Yesterday, Monday, May 15th, Ledger launched its brand new service Ledger Recovery, a new way to recover your seed phrase for their hardware wallets. With a quick glance at your Twitter timeline, it is easy to see that the announcement is taking the crypto space by storm.
Ledger argues that this new service will contribute to the broader adoption of cryptocurrencies. However, many customers criticize this move claiming it undermines trust in the company and is a misguided step in the wrong direction.
Today, we aim to provide a comprehensive breakdown of this information to enable you to form your own conclusions and make better-informed decisions regarding your assets.
What is Ledger Recovery? (a tl;dr)
Ledger Recovery is an identity-based service designed to assist users in recovering their Ledger wallet’s seed phrase in situations where the seed phrase or device is lost or inaccessible. Ledger Nano X users can opt-in to this service via a recent firmware update for $10 USD per month. Those using the service can recover access to their wallet up to 3 times per month and up to 10 times per year. Users can recover to the same device or a new one if their physical device is lost or stolen. Additionally, should there be a security breach within the system that results in the loss of funds, Coincover, a digital asset security company partnering with Ledger for this new service, is offering monetary reimbursement of up to 50K.
How does it work?
Rather than trying to break down the steps of a product we have yet to use, I’ll let the Ledger website explain it directly. First, a general overview of how it works:
Should you opt-in, you will need to set it up:
And finally, the seed phrase recovery process:
Additional information was shared live by Ledger CTO Charles Guillemet across several Twitter spaces regarding the selection of the companies that will secure the seed phrase “shards.” He emphasized that Ledger dedicated a substantial amount of time to carefully choosing and auditing these companies, which include Coincover and another third-party entity.
Ledger collaborated closely with these companies to establish a robust infrastructure for storing the encrypted shards. Special attention was given to ensuring stringent checks and controls for internal security management and identity verification procedures were present. They were also mindful of selecting companies residing in two different jurisdictions, distinct from their own. This jurisdictional diversity provides an additional layer of security.
During the discussion, Charles Guillemet delved into the encryption process, highlighting its sophisticated nature. He emphasized that the information undergoes a double encryption process before being divided into three shards, which are then stored in separate locations. He did get into technical detail, but it was difficult to follow in real-time for anyone without expertise in the digital security space. Documentation regarding this process has yet to be published for public consumption as of the publishing of this article, and therefore we won’t try to recap it here. However, if this interests you, we recommend listening to the explanation provided during Ledger’s Twitter space.
A Fire Storm Ensued
On Tuesday, May 16th, the Ledger team was busy attending Twitter spaces and responding to community questions regarding Ledger Recovery on Twitter. They also held their own Twitter space (linked above) to address the concerns raised. We had the opportunity to join several of these spaces, enabling us to gather and summarize critical arguments that supporters and critics of Ledger’s new feature presented. Below, we aim to provide an overview of some of the most prevalent views voiced from both perspectives.
Erosion of trust: Ledger customers were under the belief that seed phrases would never leave their hardware devices for any reason. This assurance served as a crucial selling point for many users, and they now feel that Ledger has reneged on their promise or possibly even deceived them since it is now possible for the seed phrase to leave the device, even in a double encrypted form. Customers argue that this capability exists regardless of whether they choose to opt-in to the new service, as it is enabled through the blanketed firmware update, causing significant distrust and concern.
A backdoor is opened: Introducing the new feature has raised concerns about the potential opening of a backdoor, increasing the security risk for Ledger users. It’s making users question whether their funds are safe on their Ledger devices. The ability to utilize a new device during the Ledger Recovery process adds an additional layer of risk, as it means that a malicious actor no longer requires physical access to the user’s device to gain access to their assets.
Loss of anonymity: You must connect your identity to your wallet to opt-in to the new feature. This causes concern for those who choose to operate in the space while maintaining their anonymity. This could also be a very slippery slope. By associating a wallet with one’s identity, users worry about the possibility of law enforcement agencies having the ability to subpoena access to their accounts, just like the process with traditional fiat accounts.
