Ledger Recover: UX Upgrade or Potential Risk
That’s what happened yesterday:
It all kicked off when Ledger announced its most controversial feature yet: Ledger Recover.
This functionality is promoted as a way to recover your private key/seed phrase without compromising safety. One of crypto’s UX problems has always been that if you don’t remember your seed phrase and lose your device, your funds are gone forever.
Because blockchains give you the freedom to custody your own assets, they also give you the responsibility to handle your own safety: There’s no password reset, security question or customer support.
Ledger Recover wants to be that password reset system without lowering security. It’s an opt-in system that's integrated into your Ledger Nano, which offers a method to recover your private key with your passport or ID.
Here’s how it works:
- You verify your identity to initiate the Recover process
- The Ledger device duplicates and encrypts your secret recovery phrase.
- The encrypted duplicate is fragmented into three parts.
- Each fragment is stored by Ledger, Coincover and a third party.
- To restore your seed phrase (and access your funds), two of the parties need to collude to decrypt.
- When you lose your seed phrase, you can verify your identity again and will receive your recovery phrase.
Many in web3 got suspicious: Sure, your seed phrase is encrypted… but shouldn’t you never share your seed phrase?
Crypto enthusiasts started calling the program a backdoor and accused Ledger of violating their principles, especially after Ledger said seed phrases could never leave the device:
Until recently, we had an assumption about hardware wallets: Store your coins on a Ledger and your seed phrase will always stay on the device.
Now, some people are questioning those assumptions:
- Could a malicious software update extract a seed phrase?
- Do I need to ditch my Ledger?
But on social media, the loudest voices and most extreme opinions always get the most attention. But is Ledger Recover actually a risk?
First, it’s an opt-in program. You don’t have to use Ledger Recover. Keep it turned off and your hardware wallet works the same as always. You’re not exposed to any risk and your seed phrase stays where it’s always been.
What is different is that we now know that a Ledger can encrypt seed phrases and send them elsewhere. It’d be exceptionally difficult to exploit this, but bad actors have always been inventive.
That being said, Ledger probably has good intentions here: To onboard new users, we need to make web3 safer and easier. And something like Ledger Recover certainly gives users a sense of safety, even when they lose their Ledger device.
That’s why some web3 users are starting to look elsewhere to simplify recovering their keys. One idea is a smart contract multi-signature wallet.