I’ll admit I was a bit confused when I heard the news. Ledger announced a new service that protects your seed words by uploading them to 3 different companies to secure them. That’s an opt-out on the new firmware update.
But that means your cold wallet is no longer cold, it’s a hot wallet. So they offered a service to the casual user, which I understand, by fucking up every hardcore user who trusted their security.
As we all know, not your keys, not your coins. If anyone, and I do mean ANYONE, has access to your keys, then they have access to your coins. You should consider these sats as soon to be lost and should move them to another wallet.
I know a computer security guy personally who trusts Ledger and considers Nicolas Bacca @BTChip to be one of the top in their field.
As for the drama online, the reaction from a lot of plebs was extreme. Some drama queens even recorded themselves throwing their ledgers in the trash.
Ledger hiding some angry comments and reactions didn’t help all that much.
But they did hold a twitter space to address everyone’s concerns.
Here are some major ones:
“We are security and self-custody maxis. These are things we won’t make compromise on.” –
“Ledger Recover allows people to back up their seed phrase. If you aren’t concerned with your seed phrase security, then this won’t be for you. It’s 100% optional.” –
“Technically, as soon as you opt in for the service, you’ll be asked if you are happy to opt-in for Ledger Recover. If you are – then you sign a transaction on your Ledger to shard your private keys into 3 shards, then it’s encrypted in the device, then a secure channel is created within the device for the 3rd party providers which allows the encrypted shards, which are encrypted again and then stored with the providers.” –
“When you need to recover your seed, you will go through a ID Verification process (which is very comprehensive) to confirm your identity. After you are verified, the providers will send the encrypted shards to your Ledger Nano device directly. The device decrypts the shards in your device and you’re set.” –
“Here, the point which is important to remember is that you stay in control…there’s no backdoor, nothing will happen without your consent on the device…in the future, the whole protocol will be open, so you’ll be able to verify how the whole protocol works.” –
“There are three parties (in 3 different jurisdictions) storing the shards – one is
@Coincoverglobal, which already works with several B2B offerings, that keeps one shard of and provides the $50k insurance plan; the other escrowtech, which backs up the 3rd shard. And there are two ID verification providers.” –
“If you understand self-custody very well and can fully self-sovereign, you don’t need Ledger Recover; if you are someone like my mother, then this product will be for you. At the end, you choose.” –
“Ledger Recover is what our future 100m of customers want – they will onboard into crypto in a secure way with Ledger Recover.” –
Q: Is my seed phrase safe – is there a backdoor? A: There are no backdoors in any Ledger. Your seed is secured in the Secure Element chip and on your paper. If you opt in for Ledger Recover, there’s an additional back up in the form of 3 encrypted shards stored with 3 different parties.
“In another word, every time you access your private key, the Ledger device requires your consent. Ledger Recover is simply another application that is built on the Secure Element chip that is never compromised, just like when you need to sign a transaction with a Ledger.” –
“The Secure Element is a small computer that operates cryptographic features exclusively, including generating and securing the private key. What we did was to include a new feature in the Operating System, which encrypts and shards the private key which enables Ledger Recover.” –
“We keep only what is legally required, nothing more. We don’t want to take up the responsibility of being a custodian. Our opinion of KYC is that Ledger doesn’t do it. We provide you access to services that might require KYC. It’s completely up to you.” –
“If you are not comfortable with ID Verification – then you can either choose a different service or you can build your own recover services.” –
So it seems there’s a sharding into three, it’s optional, the secure chip remains secure, there are no backdoors, and it’s meant to help out the casual user who is used to computer support being able to help them recover their password. The advanced user can simply choose not to use it.
Even Adam Back pitched in:
Only if you opt-in to the KYC based backup service. If you do nothing it is the same as before
Adam Back
Honestly, I’m not sure. On one hand I do agree that the casual user is terrible at keeping their password, let alone their seed phrase secure and it will indeed help onboard the next 10 million users. On the other hand it’s one of the biggest companies in the space and they’re setting a precedent of horrible key management.
I do trust that there are no backdoors, to be honest.
But the only way to be absolutely certain is to get a Trezor or a BitBox02 with open source software.
What do you think?
Find more hardware wallet options on our guide. We suggest Trezor, BitBox02 and Blockstream Jade. https://loveisbitcoin.com/wallets
Did you enjoy this story? Then send some sats to the author!
100% of your tips go directly to the author. Need a wallet? Find one here.