- Ledger’s latest update touted as an “additional safety net” received backlash from customers and crypto Twitter commentators.
- The company’s response on social media left users unconvinced and seemingly did little to address security concerns regarding private keys and a new attack vector that the recovery firmware could unearth.
- Ledger Recover will allow users to opt-in for a monthly subscription to back up their seed phrase with another seed phrase stored at three custodians, two of which are third-party.
Crypto Twitter brimmed with opposition to Ledger’s latest firmware feature that will back up customers’ seed phrase if they choose to opt-in to a monthly subscription for custody services.
Ledger Recover was announced on May 16 much to the sock of customers thanks to a supposed turnaround on the company’s so-called dedication to security. The firmware update will give wallet users the option to back up their seed phrase with three custodians, a feature meant as a safeguard should any user lose their private keys.
Ledger Defends Recover Subscription
The hardware wallet maker clarified – after heavy community backlash – that the seed phrase sent to custodians is generated as an additional private key of sorts. A Twitter thread was released explaining the mechanics, although the post seems to have raised more questions than answers.
Ledger Recover encrypts a version of your private key, splits it into three parts, and sends each part or shard to one of three custodians if a customer chooses to subscribe. The feature is currently only available on the company’s Nano X wallet. Although, customers raised concerns that an update could expose their seed phrase to anyone but themselves, a thing that was previously thought impossible on any Ledger device.
Security expert and Polygon Labs CISO Mudit Gupta noted that private keys could be reconstructed using 2/3 of the shards, a problem that leaves wallet users open to a new attack vector.
Other users on Twitter completely rejected the update and asked the wallet maker to bin the idea or release a separate wallet product line for the recovery feature.