Ledger’s Controversial Nano X Update: Recover Feature Security Debate

Intricate cyberpunk scene, glowing LED lights, shadowy figures debating security, intense expressions, Futuristic cityscape in the background, bold contrast of vivid colors, dark, moody atmosphere captures controversy, luminous devices represent innovative technology, layered composition captures the complexity of the situation, opulent artistic style.

Ledger, a popular hardware wallet provider, recently released an update for its Nano X device, introducing the Ledger Recover feature. While the company claims that this feature enhances user security, several concerns have been raised regarding its implementation.

The Ledger Recover feature allows users to subscribe to a recovery tool that encrypts their seed phrase and distributes it among different custodians. These custodians are tasked with reconstructing the seed phrase upon successful ID verification by the user. However, some users are less than thrilled about this new feature, with Polygon Labs’ Chief Information Security Officer, Mudit Gupta, calling it a “horrendous idea.”

One of the primary concerns raised by Gupta lies in the ID verification process. He worries that granting key access to the contacts chosen by a user to store parts of their seed phrase could potentially expose them to identity theft. Additionally, some believe that giving multiple parties access to the seed makes the system inherently less secure.

In response to these concerns, Ledger‘s Chief Technology Officer, Charles Guillemet, stated that “there is no backdoor for anyone, neither us, a provider or even a very gifted hacker to access it.” Furthermore, CEO Paul Gauthier emphasized that Ledger has complete control over all its devices and cannot run automated updates remotely for any reason. The Recover feature is opt-in, allowing users to continue managing their recovery phrase themselves if they wish so.

Ledger has defended the new feature, claiming that self-custody remains at the core of their principles. The company also clarified that the three recovery custodians are Ledger, Coincover (a cryptocurrency custody firm), and EscrowTech (a code escrow company).

The introduction of Ledger Recover comes in the aftermath of the 2020 cyberattack on Ledger, which resulted in the leak of personal information from 270,000 customers. In light of the security breach, some users on Twitter have called for Ledger to offer the Recover feature as a separate product, rather than incorporating it into the existing device.

As the debate around the safety of Ledger Recover continues, users must weigh the potential security benefits against the risks involved in using a multi-custodian seed recovery process. Ultimately, it is essential for crypto enthusiasts to stay informed and make decisions that align with their personal security preferences.

Source: Blockworks

Sponsored ad