Why Ledger Users Don’t Need to Panic

I thought it was appropriate to publish a post on why the recent fears over Ledger’s security are misguided. I hope it provides clarity to any Ledger holders who are confused about what’s happening. Please ask any questions in the comments below and I’ll respond as soon as possible.

Key Takeaways

- Ledger announced Ledger Recover, an opt-in subscription-based service for backing up users’ seed phrases.

- Fear spread throughout the community over whether Ledger could access all of its customers’ seed phrases.

- These fears proved misguided. Ledger wallets remain safe to use.

- Ledger Recover is targeted at those who don’t want to be solely responsible for protecting their seed phrase.

What Happened & Why The Uproar?

On Tuesday, Ledger announced Ledger Recover, an ID-based key-recovery service that provides a backup for people’s secret recovery phrase—that is, the backup of all the private keys stored in a given crypto wallet.

After learning about Ledger Recover, many crypto enthusiasts criticised Ledger on social media. Misinformation about the service quickly spread, with some irresponsible people even encouraging Ledger owners to withdraw all of their cryptocurrencies immediately.

This all prompted Ledger to provide clarity and answer the community’s questions in what was a disastrous day in terms of corporate communications.

The primary cause of the uproar was confusion about the mechanics of Ledger Recover and Ledger hardware wallets. Many existing device owners were fearing that Ledger had been lying for nearly a decade about its claim that it cannot access customers’ seed phrases.

Fear Not, Ledger Users

For those who own a Ledger hardware wallet, please know that your cryptocurrencies and seed phrases are safe. No immediate action is required. Ledger Recover is an optional service that does not impact your Ledger hardware wallet.

Today, a Ledger user’s seed phrase is stored inside their hardware wallet and on the piece of paper they (hopefully) wrote it on. When Ledger Recover launches, users will need to update their firmware in order to have the ability to opt-in to the service. Nothing about the device changes. The service is just a new functionality.

Technically, Ledger has always been able to deploy malicious firmware. However, doing so would destroy the company, annihilate shareholder value, and likely result in civil penalties. And even if it deployed malicious firmware, users would still need to approve an upgrade by entering their PIN. (Ledger Support tweeted the above on May 18, 2023, which surprised many. I have pasted screenshots below in case it deletes the tweet.)

More About Ledger Recover

As mentioned, Ledger Recover is a service that will let users restore their private keys to their Ledger devices. Apparently, many owners of Ledger hardware wallets have demanded a solution like this for several years.

It’s basically a seed-phrase backup. When a Ledger Recover subscriber loses their hardware wallet, they will be able to use the service to restore their private keys to their device.

This is in contrast to the situation for most hardware-wallet owners today. In the unfortunate scenario where they lose access to their seed phrase—typically hand-written on paper—these people have no way of regaining control of the cryptocurrency held in their wallet.

Screenshot from the Ledger Recover webpage (Source)

Device compatibility: Initially, Ledger Recover will only compatible with the Nano X device. Compatibility with the Nano S Plus and Stax is coming soon. Of note, the service is incompatible with the Nano S.

Availability: To start, Ledger Recover will be available to anyone with a passport or national identity card issued by the EU, U.S., UK or Canada. Support for more countries and identity documentation will be added in the coming months.

Subscription cost: US$9.99 per month.

Coverage: Security firm Coincover will, subject to investigation, provide as much as $50,000 in compensation if wallet access is lost. (This limit arguably makes the service less appealing to those with 6-figure crypto portfolios or higher.)

All About Tradeoffs

Ledger Recover’s controversial launch is a timely reminder about the tradeoff between security and convenience. This tradeoff is the reason why there’s no universal ‘best’ solution when it comes to security. (Our Security Centre has resources on optimising your security.)

Your version of ‘best’—based on factors such as your preferences, personality, past experiences, lifestyle and knowledge—is not always the same as that of your friend, family member, colleague or neighbour.

For example, some people will comfortably keep 100% of their cryptocurrencies on an exchange—even when they fully understand the relatively high risk of doing so—while others shudder at the idea of doing this and, instead, prefer storing all of their cryptocurrencies on a hardware wallet for greater security.

With respect to Ledger Recover, opting in will open an additional attack vector for Ledger users. Co-founder Nicolas Bacca acknowledged this in a Twitter Space earlier today.

This additional attack vector has nothing to do with the Ledger devices themselves. Instead, it relates to the personal information that Ledger Recover subscribers will need to share with ID verification service providers Onfido and Electronic IDentification. Also, Coincover and Ledger will store an encrypted excerpt of this data.

(For those unaware, ID verification is different to a KYC process. Think of it as a light version of KYC. It’s less complicated and involves sharing less personal information relative to KYC.)

Additionally, Ledger Recover subscribers will be trusting the 3 entities responsible for securing the 3 encrypted shards derived from subscribers’ seed phrases. Those being Ledger, Coincover and EscrowTech, domiciled in France, England, and the U.S., respectively.

I’m sure that some privacy-oriented people won’t subscribe to Ledger Recover because they don’t want to entrust these companies with their personal details. That’s perfectly fine!

Others who prefer the convenience of a service that backs up their seed-recovery phrase may be content with trusting these companies to secure their personal details.

Ultimately, it all comes down to personal preference.

If you understand self-custody very well and can be fully self-sovereign, you don’t need Ledger Recover. If you are someone like my mother, then this product will be for you. In the end, you choose.

Charles Guillemet (CTO, Ledger)

Recap

Fears spread today that Ledger could access the seed phrases of the hardware wallets it sells. These fears proved misguided after the company shared more details about Ledger Recover, the new opt-in service that instigated the fears.

The past 24 hours are a reminder of how rapidly misinformation can spread. Nothing from today’s events has changed my view on Ledger’s hardware wallets. They remain a quality solution for those who value security and self-custody.