Disregard of self-sovereignty: Many argue that introducing this feature contradicts the fundamental ethos of cryptocurrency and web3. At the core of these technologies is the principle that users should have complete control over their assets and data without the need for intermediaries or centralized entities. It introduces centralization in a space where it may not be necessary or welcomed.
Mass adoption: Supporters of Ledger Recovery frequently emphasize the potential for mass adoption as a key driver behind their arguments. The Ledger team reiterated the notion that services like Ledger Recovery are crucial in accelerating the widespread acceptance and use of cryptocurrencies. Here are a few of the touch points frequently noted:
- Alignment with familiar tools: Let’s state the obvious; individuals struggle with managing their security in the web2 space, let alone the more complex web3 environment. The absence of a recovery option for crypto wallets in the event of seed phrase or device loss can be a significant deterrent for non-native users. Aligning new technology with what people are already familiar with in web2 (i.e., password recovery) will help break down entry barriers into what is perceived as an intimidating and risky space.
- Lack of education/tooling: There is a lack of education and tooling that is easy for new and non-technical users to understand in the crypto space. The complexity of the technology can be overwhelming, leading to potential mistakes and misunderstandings. In response to this challenge, tools like Ledger Recovery are necessary to address the gaps in user understanding and facilitate a smoother user experience.
Sophistication of the process: The 2-step encryption and decryption processes are very sophisticated. You are not opting to simply send a third of your literal seed phrase to 3 companies. The Ledger team appears to have considered adding security measures at all available steps. In turn, a hack on the system would have to be incredibly sophisticated and coordinated to be successful, making it very unlikely. The Ledger and Coincover teams believe so strongly in the security of Ledger Recovery that an “insurance policy” is offered should the system fail and funds be lost.
Users maintain control: You must opt-in for any of this to occur. The user still maintains control. The Ledger team repeatedly stated that users who do not opt-in maintain sole access to their seed phrase.
Lingering Thoughts & Takeaways
It’s always interesting to observe big happenings in the crypto space. You have to wonder if the Ledger team anticipated such a considerable backlash in the wake of the release. Our observations of company team member interactions with the user community make us think the answer to this question is “no.” Much of the interactions were professional, though a few responses made us raise our eyebrows. Regardless, there was an apparent failure on the communication front of this launch. Better, more technical documentation must be shared with the community as soon as possible by the Ledger team to calm the FUD rather than trying to convince people to take their word for it. Hopefully, they can learn from their mistakes, and other companies will take note to improve future product launches in a space where trust and transparency are essential.
We are extremely curious to see how the claims process plays out for the Coincover “insurance” policy. If it’s anything like traditional insurance plans, getting a claim processed and recovering funds will be challenging. This is a feature we will be keeping our eye on.
Some food for thought…perhaps Ledger Recovery should have been offered on a new line of devices only (i.e., Nano X w/ Recovery) rather than retroactively adding it to all Nano X devices via the firmware update? They could appease current users and future customers with this option. The feature is technically in a soft launch, so this is still possible, at least for the remaining product lines. It will be interesting to see how the launch progresses.
So, what are your thoughts? Will you be a ledger Recovery user? Do you disagree with the launch of the feature? Either way, we hope this brief recap helps you make sense of the current situation and make safe, informed decisions regarding your assets. Stay safe out there, frens!
Follow me on:
Twitter: Erin @ the Decentralized Diary https://twitter.com/decentradiary
Decentralist.com is a directory 🗒 for decentralized resources. It includes resources such as the List of DAOs, List of DAO Tools, and the Decentralized Diary. Visit our website at www.Decentralist.com or follow us on Twitter @decentra_list.
The content is for informational purposes only. Nothing contained in this article constitutes a solicitation, recommendation, endorsement, or offer of a security, token, or application. This is not investment or legal advice. Please do your own research.