Cold wallet security company Ledger Wallet is facing a backlash following a massive flaw in its new ID-based key recovery service.
Its just-launched Ledger Recover is for users who have lost their Secret Recovery Phrase or when they can’t access it.
But questions have been raised over its seemingly counterproductive purpose.
Recover appears to break the rule of never typing seed on a connected device.
According to one Reddit user: “The entire point of decentralized crypto is to “be your own bank” and cold wallets are the means to do this. Your “recovery” turns a cold wallet into a centralized bank…it even requires documents (passport)! It it time for Ledger to admit this was a major mistake, and go back to the original mission of cold wallets, which is to protect the seed, which is the opposite of sharing it.”
In response to the angry Redditors, the Ledger Wallet co-founder has recently replied: “There’s no backdoor and I obviously can’t prove it (because it’s not possible to prove a negative) – let’s just say that you’re already using the device agreeing with the fact that Ledger cannot update the firmware without your consent – it’s the same mechanism for Recover, which is locked behind ownership of your device, knowledge of your pin, and finally your consent on device.
“There’ll be more information published shortly describing how the service works – the tldr is that no single company knows your seed if you decide to use it. If you don’t want to use it there’s no consequence whatsoever in your previous experience of the device.”
Ledger Wallet tweets
In the past hour, the official Ledger Wallet Twitter account has posted a video going into further detail about the product.
“Ledger Recover is an optional subscription for users who want a backup of their Secret Recovery Phrase. You don’t have to use it, and can continue managing your recovery phrase yourself if that’s why you bought a Ledger,” it stated.
But many people remain unconvinced.
Another Twitter user pointed out: “Pls don’t roll out this firmware update for existing devices. We bought our devices under the assumption that it would be impossible for our keys to be shared. Nobody wants to be exposed to a new potential attack vector. Pls make it a completely separate product line.”