Ledger facing possible boycott over controversial 'Ledger Recover' firmware update

Ledger¹, the popular hardware wallet manufacturer, has come under fire²’³ for Ledger Recover⁴, a new ID-based key recovery service that backs up and links Secret Recovery Phrases to user identities, and which will be included in the next firmware update (version 2.2.1) on Nano X⁵ devices:

The device sends encrypted shards of your seed to different companies if you decide to use the service. You can of course still choose to backup it yourself.⁶

Ledger Recover will initially be available to users in UK, EU, US, and Canada for the price of $9.99/month, and the encrypted shards will apparently⁷ be distributed to three custodians: Ledger, EscrowTech, and Coincover⁸.

Despite being introduced as an optional feature, most users don’t want a hardware wallet that is capable of sending the private key from the device over the internet:

Even if Ledger were to release a patch to “address the issue”, they can’t fix this issue because they have just admitted the hardware device is capable of sending the private key. (ColinTCrypto)⁹

Ledger Recover was a huge project. For many people, it might be a good solution. However, the community invested in ledgers based on the firmware having no backdoor of any kind. (ryanberckmans)¹⁰

I absolutely cannot believe that Ledger thought this was a good idea, as it breaks all of the previous reasoning for using their hardware wallet (cold storage) and introduces KYC directly into the mix for any who opt into this. (sethforprivacy)¹¹

Monero users can opt out by supporting open source hardware wallet projects, such as MoneroSigner¹², Monerujo SideKick¹³, and Foundation/Passport2-Monero¹⁴.

To learn more about this update, consult the Ledger Recover FAQs¹⁵.

This is an ongoing story and the report will be updated when new information is available.