Crypto community reacts to Ledger wallet’s secret recovery phrase service
Several crypto community members, including Ledger wallet owners, have taken to social media to express their discontent following the release of Ledger’s latest feature. The newly introduced retrieval solution for its hardware crypto wallets, known as Ledger Recover, aims to offer a safeguard in case users misplace their seed phrase.
Ledger Recover is a subscription service that allows users to utilize an additional layer of protection for their private keys. This service employs a technique where the user’s seed phrase is divided into three encrypted fragments, each sent to different external entities. Once these fragments are combined and decrypted, they can be used to reconstruct the original seed phrase.
The wallet provider shared that Ledger Recover is an optional subscription for users who want to back up their secret recovery phrase. “You don’t have to use it, and can continue managing your recovery phrase yourself if that’s why you bought a Ledger,” the company explained.
Nevertheless, the concept has enraged many in the crypto community, including security specialists.
Mudit Gupta, the chief information security officer at Polygon Labs, shared, “It’s a horrendous idea, DON’T enable this feature.” Gupta expanded further in his Twitter thread that “[t]he problem here is that the encrypted keys parts are sent to 3 corporations and they can reconstruct your keys.”
Founder and CEO of Binance Changpeng Zhao chimed in on Gupta’s thread, saying, “So the seed can leave the device now? Sounds like a different direction than ‘your keys never leave the device.’”
Bitcoin (BTC) investor and podcaster Chris Dunn shared, “First they exposed mailing address, phone numbers, and email addresses of their customers. […] And now they’ve put a back door into seed phrases. It’s time to say goodbye to Ledger,“ referencing the Ledger data leak that exposed users’ information in 2020.
Crypto investor DCinvestor also referenced Ledger’s previous data leak that left users exposed and vulnerable, saying, “reminder that several years ago, Ledger leaked the name and home addresses for all of their customers via a data breach. [T]he absolute last thing you want on their servers is your private key.”
Bitcoin investor and entrepreneur Alistair Milne shared, “Sure, you *could* use Ledger’s new ‘Recover’ service and give them […] your private keys controlling your assets as well as a copy of your ID and other personal information. […] But why then bother with a hardware wallet in the first place?” His post suggested that Ledger’s latest recovery service undermines the whole point of self-custody via a hard wallet.
Related: Ledger data leak: A ‘simple mistake’ exposed 270K crypto wallet buyers
In April, Ledger launched the Ledger Nano S Plus, a specialized wallet tailored to nonfungible tokens (NFTs). The Ledger Nano S Plus aims to enhance user safety and deliver an improved experience for Web3 customers who routinely trade NFTs. This development followed Ledger’s recent integration of “clear signing” technology through Ledger Live, further bolstering user security measures.
Established in 2014, Ledger has become a prominent global player in the realm of hardware cryptocurrency wallets. The company has reportedly sold an estimated 4.5 million wallets and introduced sixdistinct wallet models.
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story
Source: Read Full Article