In the world of cryptocurrency, security is of the utmost importance. With this in mind, hardware wallet provider Ledger introduced its Ledger Recover service as part of their latest firmware update, causing quite a stir among the crypto community.
The ID-based key recovery system is designed to back up users’ seed phrases, requiring a passport or national identity card as confirmation of one’s identity. However, despite the opt-in nature of the $9.99 per month service, the announcement has sparked concern among users and experts alike.
Many are questioning the wisdom of tying crypto seed phrases to identifiable personal documents, with one Reddit user calling it “a disaster waiting to happen.” Indeed, the previous data breach experienced by Ledger in 2020, exposing customer data, only amplifies these worries. Should data leak again, seed phrases stored via Ledger Recover could be vulnerable to fraudulent access.
Adrian Hetman, tech lead triager at Web3 bug bounty platform ImmuneFi, highlights the inherent flaws in the service. “Exposing your seed phrase and then allowing anyone with your ID or Passport to regain access to the locked funds is a bad security posture,” he said. “ID theft is common and that would expose crypto users to a new form of attack.” Furthermore, Hetman asserts that no amount of encryption can assuage this issue.
However, not all hope is lost for seed phrase recovery solutions. The concept of social recovery, which is utilized by Vitalik Buterin, offers a more secure method of seed phrase protection. By choosing a number of trusted guardians (other wallets, friends, or family members) who can approve wallet recovery, users can maintain control of their seed phrases without exposing their personal identification.
This kind of recovery system is well-regarded by Hetman, who believes it offers a user experience closer to that of the current banking system while remaining secure and efficient. The primary advantage of social recovery, as compared to Ledger Recover, is the user’s ability to choose their own trusted guardians – eliminating the need for, and potential risks associated with, providing passports or identity cards.
In conclusion, while Ledger’s introduction of the Ledger Recover service may raise genuine security concerns, the larger conversation around seed phrase recovery is far from over. It is clear that alternative solutions, such as social recovery, offer promise and may better address the evolving needs of the crypto community without compromising the safety of its users.
Source: Decrypt