Ledger, one of the largest crypto hardware wallet brands, has received quite a bit of criticism. In a recent tweet, it announced a new feature. With the new feature, customers can have an extra backup made of their private keys. However, this went completely wrong with many!
Ledger introduces new feature on crypto wallet
In a recent tweet Ledger shared the new feature: Ledger Recovery. The new feature “is an optional subscription for users who want a backup of their Secret Recovery Phrase.” A recovery phrase is a series of words that can be used to recover a wallet in case of need.
In short, this sentence is extremely important. Ledger now offers a service that allows customers to split their recovery phrase into three parts. These parts are then encrypted and stored with three different parties. In principle, even if you lose your recovery phrase, you can still get your wallet back.
Incidentally, it is not entirely clear whether it is the recovery phrase or the actual private key itself that is stored by the parties. Indeed, the service’s FAQ page states, “Ledger Recover can recover your private keys on your device, but cannot give you your secret recovery phrase.”
It is also striking that a wallet can be recovered with only two of the three fragments. “Each of these encrypted fragments is useless on its own. When you want to access your wallet, 2 of the 3 parties send fragments back to your Ledger device and put them back together to build your private key,” said Ledger.
Crypto community is shocked
With all the facts straight, it’s no surprise that not everyone is jumping for this new feature. So it is Mudit Gupta, chief information security officer at Polygon Labs, who on Twitter wrote:
“The problem here is not splitting the key into 3 parts. That’s actually good! Maybe I personally do or not 🙂 The problem here is that the encrypted key parts are sent to 3 companies and they can reconstruct your keys.”
Binance CEO Changpeng Zhao responded similarly, writing “So the seed phrase can leave the device now? Sounds very different from “Your keys will never leave the device.” With this he seems to refer to previous promises from Ledger.
Ledger tries to minimize damage
Ledger is now busy easing customer concerns. Many of them wonder if the feature will be turned on for everyone as soon as they run the update. However, Ledger argues that this is not the case.
If a customer chooses to enable the Ledger Recovery subscription, only then will the recovery phrase be split into three parts and encrypted. “That means that the shards (parts of the recovery phrase, ed.) are not encrypted and stored on hardware security modules, unless you sign up for Ledger Recover. If you don’t sign up for this feature, nothing will change,” said Ledger.
