Crypto community reacts to Ledger wallet’s secret recovery phrase service

Several crypto community members, including Ledger wallet owners, have taken to social media to express their discontent following the release of Ledger’s latest feature. The newly introduced retrieval solution for its hardware crypto wallets, known as Ledger Recover, aims to offer a safeguard in case users misplace their seed phrase.

Exciting update, Ledger has a new product, Ledger Recover, that’s launching soon: https://t.co/nT1VHnnSYz

Here’s what Ledger Recover is and what it isn’t, explained by @P3b7_ & in the thread below. pic.twitter.com/RW1w07H6pK

— Ledger (@Ledger) May 16, 2023

Ledger Recover is a subscription service that allows users to utilize an additional layer of protection for their private keys. This service employs a technique where the user’s seed phrase is divided into three encrypted fragments, each sent to different external entities. Once these fragments are combined and decrypted, they can be used to reconstruct the original seed phrase.

The wallet provider shared that Ledger Recover is an optional subscription for users who want to back up their secret recovery phrase. “You don’t have to use it, and can continue managing your recovery phrase yourself if that’s why you bought a Ledger,” the company explained.

Nevertheless, the concept has enraged many in the crypto community, including security specialists.

Mudit Gupta, the chief information security officer at Polygon Labs, shared, “It’s a horrendous idea, DON’T enable this feature.” Gupta expanded further in his Twitter thread that “[t]he problem here is that the encrypted keys parts are sent to 3 corporations and they can reconstruct your keys.”

The problem here is not splitting the key in 3 parts. That’s actually good! I may or may not be doing that personally as well 🙂

The problem here is that the encrypted keys parts are sent to 3 corporations and they can reconstruct your keys.

— Mudit Gupta (@Mudit__Gupta) May 16, 2023

Founder and CEO of Binance Changpeng Zhao chimed in on Gupta’s thread, saying, “So the seed can leave the device now? Sounds like a different direction than ‘your keys never leave the device.’”

So the seed can leave the device now?

Sounds like a different direction than “your keys never leave the device”. ‍♂️

— CZ Binance (@cz_binance) May 16, 2023

Bitcoin (BTC) investor and podcaster Chris Dunn shared, “First they exposed mailing address, phone numbers, and email addresses of their customers. […] And now they’ve put a back door into seed phrases. It’s time to say goodbye to Ledger,“ referencing the Ledger data leak that exposed users’ information in 2020.

First they exposed mailing address, phone numbers, and email addresses of their customers…

And now they’ve put a back door into seed phrases.

It’s time to say goodbye to @Ledger ✌️ https://t.co/FsZw1jUt6h

— Chris Dunn (@ChrisDunnTV) May 16, 2023

Crypto investor DCinvestor also referenced Ledger’s previous data leak that left users exposed and vulnerable, saying, “reminder that several years ago, Ledger leaked the name and home addresses for all of their customers via a data breach. [T]he absolute last thing you want on their servers is your private key.”

reminder that several years ago, Ledger leaked the name and home addresses for all of their customers via a data breach

the absolute last thing you want on their servers is your private key https://t.co/z89xxLS6ie

— DCinvestor (@iamDCinvestor) May 16, 2023

Bitcoin investor and entrepreneur Alistair Milne shared, “Sure, you *could* use Ledger’s new ‘Recover’ service and give them […] your private keys controlling your assets as well as a copy of your ID and other personal information. […] But why then bother with a hardware wallet in the first place?” His post suggested that Ledger’s latest recovery service undermines the whole point of self-custody via a hard wallet.

Sure, you *could* use Ledger’s new ‘Recover’ service and give them the your private keys controlling your assets as well as a copy of your ID and other personal information…

… but why then bother with a hardware wallet in the first place? pic.twitter.com/ZI39B01gFV

— Alistair Milne (@alistairmilne) May 16, 2023

Related: Ledger data leak: A ‘simple mistake’ exposed 270K crypto wallet buyers

In April, Ledger launched the Ledger Nano S Plus, a specialized wallet tailored to nonfungible tokens (NFTs). The Ledger Nano S Plus aims to enhance user safety and deliver an improved experience for Web3 customers who routinely trade NFTs. This development followed Ledger’s recent integration of “clear signing” technology through Ledger Live, further bolstering user security measures.

Established in 2014, Ledger has become a prominent global player in the realm of hardware cryptocurrency wallets. The company has reportedly sold an estimated 4.5 million wallets and introduced six distinct wallet models.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story