Controversial Ledger Key Recovery Service Paused Amid Backlash

Safety concerns arise regarding Ledger’s New Bitcoin Key Recovery Feature

In the world of cryptocurrency, the security of digital assets is of utmost importance. With the growing popularity of Bitcoin and other cryptocurrencies, hardware wallets have become an essential tool for securely storing private keys. One of the leading providers of cryptocurrency hardware wallets, Ledger, recently introduced a new Bitcoin key recovery feature. While Ledger’s Bitcoin key recovery feature aims to enhance user convenience and provide an extra layer of protection, experts in the field have raised concerns about its safety.

While the French wallet-maker is confident that the service will appeal to customers who are hesitant about the self-custody approach in the crypto world, skeptics question its compatibility with a true hardware wallet.

Anticipated popularity turns into uncertainty

Ledger, a hardware wallet maker based in Paris, had anticipated a positive response when it unveiled its new key-recovery feature this week.

Ledger believed that enabling users to recover their private keys, similar to recovering a forgotten password, would facilitate the onboarding of customers. The company recognized that potential crypto users often find the self-custody approach daunting, with the popular saying “not your keys, not your coins.” However, the introduction of a key recovery service would provide users with greater peace of mind and comfort.

The Ledger’s new Bitcoin key recovery feature immediately sparked criticism. Critics argue that the product is incongruent with the principles of a hardware wallet, which aims to safeguard private keys from unauthorized access.

Security Threat Model concerns raised by competing hardware wallet maker

According to Pavol Rusnak, the co-founder of Trezor, a competing hardware wallet manufacturer, the transmission of the seed or shares over the internet, as required by Ledger’s new Bitcoin key recovery feature, fundamentally undermines the security model of a hardware wallet. Rusnak expresses skepticism, stating that the magnitude of this change raises doubts about the viability of such a solution for a hardware wallet.

Through an optional update, owners of Ledger Nano X models can now utilize a service called Ledger Recover. This service enables users to share their seed phrase (a sequence of words used for wallet recovery) with a group of trusted custodians, namely Ledger, Coincover, and EscrowTech. In exchange for a monthly fee, these custodians will securely store users’ encrypted backups.

Ledger asserts that this feature empowers users to regain access to their cryptocurrency in the event of forgotten or lost seed phrases. Utilizing the service would enable users to seek assistance from Ledger, verify their identity, and have their private key restored on their behalf.

Detractors express concerns regarding the safety of both the firmware update and the overall recovery setup. Despite these concerns, Ledger maintains that the security measures are as robust as ever. CoinDesk examined the functionality of the new feature as outlined by Ledger and sought expert opinions regarding potential security concerns associated with it.

Ledger provides an explanation

Philip Costigan, the communications lead at Ledger, clarifies that the new feature does not involve the device itself establishing communication with custodians over the internet. He emphasizes that Ledger wallets lack any WiFi or internet connectivity capabilities.

In order to transfer encrypted portions of the seed to custodians, users are required to connect their Ledger wallet to a phone via Bluetooth using the Ledger app, as explained by Costigan. This method is also utilized for approving transactions, enabling Ledger owners to authorize cryptocurrency spending from their wallets.

Ledger's Bitcoin key recovery feature
Image Source:

Costigan explains the process as follows: Initially, users verify their identity through Ledger’s mobile app using the services of Onfido and Tessi, the two providers selected by Ledger for this purpose. Costigan clarifies that Ledger, Coincover, and EscrowTech do not review or retain individuals’ identification documents, as this responsibility is delegated to the expertise of the aforementioned providers.

Following the identity verification, the Ledger device receives a prompt to generate a backup. Subsequently, the backup is created, encrypted, and divided into shards using Shamir’s Secret Sharing technique. These shards are then transferred to Ledger, Coincover, and EscrowTech, explained Costigan. Each custodian retains one shard, which is individually meaningless and requires collaboration to be of any use.

Costigan emphasized that all encryption, fragmentation, and decryption processes for the secret recovery phrase occur within the secure element of the Ledger device. Thus, the only data that leaves the secure element, with the user’s consent, are the encrypted shards. Additionally, Costigan reiterated that the hardware wallet does not store any user identity information on it.

According to the FAQ page on the Ledger website, in the event of a recovery request, any two out of the three custodians will transmit fragments back to the user’s Ledger device. These fragments are then reassembled to reconstruct the private key.

Concerns regarding security

The announcement of the update of Ledger’s new Bitcoin key recovery feature triggered a wave of criticism from the cryptocurrency community, with accusations that Ledger’s new offering contradicts their previous statements of keeping private keys offline and away from the internet.

The cryptocurrency community, particularly Crypto Twitter, directed their criticism towards Ledger’s official account for a tweet posted in November, in which they assured users about the security of their devices. One Twitter user, @S_Radude, questioned Ledger’s ability to demonstrate that private keys on the device cannot be leaked through a firmware update if someone within the company desires it, as stated on November 15, 2022.

