Cryptocurrency enthusiasts have long relied on hardware wallets to secure their digital assets and to complement hot wallets like XMRWallet. A hardware wallet is a device where users can store the private keys of their crypto. The most popular provider, Ledger, is in hot water in the third week of May 2023 after launching a new feature in their latest firmware update called Ledger Recover.
Ledger Recover is a subscription service that requires users to provide KYC credentials if they want to opt-in. Their seed phrases used to access Ledger will be “sharded” into three pieces and stored with Ledger, Coincover, and EscrowTech. These three companies will initiate identification confirmation when a client loses their seed phrase and needs to use the recovery tool. The company’s goal was to offer an added layer of convenience and security for users. A huge amount of crypto is lost due to lost or forgotten passwords and seed phrases. The service acts as an additional backup option in case the user's original seed phrase is lost or compromised.
The cryptocurrency community is in an uproar with Ledger’s firmware release 2.2.1. Many believe the update and Ledger Recover go against the company’s main selling point of assuring their clients their seed phrases will never leave the device. Entrusting a seed phrase to three third-party custodians added fuel to the fire. Most crypto users believe in self-custody and believe it is the safest way to secure their digital funds. Sharing the seed phrase with multiple custodians could increase the risk of unauthorized access to the funds. Providing IDs to access the service is also alarming to users. Ledger was a victim of a cyberattack in July 2020, which led to the leakage of customers’ contact information. KYC also goes against the principles of those who prefer to stay anonymous in their crypto transactions.
Ledger stirred enthusiasts’ anger further when they released this now-deleted tweet, “Technically speaking it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.” A supposed customer support agent also tweeted, “technically speaking it is and always has been possible to write firmware that facilitates key extraction.” These statements failed to assure customers and sparked greater panic. Many crypto users claim Ledger has a back door that will expose users’ funds to bad actors, especially when there are third-party custodians involved in restoring seed phrases.
Ledger has since removed firmware release 2.2.1 from Ledger Live, but customers are at a loss on what to do next. These are what some users are doing:
1. Switch to another hardware wallet.
There are many other hardware wallets available. Do your research and choose one that will align with your security and privacy preferences. Open-source hardware wallets are a popular choice because they offer transparency and security.
2. Create a paper wallet.
A paper wallet is a document where your public and private keys are. The major drawback is you can lose or destroy the paper. Be sure you have several copies and keep them in different secure locations.
3. Use air-gapped wallets.
These are crypto wallets that are not connected to the internet and other wireless connections. The data you need to complete transactions are transferred via USB flash drives, SD cards, or QR codes.
Ledger's latest firmware update and the introduction of Ledger Recover have sparked intense debates within the cryptocurrency community. While the service aims to provide added convenience and security, it has raised significant concerns about compromising user privacy, self-custody, and the potential for unauthorized access. As users reassess their options, exploring alternative hardware wallets, utilizing paper wallets, or adopting air-gapped wallets may offer viable alternatives for managing their digital assets securely. The incident serves as a reminder of the importance of thoroughly evaluating the features and implications of any cryptocurrency wallet before entrusting it with one's funds.
It is crucial to remain vigilant, stay informed about the latest security practices, and adapt accordingly. The incident is a stark reminder that maintaining control over one's private keys and prioritizing personal security is paramount in the realm of digital assets.
The Ledger controversy has reinforced the importance of user autonomy and self-custody in cryptocurrency. By staying informed, exploring alternative options, and implementing appropriate security measures, individuals can continue to engage with cryptocurrencies while maintaining control and peace of mind over their funds.