Ledger, a well-known hardware wallet manufacturer, has recently introduced a seed phrase backup product called Ledger Recover that may introduce a new potential security risk. By providing the company with your ID and personal information, Ledger Recover allows users to encrypt their seed phrase into three “shards” which are then stored with different custodians. While this may assist those who frequently lose their keys, the introduction of a third party creates a single point of failure that could be exploited or subject to regulation.
Self-custody in crypto is vital, and security is the backbone of self-custody. Ledger has built its reputation on securely storing users’ private keys on its hardware wallets by keeping the keys offline and within the device, known as “cold storage.” This provides better security compared to “hot wallets” or online wallets. However, not all users are comfortable with Ledger’s latest attempt to appeal to both crypto OGs and non-OG users with its backup product.
Ledger’s community has voiced concerns about the company’s ability to access users’ private keys with hardware updates. Many users view their hardware devices as untouchable and hold them to a high level of trustworthiness. However, the reality is that users have always relied on the company not to insert malware into firmware updates that could compromise their seed phrases.
Trusting Ledger with your wallet’s security is essential, as users often lack the necessary coding expertise to discern a malicious update from a legitimate one. The company provides assurances of security, but some suggest that their trustworthiness could be improved by open-sourcing more of their software and hardware components. However, Ledger’s chief technology officer has stated that nondisclosure agreements prevent this from happening.
In response to these concerns, some have suggested the introduction of a “cypherpunk”-branded segment to Ledger’s hardware and software. This would cater to the OG crypto community by offering open-source and crowdsourced security audits. Whether Ledger pursues this option remains to be seen.
For now, the safest option for users may be to continue trusting Ledger while keeping an eye on the development of open-source hardware wallets. However, this incident has exemplified the importance of maintaining an appropriate balance between security and convenience when it comes to cryptocurrency storage. Self-custody in crypto is critical for safeguarding assets, and it is essential for users to be knowledgeable about the tools and services they rely on for protection. Ultimately, it is up to each individual to weigh the pros and cons and make an informed decision regarding the security of their crypto assets.
Source: Cointelegraph