Ledger's New Wallet Recovery Service - is it a security concern?

Ledger's New Wallet Recovery Service - is it a security concern?

"Sure, you *could* use Ledger's new 'Recover' service and give them your private keys controlling your assets as well as a copy of your ID and other personal information... but why then bother with a hardware wallet in the first place?"

Above is the now viral Tweet sent by Bitcoin investor and entrepreneur Alistair Milne in response to Ledger's new subscription-based wallet recovery service.

This week, Ledger has given a new update that includes the controversial wallet recovery service. It is an ID-based recovery service that backs up users’ seed phrases and helps them recover their wallet account if the seed phrase is lost. To use the service, users must provide a passport or national identity card to confirm their identity.

The seed phrase will be split into three encrypted fragments and will be entrusted to three custodians: Ledger, Coincover, and a third provider. The service costs $9.99 a month and is an opt-in service.

Security Concerns

While nothing is clear yet as of now, the crypto community and Ledger users are worried about the potential risks that could come from this new service, and having to rely on the security of these companies holding on to parts of their seed phase.

Crypto Twitter as well as several experts on Twitter have responded badly to this news. They claim that splitting the encrypted key and entrusting them to third parties could open all sorts of new vulnerabilities. Especially it undermines the entire purpose of using a hardware wallet for enhanced privacy in the first place.

Moreover, the fact that this service requires a government-issued ID to register is unimaginable to many experts that claim that it violates the core belief of crypto which is privacy and self-custody. 

CEO of Binance "@cz_binance" has tweeted: "So the seed can leave the device now? Sounds like a different direction than "your keys never leave the device"."

Some critics have linked to Ledger's security record in 2020 where it suffered a data breach that exposed emails of almost 10,000 customers. The attack did not affect the security of any Ledger wallets but it leaves a bad impression on the users, especially when their private information was given away. With this in mind, the new recovery service seems to open more ways for hackers to steal private keys.

Regarding this, Chainlink community ambassador "ChainLinkGod.eth" has tweeted: “Ledger, the company that has experienced multiple security breaches that exposed the personal information of hundreds of thousands of its customers, now wants you to export your private keys from your hardware wallet and give fragments to them, Coincover, and an unnamed third party, where any two can siphon funds,” “To facilitate recovery, they need you to dox yourself and give even more of your personal information, allowing anyone with your identity documents (e.g. from other data breaches) to take your funds. This seems … poorly thought out.”

Why Do We Use Hardware Wallets and Cold Wallets

Hardware wallets and cold wallets are safety sanctuaries for cryptocurrency. It provides the best privacy and the most secure place to secure your assets. You are your self-custodial, without needing the rely on anybody else. It is true to the most classic saying of all "Not your keys, not your coins."

There are many types of investors in the crypto space and their security needs are different. Traders use exchanges to store their assets in order to trade quickly, but they need a secure place to store the majority of their assets. Exchanges are infamous for not being secure and lacking privacy so hardware wallets are the best solution.

Long-term investors do not use exchanges much. They prefer to keep their assets somewhere safe for a long time. Hardware wallets provide the most durable and secure solution for them. It is especially useful if they wish to keep in private the amount of crypto they are investing in because no KYC is ever needed.

At ELLIPAL, we believe in the true essence of a cryptocurrency wallet. It must be easy to use, simple, durable, and most importantly, secure. ELLIPAL makes use of its air-gapped design to make sure that your private keys and seeds are fully protected from any kind of online hacks. ELLIPAL's anti-tamper mechanism also protects you effectively from offline hacks.

We never store any of your information nor do we have access to your recovery keys. The ELLIPAL wallet is a fully offline device and what is generated on the device can only be seen and kept by you. We give users all the power to be able to be in charge of their security and rest without worries when their crypto is within the ELLIPAL Wallet.

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.