Following a negative response from the crypto community, the company has put Ledger Recover on pause until the source code is open and audited.
Over the past few weeks, hardware wallet provider Ledger has found itself in a PR crisis over Ledger Recover – a new optional feature that offers a retrieval solution if a seed phrase is lost. Recover is an optional subscription add-on, but many in the crypto community perceived the service as an affront of the self-sovereignty of a crypto product, with some calling it a back-door.
Backlash reached its zenith yesterday after Pascal Gauthier, CEO of Ledger, confirmed that the private seed phrases of Recover subscribers could be handed over to governments in the rare event of a subpoena.
“It’s not a real concern”, Gauthier said on the What Bitcoin Does podcast, adding that a subpoena would be a rare occurrence relating to a serious act such as terrorism funding or drug trafficking. “The average person doesn’t get subpoenaed every day.”
Last night however, Gauthier confirmed that the Recover upgrade will be put on hold until the source code is audited and open.
He tweeted: “Ledger Recover will be launched as soon as the source code is auditable. We believe in these amendments to the project and will continue to build the industry together.”
He added he was “humbled” by the reaction of the community, promising to communicate upgrades better in the future.
In a more detailed blog post, Gauthier explained the importance of a service like Ledger Recover.
“The main pain point for crypto self-custody adoption is precisely the problem of seed phrase recovery,” he said. “The majority of users in crypto today either don’t own their private keys and/or are putting their private keys at risk using less secure forms of self-custody, and hard-to-use forms of storing and securing their seed phrase.”
In 2021, lost passwords contributed to the loss of billions of dollars with of bitcoin and other crypto assets.
How does Ledger Recover work?
Ledger Recover splits a user’s seed phrase into three encrypted fragments known as ‘shards’. These fragments are then sent to three different external entities for safekeeping. If a user needs to recover their seed phrase, the fragments can be combined and decrypted to recreate it.
Here’s how it works in practice:
- Identity Verification: The user’s identity is verified via their ID card during the setup process.
- Ledger Nano X Connection and Approval: The user connects their Ledger Nano X and grants approval for the backup creation. The device proceeds to duplicate, encrypt, and fragment the user’s private key into three parts, which are stored within the Secure Element chip.
- Encrypted Fragment Storage: The encrypted fragments of the private key are securely transmitted to three independent providers—Ledger, Coincover, and EscrowTech. These providers store the fragments in Hardware Security Modules (HSMs). It’s important to note that these fragments hold no value on their own.
- Fragment Retrieval and Reassembly: When the user requires access to their wallet, the system retrieves two out of the three encrypted fragments from the independent providers. These fragments are then reassembled on the user’s Ledger device, effectively reconstructing their private key.
- Associated Backup with Verified Identity: The backup of the Secret Recovery Phrase remains associated with the user’s verified identity established in Step 1. This association ensures that only the user can access the backup and restore the private key when necessary.
“Protecting 12-24 special words is not a familiar way of protecting everyday assets,” reads a blog post on the Ledger website.
It added: “Ledger Recover can also help those without a safe place to store their secret recovery phrase. Do you have housemates who you can’t trust around your valuables? Or do you live in a place prone to natural disasters? In these situations, looking after your recovery phrase may be more of a burden than not. Ledger Recover allows you to set fire to your secret recovery phrase and rest assured you can access your account without it.”
The blog acknowledges that if you’re a security professional or full-time crypto trader, or if you value self-sovereignty above all, Ledger Recover is “probably not for you”.
Disclaimer: CryptoPlug does not recommend that any cryptocurrency should be bought, sold, or held by you. Do conduct your own due diligence and consult your financial advisor before making any investment decisions.