers.
Ledger says there are no backdoors to the seed phrase in any Ledger device. Â However, Ledger does acknowledge there is an extra attack vector present in the equation if one chooses to opt into Ledger Recover. This is mainly because of the KYC element. The hardware wallet’s security maintains the same standard.
Ultimately, it is up to each individual user to decide whether to use Ledger Recover. However, it is essential to be aware of the risks before making a decision.
Here are some additional things to consider before using Ledger Recover:
- How secure are the third-party companies that will be storing your data?
- How likely is it that law enforcement will subpoena your data?
- Are you comfortable with the idea of giving up some control over your funds?
If you are still unsure about whether to use Ledger Recover, you may want to consider the more traditional recovery method, of writing down your seed phrase on paper and storing it in a safe place.