16 May 2023 [wallets]

Ledger facing possible boycott over controversial 'Ledger Recover' firmware update

Ledger1, the popular hardware wallet manufacturer, has come under fire23 for Ledger Recover4, a new ID-based key recovery service that backs up and links Secret Recovery Phrases to user identities, and which will be included in the next firmware update (version 2.2.1) on Nano X5 devices:

The device sends encrypted shards of your seed to different companies if you decide to use the service. You can of course still choose to backup it yourself.6

Ledger Recover will initially be available to users in UK, EU, US, and Canada for the price of $9.99/month, and the encrypted shards will apparently7 be distributed to three custodians: Ledger, EscrowTech, and Coincover8.

Despite being introduced as an optional feature, most users don’t want a hardware wallet that is capable of sending the private key from the device over the internet:

Even if Ledger were to release a patch to “address the issue”, they can’t fix this issue because they have just admitted the hardware device is capable of sending the private key. (ColinTCrypto)9

Ledger Recover was a huge project. For many people, it might be a good solution. However, the community invested in ledgers based on the firmware having no backdoor of any kind. (ryanberckmans)10

I absolutely cannot believe that Ledger thought this was a good idea, as it breaks all of the previous reasoning for using their hardware wallet (cold storage) and introduces KYC directly into the mix for any who opt into this. (sethforprivacy)11

Monero users can opt out by supporting open source hardware wallet projects, such as MoneroSigner12, Monerujo SideKick13, and Foundation/Passport2-Monero14.

To learn more about this update, consult the Ledger Recover FAQs15.

This is an ongoing story and the report will be updated when new information is available.

  1. https://ledger.com/ 

  2. https://r.nf/r/CryptoCurrency/comments/13ixi6b/psa_ledger_is_officially_a_hot_wallet_it_can/ 

  3. https://nitter.net/ledger/status/1658458714771169282 

  4. https://www.ledger.com/recover 

  5. https://shop.ledger.com/pages/ledger-nano-x 

  6. https://r.nf/r/ledgerwallet/comments/13itm7u/is_there_a_backdoor_yes_or_no/jkbyyfp 

  7. https://www.wired.co.uk/article/ftx-crypto-investors-hardware-wallets 

  8. https://www.coincover.com/ 

  9. https://nitter.net/ColinTCrypto/status/1658539290245095425 

  10. https://nitter.net/ryanberckmans/status/1658477663001145347 

  11. https://nitter.net/sethforprivacy/status/1658544698737188868 

  12. /hackerindustrial-submits-monerosigner-ccs-proposal/, https://github.com/Monero-HackerIndustrial/MoneroSigner 

  13. https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/247 

  14. /foundation-devices-engineer-proposes-bounties-passport-hardware-wallet-monero/ 

  15. https://support.ledger.com/hc/en-us/articles/9579368109597