Ledger, a renowned provider of crypto wallets, has launched an update that allows users to link their seed phrase with their passport or identity card. This move has raised eyebrows and sparked a debate over its potential risks.
New Feature: Ledger Recover
The new feature, dubbed Ledger Recover, was introduced in the latest firmware update. Essentially, it's a key recovery service hinging on identity verification, where users can back up their seed phrases using their passport or national ID card.
The recovery process involves storing three encrypted fragments of the user's seed phrase with custodians, including Ledger, Coincover, and a third entity. Given the need to trust these companies with such critical information, users are expressing concerns over the security implications.
Despite the fact that this service is optional and (also) incurs a monthly fee of $9.99, some users fear it could be a potential security loophole, even for those who choose not to participate.
However, Ledger confirmed that user approval on their Ledger is mandatory for the seed phrase to be included in this process.
Ledger has been hacked in the Past
Notably, Ledger was the victim of a data breach in 2020, compromising the contact details of around 300,000 customers and over a million email addresses. This incident has heightened the fears of users, some of whom have voiced their concerns on platforms like Reddit.
Adrian Hetman, tech lead triager at Web3 bug bounty platform ImmuneFi, warned that the risk of ID theft could expose crypto users to a new form of attack. He believes allowing anyone with your ID or passport to regain access to locked funds isn't a sound security practice.
Ledger, however, dismissed these concerns, explaining that possessing the user's government ID is just one step in the process. They have implemented full liveness detection that includes randomized camera prompts, reviewed both technologically and manually, to ensure identity match before initiating recovery.
While Ledger continues to emphasize that the service is voluntary and users can still manage their own seed phrase backups, the update has left Ledger owners questioning what it might mean for the company's overall security stance.
Does Ledger now have a backdoor?
Ledger asserts there is no backdoor in its devices and this service is purely opt-in. This implies that users who don't opt in will experience no changes to their Ledger devices.
Nicolas Bacca, Ledger's co-founder, spoke at a Twitter Space meeting with other Ledger executives, strongly asserting that "nothing will happen without your consent on your device," and that this update doesn't broaden the attack surface on Ledger wallets.
Backlash on Twitter
However, many on Twitter are arguing about the potential security risk posed by the mere availability of this opt-in service.
A Twitter user (0xfoobar) raised concerns about the possibility of the code path leaking private key material over the internet, regardless of whether the user opts in or not, potentially providing hackers with a new attack vector. "Ledger’s business trajectory is one of wanton disregard for customer safety," they argued.
Anatoly Yakovenko, Solana's co-founder, voiced his opinion, suggesting that trust in Ledger has not fundamentally changed and that if users trust the company not to access their private keys before, they should continue to do so now.
Should You Switch From Ledger?
The decision to switch wallets largely hinges on individual user preferences, their understanding of private key management, and their personal responsibility level.
Wallet preferences vary widely among users, with some choosing paper wallets, others mobile-first, and many opting for hardware wallets for securely storing large amounts of crypto. Joint custodial solutions, which require a certain number of associated private keys to authorize a transaction, are also popular. With Ledger Recover being opt-in, users choosing not to utilize it will see no changes to their seed phrase management.
Other hardware wallets available on the market include Passport (by Foundation Devices), ColdCard, and BitBox02 for Bitcoin-only users, and Trezor, CoolWallet, and KeepKey for all-around crypto users.
What are Hardware Wallets?
Hardware wallets are physical devices that keep private keys in a secure, offline environment. They're often recommended by security and Bitcoin experts as the safest way to protect crypto holdings.
Whether to invest in a hardware wallet is a personal decision. Bitcoin educator Andreas M. Antonopoulos suggests,
"If you have more crypto than you would be upset to lose, you should use a hardware wallet.”
Charles Guillemet, CTO at Ledger, stated on Twitter, "This update is for my mother, for example, who isn’t comfortable with storing her private keys herself", reiterating Ledger's commitment to "security and self-custody maxis". He emphasized that everything about crypto custodial options ultimately boils down to personal preference.