In response to the user’s inquiry, Ledger replied, stating, “Hello! Your private keys remain within the Secure Element chip at all times, and this chip, which has never been compromised, employs the same technology found in passports and credit cards. The private keys cannot be extracted from the Secure Element through a firmware update.”

Ledger’s update sparks controversy: Users point out discrepancies

Users highlighted that the new update contradicts what Ledger previously stated it would not do. However, there is a caveat: as described by Ledger during the recovery process, it is not the private key itself that is extracted but rather the seed phrase that encodes it.

“If you can update the firmware to instruct the ‘Secure Element’ to encrypt, shard, and distribute the seed, what stops you from updating the firmware next week to just extract the unencrypted seed,” user @NewWageCrypto asked.

In a tweet that has since been deleted, the company stated, “For every firmware update, a PIN unlock device approval is necessary. This crucial security measure ensures that even if we had your device, extracting your keys would be impossible.

According to Laurence E. Day, a crypto developer and researcher, the primary issue at hand is that Ledger’s code is closed source, preventing anyone from reviewing the actual workings of the update. This concern was echoed by Christopher Allen, a blockchain security expert, who shared similar thoughts on Twitter.

Identifying potential vulnerabilities

According to Day, the most concerning aspect of the situation is the breach of trust between Ledger and its users due to the contradictions in the company’s statements. Day expressed this concern, stating that the transfer of seeds outside the secure element chip has always been possible through firmware, which remains an option for other hardware wallet providers as well. Additionally, privacy is another significant concern, as hardware wallets are often seen as a means to store cryptocurrency anonymously, dissociated from personal identities.

Nevertheless, users who choose to utilize Ledger’s new Bitcoin key recovery feature update will find their identities associated with their crypto wallets, resulting in a user experience reminiscent of centralized exchanges with know-your-customer (KYC) checks. Seth For Privacy, the Head of Content at another competitor hardware wallet manufacturer Foundation, expressed concerns about Ledger’s offered setup, highlighting potential risks such as data leaks, hacks, and government surveillance or censorship.

Ledger has a history of security breaches, as evidenced by the July 2020 incident where the information of 272,000 users was stolen, followed by phishing attacks targeting the affected users. According to Day, law enforcement agencies could potentially exploit the setup to gain access to the cryptocurrency of Ledger users.

This raises concerns about the possibility of the custodian organizations facing government scrutiny. Moreover, there is a risk that even with a secure setup, any system can be manipulated. Rusnak from SatoshiLabs warned about the potential use of generative AI technologies to impersonate individuals, obtain their seed shares, and reconstruct their seeds.

Contrary to the Principles of Cryptocurrency

The use of trusted custodians is not uncommon in the world of cryptocurrency. Many individuals who store their coins on exchanges place their trust in these platforms as they would in a bank. However, hardware wallets embody the ethos of “be your own bank” in the Bitcoin community, where users have full control over their funds without relying on intermediaries for security.

This approach involves storing crypto keys on a device that is solely under the user’s control, preferably offline, to mitigate the risk of hacking. However, this self-custody approach may require a level of discipline that some individuals find burdensome. Ledger’s new service aims to offer users a sense of reassurance by allowing them to recover lost crypto wallets in a manner similar to recovering stolen credit cards or forgotten passwords, albeit in a more sophisticated manner.

In this context, Ledger Recover represents a compromise between the autonomy of cold storage and the convenience of custodial solutions. Users retain control over their crypto on their own devices but have the option to restore their wallets with assistance if they are lost. The question remains: do Ledger users desire this compromise?

According to Day, the intention to offer Recover as a user experience (UX) enhancement for less tech-savvy individuals is understandable. However, it seems like a communication misstep since the target audience for such devices is typically more knowledgeable and experienced in cryptocurrency rather than the average user.

Ledger, on the other hand, holds the belief that mainstream users may not realize they desire such a feature yet. “Customers may not currently express a need for it, but this is precisely what future customers will demand,” stated Pascal Gauthier, CEO of Ledger, during a Twitter Spaces session. He emphasized that this approach will be crucial for the next wave of individuals joining the cryptocurrency space, potentially numbering in the hundreds of millions.

In conclusion, Ledger’s introduction of the Bitcoin key recovery feature has sparked debates among experts and users alike. While Ledger believes the service will appeal to a broader audience, critics argue that it contradicts the principles of hardware wallets and raises potential security concerns.

The closed-source nature of Ledger’s code also limits the ability to assess the true functionality and security of the update. Furthermore, there are concerns about the compromise of user privacy and the potential for government interference. Ultimately, the decision to utilize the new feature lies with Ledger users, who must carefully consider the trade-offs between convenience and the fundamental principles of self-custody in the cryptocurrency space.

Also Read: Hong Kong launches digital currency pilot: 16 firms join the program.