Coins: 14,728
Exchanges: 1,126
Market Cap: $2.611T 1.9%
24h Vol: $126.133B
Gas: 9 GWEI
Go Ad-free
Coverage
TABLE OF CONTENTS

Understanding Ledger Recover: Concerns From Experts and The Community

4.9
| by
Hwee Yan
-

Why Are Users Concerned About Ledger Recover? 

Ledgers are secure physical hardware devices that store your private keys. Recently, Ledger released their new feature ‘Ledger Recover’, which allows users to retrieve their lost private keys. However, this feature has many users and critics concerned that it opens up a potential backdoor for exploits.


Key Takeaways

  • Ledgers are secure hardware devices that store the keys to your cryptocurrency assets. 

  • In May 2023, Ledger announced its new feature – Ledger Recover, a backup recovery service that allows users to recover their crypto account with their ID. 

  • While the service is on an opt-in basis, many users have criticized this new update as they are worried that this new update has made their data vulnerable.  


Ledger Recover

Before we take a more in-depth look at Ledger Recover and the community’s reaction, let’s start with understanding how Ledgers work.

How Ledgers Work

A Ledger is a physical hardware device that stores your private keys which access your cryptocurrency assets, also known as a cold wallet. When you make a transaction, your Ledger device signs with your private key. However, as your private key never leaves the Ledger, your keys remain secure.

Safety Features Of Ledger

Ledgers are equipped with multiple safety features to safeguard your data. When you make a transaction, you will need to input your unique PIN code that you created when you first set your Ledger up. If your PIN code is entered incorrectly 3 times, your Ledger will hard reset, preventing anyone other than you from accessing your wallet. 

Your Ledger also contains a Secure Element (SE) chip, which protects you against physical hacks. Also found in passports and credit cards, this SE chip protects you against common attacks like power glitches, laser attacks, and electromagnetic tampering.  

Your Ledger also utilizes a custom operating system – ensuring that your data does not leave your Ledger. It also isolates each application in your Ledger, so even if one of your applications has been compromised, the rest will remain secure. Ledger also uses a trusted display system that can’t be hacked via the internet. Additionally, Ledger’s team is also constantly working to update their software against any new malicious software.

What is Ledger Recover? 

On 16 May 2023, Ledger announced their new opt-in paid feature ‘Ledger Recover’ for their Nano X model. For $9.99 a month, this new feature will allow users who have lost their private seed phrase to recover their crypto account with their identity card. 

To create a backup of your private seed phrase, Ledger Nano X will duplicate, encrypt and fragment your private key into three different parts within the SE chip. The encrypted fragments will then be sent to three different custodians – Ledger, Coincover, and EscrowTech. In the case where you lose their private key, two of the three fragments will then be sent back to your Ledger to get your private key restored.

While some expressed their support for Ledger’s new feature, many expressed their skepticism and concerns about whether this new feature could compromise their Ledger device’s safety.

Potential Risks And Concerns 

News of Ledger’s new feature triggered both a wave of criticism and praise from critics and users. In this section, we will be discussing the response from both experts and the community.

Community Response

While some expressed their support for Ledger’s new feature, many flooded to Ledger’s Twitter page, expressing their skepticism about whether this feature would be safe. Many users criticized the Ledger’s new update as a negligent move, fearing that this new update could lead to a potential exploit in the future. 

They were also concerned of the possibility that malicious firmware could force the SE chip to generate a backup of the seed. Users also pointed out that Ledger’s previous promise to customers – whereby their private key never leaves the Ledger, would no longer hold true. 

Another area of concern voiced out by the community was whether Ledger Recover would be able to pull the seed phrase directly from the device without requiring users to type in their seed phrase. 

Experts’ Response

In a Youtube video, Andrea Antonopoulos, a Bitcoin advocate, and author, expressed his concerns about Ledger’s “capability to export/ exfiltrate your private key, which is embedded in the firmware of every Ledger device”. This means that even if a user does not opt-in for Ledger Recovery, the private key extraction function would still be embedded within their device, potentially rendering everyone’s Ledger vulnerable. 

Antonopoulos also shares his privacy and security concerns about the KYC procedure and jurisdiction. He points out that someone will have access to your identity card, which can be linked to your wallet. This might defeat the purpose of having a Ledger wallet anonymously. Antonopoulos also claims that as the three custodians of your encrypted fragments operate under legal frameworks, law enforcement agencies might be able to coerce them to gain access to your fragments. This may result in law enforcement being able to access and even freeze your funds should they deem it necessary. 

Solana co-founder, Anatoly Yakovenko also tweeted about Ledger Recover, claiming that this new feature does not have much effect on users as long as they trust Ledger to keep their private keys safe.

Ledgers' Commitment To Safety 

Ledger prides itself on its transparency and commitment to safety. Apart from Ledger’s marketing data breach in July 2020 due to a phishing scam, Ledger has never been compromised and there have been no recorded successful hacking attacks on their devices as well.

Response From Ledger Leaders

During a Twitter Space session, Ledger’s Chairman and CEO Pascal Gauthier emphasized that their recovery service is completely optional, and other users who do not choose to opt-in will not be affected. Gauthier also defended the service, claiming that days of writing your recovery phrase on paper are over and that “Ledger Recover is a thing of the future”.

Gauthier also released a blog post on Ledger’s website reassuring customers that “Ledger never compromises on Security” and that their security team “is committed to reviewing… the entire ecosystem” of Ledger. 

In a bid for increased transparency, Charles Guillemet, CTO at Ledger also released an ‘Open Source Roadmap’ on Twitter that will allow other developers and security experts to review the majority of Ledger’s code over time.

