Ledger Postpones Release of New Feature After Community Backlash
A week ago, Ledger took the internet by storm, but in a negatively viral way. The hardware wallet company’s Chief Security Officer, Charles Guillemet, explained how a new feature called Ledger Recover would work. Ledger Recover would restore a lost seed through multiple intermediaries by stepping away from the established notion of a self-custodial hardware wallet.
Once the optional subscription service is activated, the seed phrase will be sent into three encrypted shards to different entities. Following ID verification tied to the wallet, also run by third parties, the user would then activate Ledger Recover for other third parties to make the seed phrase whole and blockchain access restored.
Ledger CEO Backtracks into Open Source Territory
After Binance CEO and other cybersecurity professionals noted that a hardware wallet, by definition, should not be sending out seed phrases, Ledger made a serious PR blunder. In response to one of the users, Ledger Support openly stated that customers always depended on their trust in Ledger not to open up backdoor vulnerabilities.
However, the internet soon after contrasted that (since deleted) tweet to Ledger’s previous statements:
Even former Ledger CEO, Éric Larchevêque, noted that a “false sense of trustlessness went into pieces” that make Ledger Recover both convenient and controversial.
Today, Ledger CEO Pascal Gauthier admitted to certain PR blunders, noting that “our unintentional communication mistake took everyone by surprise.” Gauthier further apologized for the miscommunication. More importantly, what is to become of Ledger Recover?
Gauthier still sees the need for self-custody and the peace of mind that comes from knowing that a wallet’s seed phrase is recoverable.
“The majority of users in crypto today either don’t own their private keys and/or are putting their private keys at risk using less secure forms of self-custody, and hard-to-use forms of storing and securing their seed phrase.”Ledger CEO and Chairman, Pascal Gauthier
Indeed, if hardware wallets are cumbersome to use, it is safe to say that most users would avoid them entirely. This would leave them more vulnerable without a hybrid solution like Ledger Recover.
But to recover the trust of existing Ledger users, Gauthier is now pledging to make the entire code open source. This will start with the inclusion of Ledger’s operating system’s core components, in addition to the Ledger Recover feature itself.
“we will open source the Ledger Recover protocol, enabling the community to have as much choice as possible over your self-custody,in addition to the service being fully optional.”Ledger CEO and Chairman, Pascal Gauthier
Conversely, Ledger Recover will not launch before the feature’s code is open and auditable. This way, Ledger Recover will join 150 Ledger Nano apps that are also open source.
Join our Telegram group and never miss a breaking digital asset story.
Does Ledger Recover Open the Floodgates to Government Seizures?
In addition to the PR blunder related to building potentially vulnerable firmware updates on top of the Secure Element chip, Gauthier delivered a mishap. Because Ledger Recover sends out the user’s seed phrase to third parties, it would be technically possible for the government to subpoena those parties.
Simultaneously, Gauthier admitted this possibility and said it is not a concern for regular users who are neither terrorists nor drug traffickers. However, other panel participants quickly noted that the subpoena barrier was shallow.
Specifically, government agencies can request subpoenas in bulk via so-called ‘John Doe’ summons. This happened when Coinbase’s database was subpoenaed by the Internal Revenue Service (IRS), having to supply all customer data who transacted at least $20,000 over three months between 2016 and 2021.
“The John Doe summons remains a highly valuable enforcement tool that the U.S. government will use again and again to catch tax cheats,”IRS Commissioner Chuck Rettig
Conversely, the government could use Ledger Recover-like services to seize user funds for whatever reason. This puts the Ledger Recover feature in a precarious position, as it still moves users away from self-custody, even if no vulnerabilities exist.
Do you think Ledger Recover is an optimal compromise between vulnerability and wallet recovery redundancy? Let us know in the comments below.