Ledger’s Key-Recovery Feature: The Privacy, Security, and Trust Dilemma in Crypto Wallets

Sunset-lit cityscape with Ledger wallet, seed phrase hovering above, custodians in the background, impressionistic style, soft light, warm colors, mood of uncertainty and dilemma, question mark symbol hanging over the wallet, juxtaposition of cold and hot storage imagery, fading user trust on the horizon.

When Ledger, a Paris-based hardware wallet-maker, announced its new key-recovery feature, it believed that allowing users to recover their private keys, much like recovering a forgotten password, would help draw in more customers. However, the launch of “Ledger Recover” has faced criticism from opponents who claim that it is incompatible with the concept of a hardware wallet that promises to protect private keys from access.

According to critics, the firmware update and the recovery setup do not seem safe. Ledger, on the other hand, asserts that security remains intact. Ledger’s new feature requires users to share their seed phrase (a sequence of words used to recover a lost wallet) with a set of trusted custodians, including Ledger, Coincover, and EscrowTech. These custodians store users’ encrypted backups for a monthly fee, allowing users to restore access to their crypto if they forget or lose their seed phrases.

While the company claims that the hardware wallet itself does not store any user identity information, privacy concerns arise. Users who opt for the Recover update will have their identities linked to their crypto wallets, bringing the experience closer to using a centralized exchange with know-your-customer (KYC) checks.

Moreover, if hackers breach Onfido or Tessi, which are used to verify users’ identity, they might gain access to a list of Ledger users who own significant amounts of crypto, along with their personal data. Past breaches, like the one in July 2020, have raised valid concerns about the security of user information.

Another issue is the trust between Ledger and its users. Crypto developer and researcher Laurence E. Day asserts that Ledger’s code is closed source, so no one can review the actual content of the update. Blockchain security expert Christopher Allen expressed similar concerns on Twitter, highlighting that Ledger’s use of Shamir’s Secret Sharing appears to be proprietary and possibly naïve.

Furthermore, by enabling the Recover service, users might argue that they are essentially transforming their cold (offline) wallet into a hot (online) wallet, even if some legal steps lie in between. Questions on the extent of Ledger’s firmware capabilities and whether users can still trust their devices linger.

In summary, Ledger Recover seeks to strike a balance between the autonomy of cold storage and the comfort of custodial storage, providing users with a safety net to recover lost crypto wallets. However, the increased risk to security, privacy, and the rift in users’ trust make it questionable whether hardware wallet users, who tend to be a more sophisticated audience, would want this compromise.

Source: Coindesk

Sponsored ad