HomeCryptocurrencyLedger Wallet co-founder addresses security flaw

Ledger Wallet co-founder addresses security flaw

Cold wallet security company Ledger Wallet is facing a backlash following a massive flaw in its new ID-based key recovery service.

Its just-launched Ledger Recover is for users who have lost their Secret Recovery Phrase or when they can’t access it.

But questions have been raised over its seemingly counterproductive purpose.

Recover appears to break the rule of never typing seed on a connected device.

According to one Reddit user: “The entire point of decentralized crypto is to “be your own bank” and cold wallets are the means to do this. Your “recovery” turns a cold wallet into a centralized bank…it even requires documents (passport)! It it time for Ledger to admit this was a major mistake, and go back to the original mission of cold wallets, which is to protect the seed, which is the opposite of sharing it.”

Source: old.reddit.com/r/ledgerwallet

In response to the angry Redditors, the Ledger Wallet co-founder has recently replied: “There’s no backdoor and I obviously can’t prove it (because it’s not possible to prove a negative) – let’s just say that you’re already using the device agreeing with the fact that Ledger cannot update the firmware without your consent – it’s the same mechanism for Recover, which is locked behind ownership of your device, knowledge of your pin, and finally your consent on device.

“There’ll be more information published shortly describing how the service works – the tldr is that no single company knows your seed if you decide to use it. If you don’t want to use it there’s no consequence whatsoever in your previous experience of the device.”

Ledger Wallet tweets

In the past hour, the official Ledger Wallet Twitter account has posted a video going into further detail about the product.

“Ledger Recover is an optional subscription for users who want a backup of their Secret Recovery Phrase. You don’t have to use it, and can continue managing your recovery phrase yourself if that’s why you bought a Ledger,” it stated.

But many people remain unconvinced.

Another Twitter user pointed out: “Pls don’t roll out this firmware update for existing devices. We bought our devices under the assumption that it would be impossible for our keys to be shared. Nobody wants to be exposed to a new potential attack vector. Pls make it a completely separate product line.”

Scarlett D
Scarlett D
Scarlett is a passionate NFT and Web3 reporter for CoinNews, where she covers the latest trends and news in the ever-evolving world of non-fungible tokens. With a knack for uncovering hidden gems and an infectious enthusiasm for all things NFT, Scarlett has quickly become a go-to source for crypto collectors and Web3 aficionados alike. Before joining the CoinNews team, Scarlett earned her stripes as a freelance writer, covering topics ranging from blockchain technology to digital art and virtual reality. Her diverse background and keen eye for detail have equipped her with a unique perspective, allowing her to deliver fresh and engaging content that resonates with the rapidly growing NFT community.

Most Read News