As of now, Ledger has temporarily postponed the launch of Ledger Recover.

So, Is There A Backdoor In Ledger?

Nicholas Bacca, the co-founder of Ledger, insists that there is no backdoor in Ledger devices and that “nothing will happen without the user’s consent”. As mentioned, the company has also emphasized that its recovery service is completely optional and those who do not opt-in will not be affected. 

That said, for users that are concerned about Ledger Recovery and its potential exploits, there is the option of moving to other hardware wallets, like Trezor. 

Conclusion 

In the cryptocurrency space, ensuring that your keys are safeguarded is paramount. While most in the space generally regard Ledger as safe to use, many experts and users have expressed their concerns regarding its safety. As with any updates or changes to systems, Ledger Recover will need to be further assessed for any potential exploits as there is still limited information available right now.

For now, as the Ledger Recover program seems to be on an opt-in basis and has been put on pause indefinitely, there is generally no cause for alarm for casual crypto investors. For seasoned investors who are dealing with large sums of money, some might choose to turn to other hardware wallets like Trezor or SafePal for an additional layer of security when the Ledger Recover program eventually rolls out. 

 

CoinGecko's Content Editorial Guidelines
CoinGecko’s content aims to demystify the crypto industry. While certain posts you see may be sponsored, we strive to uphold the highest standards of editorial quality and integrity, and do not publish any content that has not been vetted by our editors.
Learn more
Want to be the first to know about upcoming airdrops?
Subscribe to the CoinGecko Daily Newsletter!
Join 600,000+ crypto enthusiasts, traders, and degens in getting the latest crypto news, articles, videos, and reports by subscribing to our FREE newsletter.
Tell us how much you like this article!
Vote count: 24
Hwee Yan
Hwee Yan
Hwee Yan has been involved in the cryptocurrency space since 2021. Currently pursuing a degree in Linguistics and Multilingual studies at Nanyang Technological University, she is a writer who is mainly interested in NFTs, crypto trends and memecoins. Follow the author on Twitter @cryptohy8

More Articles

Select Currency
Suggested Currencies
USD
US Dollar
IDR
Indonesian Rupiah
TWD
New Taiwan Dollar
EUR
Euro
KRW
South Korean Won
JPY
Japanese Yen
RUB
Russian Ruble
CNY
Chinese Yuan
Fiat Currencies
AED
United Arab Emirates Dirham
ARS
Argentine Peso
AUD
Australian Dollar
BDT
Bangladeshi Taka
BHD
Bahraini Dinar
BMD
Bermudian Dollar
BRL
Brazil Real
CAD
Canadian Dollar
CHF
Swiss Franc
CLP
Chilean Peso
CZK
Czech Koruna
DKK
Danish Krone
GBP
British Pound Sterling
GEL
Georgian Lari
HKD
Hong Kong Dollar
HUF
Hungarian Forint
ILS
Israeli New Shekel
INR
Indian Rupee
KWD
Kuwaiti Dinar
LKR
Sri Lankan Rupee
MMK
Burmese Kyat
MXN
Mexican Peso
MYR
Malaysian Ringgit
NGN
Nigerian Naira
NOK
Norwegian Krone
NZD
New Zealand Dollar
PHP
Philippine Peso
PKR
Pakistani Rupee
PLN
Polish Zloty
SAR
Saudi Riyal
SEK
Swedish Krona
SGD
Singapore Dollar
THB
Thai Baht
TRY
Turkish Lira
UAH
Ukrainian hryvnia
VEF
Venezuelan bolívar fuerte
VND
Vietnamese đồng
ZAR
South African Rand
XDR
IMF Special Drawing Rights
Cryptocurrencies
BTC
Bitcoin
ETH
Ether
LTC
Litecoin
BCH
Bitcoin Cash
BNB
Binance Coin
EOS
EOS
XRP
XRP
XLM
Lumens
LINK
Chainlink
DOT
Polkadot
YFI
Yearn.finance
Bitcoin Units
BITS
Bits
SATS
Satoshi
Commodities
XAG
Silver - Troy Ounce
XAU
Gold - Troy Ounce
Select Language
Popular Languages
EN
English
RU
Русский
DE
Deutsch
PL
język polski
ES
Español
VI
Tiếng việt
FR
Français
PT
Português
All Languages
AR
العربية
BG
български
CS
čeština
DA
dansk
EL
Ελληνικά
FI
suomen kieli
HE
עִבְרִית
HI
हिंदी
HR
hrvatski
HU
Magyar nyelv
ID
Bahasa Indonesia
IT
Italiano
JA
日本語
KO
한국어
LT
lietuvių kalba
NL
Nederlands
NO
norsk
RO
Limba română
SK
slovenský jazyk
SL
slovenski jezik
SV
Svenska
TH
ภาษาไทย
TR
Türkçe
UK
украї́нська мо́ва
ZH
简体中文
ZH-TW
繁體中文
Login to track your favorite coin easily 🚀
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Forgot your password?
Didn't receive confirmation instructions?
Resend confirmation instructions
IT'S FREE! Track your favorite coin easily with CoinGecko 🚀
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Password must contain at least 8 characters including 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character
Didn't receive confirmation instructions?
Resend confirmation instructions
Forgot your password?
You will receive an email with instructions on how to reset your password in a few minutes.
Resend confirmation instructions
You will receive an email with instructions for how to confirm your email address in a few minutes.
Get the CoinGecko app.
Scan this QR code to download the app now App QR Code Or check it out in the app stores
coingecko
Continue in app
Track prices in real-time
Open App