Ledger defends crypto wallet recovery tool against hostile reaction from security experts

Some crypto investors reacted with dismay on social media after Ledger introduced a recovery tool for its hardware crypto wallets that's designed to provide a backup if the seed phrase is lost.

The feature, called Ledger Recover, allows users that opt in and subscribe to use it as a backup for their private keys. The service splits the user’s seed phrase into three encrypted shards and sends them to third-party companies. This information, when combined and decrypted, can be used to reconstruct the seed phrase. Yet the proposal has sparked a backlash among security experts and many Ledger owners. 

“It's a horrendous idea, DON'T enable this feature,” said Polygon Labs Chief Information Security Officer Mudit Gupta on Twitter. “The problem here is not splitting the key in 3 parts. That's actually good! I may or may not be doing that personally as well :) The problem here is that the encrypted [key] parts are sent to 3 corporations and they can reconstruct your keys.”

Other high-profile members of Crypto Twitter piled on. 

"WTF are you guys doing? This is going in the wrong direction fast," a pseudonymous crypto investor known as DC Investor opined to their 229,000 Twitter followers. "I would recommend no one upgrade to such firmware."

On Reddit, Ledger owners demanded clarity over how this process works and whether the information is sent directly from the wallet or if users would need to type their seed phrase externally into the device. 

Nicolas Bacca, co-founder and VP of Innovation Lab at Ledger, replied on Reddit that, “The device sends encrypted shards of your seed to different companies if you decide to use the service. You can of course still choose to backup it yourself.”

“This doesn't change the security assumptions compared to a firmware update,” he added.

Could Ledger update be exploited?

Bacca's post didn’t erase all the concerns, however. Multiple Redditors replied that this feature simply existing was a concern to them and disputed the notion that it doesn’t change the security assumptions. 

“It does because now basically the firmware has the functionality of sharing the seed phrase with the computer, so it's just a matter of time before a bad actor exploits it,” said one Redditor known as Veloder.

On Twitter, 1inch co-founder Anton Bukov noted the Ledger co-founder's comments and similarly claimed that it was breaking the hardware wallet's main security assumption that there's no way to expose the seed phrase.

In emailed response to The Block, Ledger said that the decryption of the three shards can only happen on the Ledger device, after the user has proved their identity. "These companies never have access to your seed phrase, it's not stored "in the cloud," and the backups are only encrypted, fragmented, and decrypted directly on your Ledger if you subscribe — so if you're a Ledger user who wants to use your Ledger as you always have, you can still do that without concern. Nothing changes for you."

Ledger is one of the biggest providers of hardware wallets to crypto investors. The Paris-based company received a huge sales boost after last year's bankruptcy of exchange giant FTX left hundreds of thousands of clients with assets frozen in their accounts. 

The Ledger Recovery service will cost $9.99 a month, according to Wired, and it will rely on three custodians: Ledger, Coincover and EscrowTech. It will initially be available in the U.S., UK, European Union and Canada and will later be rolled out to more countries.