Recover - Ledger's Latest L

Trust me bro.

Ledger’s new firmware update has the crypto crowd in crisis.

The option to enable an identity-based Ledger Recovery service (priced at $10/mo) has many asking questions about the capabilities of the devices, which run on closed-source code.

The manufacturers of crypto’s premier hardware wallet have assured users that the backups required for restoring a device are not generated unless a user opts in…

…but Ledger doesn’t have the best track record with sensitive user data.

Almost three years ago, the names, addresses and phone numbers of a quarter of a million users were stolen, despite Ledger initially believing that less than 10k users had been affected.

Six months later, they were published online.

At the time, we wrote:

The best case scenario is that Ledger has provided a target list for SIM swappers and phishing campaigns.

Identity theft is trivial compared to bruteforcing a private key.

How long until the first Ledger wallet is ‘recovered’ by a sim-swapper?

And what happens when the government or law enforcement demands access to an address?

Ledger’s latest firmware update allows users to opt into an ID-based key recovery service.

The subscription-based Ledger Recovery service functions similarly to Shamir’s Secret Sharing, backing-up and splitting the seed phrase into three encrypted fragments. Each of these is sent to a separate “backup service provider”, and can be used to restore the seed upon passing an identification check.

While it should be noted that the seed is not backed up unless a user opts into this service, the mere fact that it’s possible has caused uproar.

And with no open-source code to check, Ledger’s word is all we have…

Part of any hardware wallet’s appeal is the understanding that the private keys never leave the device. In November 2022 Ledger responded to a user's concern about potential private key leaks following firmware updates as follows:

Hi - your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element.

It seems that Ledger devices, including the Secret Enclave, have been upgradable all along.

While it may be the case that trust assumptions remain the same as ever, the idea that the devices were manufactured with the capability to send fragments of seed phrases on to third parties seems worrying enough.

But considering Ledger’s history, will users continue to trust them?

Hardware wallets make it all but impossible for criminals to touch a user’s funds without gaining physical access.

Phishing attacks may still be viable, something Ledger helped with three years ago…

For those more worried that the authorities (rather than crooks) are coming for their coins, the possibility that a potential backdoor exists is anathema.

However, as Mudit Gupta points out, ID-based account recovery is also worryingly insecure in itself. Identity theft for the purposes of sim-swapping is commonplace, especially in this industry.

Recovering a lost seed phrase, or access to funds on a lost device both sound like normie-friendly features, appealing to those who find themselves put off by the paranoia of many crypto OGs.

For all the noise made by the idealogues, many casual crypto users may prefer this functionality to the responsibility of undiluted self-custody.

And with $10/mo price tag, Ledger is certainly banking on it.

At least it’s not on a CEX, right?


share this article

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C


REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.