Summary:
Crypto Twitter brimmed
with opposition to Ledger’s latest firmware feature that will back up customers’ seed phrase if they choose to opt-in to a monthly subscription for custody services.Ledger Recover was announced on May 16 much to the sock of customers thanks to a supposed turnaround on the company’s so-called dedication to security. The firmware update will give wallet users the option to back up their seed phrase with three custodians, a feature meant as a safeguard should any user lose their private keys.
The hardware wallet maker clarified – after heavy community backlash – that the seed phrase sent to custodians is generated as an additional private key of sorts. A Twitter thread was released explaining the mechanics, although the post seems to have raised more questions than answers.
Ledger Recover encrypts a version of your private key, splits it into three parts, and sends each part or shard to one of three custodians if a customer chooses to subscribe. The feature is currently only available on the company’s Nano X wallet. Although, customers raised concerns that an update could expose their seed phrase to anyone but themselves, a thing that was previously thought impossible on any Ledger device.
Security expert and Polygon Labs CISO Mudit Gupta noted that private keys could be reconstructed using 2/3 of the shards, a problem that leaves wallet users open to a new attack vector.
Other users on Twitter completely rejected the update and asked the wallet maker to bin the idea or release a separate wallet product line for the recovery feature.