Hardware wallet maker Ledger has been synonymous with cold storing your funds for many years now. They’ve had a solid track record distributing millions of devices worldwide, and if you’ve been in Bitcoin long enough, it might have been your first wallet or is part of your collection, used as a single signature device or in a multi-sig setup.
Ledger, like any business in this space, is not without its blemishes; many have already criticised it for its support of “digital assets” instead of focusing on improved security.
An issue that was highlighted when a data leak from a third-party service Ledger uses exposed customer data.
What’s a data leak between friends, right?
Apart from a few people getting fake Ledgers sent to their homes in a bit to swindle them out of their Bitcoin, that data leak was swept under the rug, and Ledger kept its nose clean until now.
Now, however, Ledger is facing considerable backlash for its recent introduction of a tool that enables users to back up their seed phrases through the transmission of three encrypted key fragments to third-party firms as an optional extra to safeguard your keys should you lose the device.
The news of this service has not been met with open arms, to say the least. Certain customers have begun to boycott Ledger, and we’ve seen several videos of users tossing or destroying the signing device, which makes for good engagement tweets for those users, but really bad PR for poor old Ledger.
But what is all the drama about, and if you are a Ledger user, are you in danger?
What is a Bitcoin hardware wallet?
A Bitcoin hardware wallet or signing device is a physical device that generates a private key for you and then stores a copy of that Bitcoin private key on the device. As a user, you still have a physical copy of the mnemonic phrase on paper or steel plate, but the device holds a set so that it can sign transactions or create public keys to receive Bitcoin.
The intent of a hardware wallet is to give you a method of keeping your private keys offline, which makes them much more secure than storing your Bitcoin on an exchange or in a software wallet where keys could be accessed by logging into your device or having a compromised version of the wallet software.
How does a Bitcoin hardware wallet store your keys?
When you create a Bitcoin hardware wallet, you will be given a 24-word recovery phrase. This recovery phrase is a list of words that can be used to restore your Bitcoin wallet if you lose your hardware wallet or if it is damaged.
The recovery phrase is stored on the hardware wallet itself, and it is never stored on your computer or in any online database. When you want to send Bitcoin from your hardware wallet, you will need to connect it to your computer.
The hardware wallet will then display a confirmation screen that shows the details of the transaction. You will need to approve the transaction on the hardware wallet by signing with those keys before it can be sent.
What is a secure element?
A secure element is a chip that is designed to store sensitive data by providing a physical layer between access to where the keys are stored. Some hardware wallets have this secure element others do not. The secure element is designed tamper-resistant, which means that it is very difficult to hack remotely or physically.
This is the premise under which many Ledger users purchased the device; Ledger users were under the assumption that their private key could never be accessed on the device, especially remotely.
If it were accessible, it would mean that a poor build of the firmware in combination with malicious software and tether to an internet-connected device like your laptop or computer could provide a path to access your keys. This has always been an assumption since Ledger uses closed-source software for its devices.
But it is no longer an assumption, as we now know that your keys can and always have been accessible.
What is Ledger Recover Service?
Ledger Recover Service is a subscription service aimed at generating regular income for the company as everything has to become a SAAS business to survive or attract investment these days.
Ledger’s Recover service offers a failsafe to help people who have lost their hardware wallets or who have forgotten their recovery phrases by tying your private key to your government ID and holding that information with 3rd party custodians.
How to set up:
- STEP 1: Create your Ledger Recover login using your email and a password.
- STEP 2: Add your payment details.
- STEP 3: Onfido, the ID verification provider, will guide you in verifying your identity.
- STEP 4: Connect your Ledger Nano X. It will generate and secure the backup for your Secret Recovery Phrase.
Once set up, your seed phrase is recovered from the device, split into three encrypted shards and sent to three different custodians to manage. If you lose your wallet or seed phrase, you can access your account with your ID and your current Ledger Nano X or a new one.
Why has Ledger Recover alienated its client base?
Ledger Recover Service has alienated its client base for a number of reasons. First, Ledger has been accused of not being transparent about how their devices work, the fact that Nano X users need not add any updated firmware to access this service was seen as a red flag. 🚩Many noted that if this could be done so easily, then Ledger always knew there was a path to accessing seed phrases.
Second, the idea of having to KYC to use this service rubbed users the wrong way; having a list of people with Bitcoin is always a risk. If the list gets leaked (which has happened before, as mentioned above), it could put Ledger users at risk. It also makes a convenient list for governments looking for a user base to target and defeats the purpose for anyone who wants to keep their balance private or has used forward privacy like CoinJoin in the past.
Lastly, some see Ledger Recover as a poor substitute for multi-sig and makes trade-offs that are far riskier than the problem you’re trying to solve.
Why did Ledger launch this Recovery Service?
In the world of Bitcoin and cryptocurrency, there is a perceived golden standard that companies are hoping to reach through brute force alone; I call it the Grandma-edification of the technology. The goal is to make Bitcoin idiot-proof, simple, with fallbacks so no one finds it too complex to use or ends up losing their money. This move gives me the impression that Ledger feels they’ve exhausted their penetration of the current user base and are clearly looking to expand to a wider audience that might not be fully ready for Bitcoin custody.
It’s a noble pursuit, and maybe we will get there with education, time and ALOT of people who lose their Bitcoin.
Ledger Recover is aimed at trying to mainstream the use of the Ledger; if users who are on exchanges right now could swap it out for Ledger, take custody for the sake of KYC, which they already do with an exchange, so they might be willing to transition.
Ledger Recover could also be used by small and medium sizes businesses as a way to store your funds, where there is no need for complete privacy, and several custodians would have been involved in the management and custody of funds regardless.
What are the pros of the recovery service?
While there is a lot of hate for the service, there is a market for it; regardless of what people think, there are ALOT of people in this world willing to give up their privacy and pay a subscription fee to have this custodial insurance.
There are a few pros to using a recovery service for these users.
- First, a recovery service can help you to restore your Bitcoin wallet if you have lost your hardware wallet or if you have forgotten your recovery phrase.
- Second, a recovery service can be used to restore wallets that have been damaged or compromised.
- Third, Ledger Recover can make inheritance easier since it’s tied to an ID; providing a death certificate to Ledger and these companies makes it easier for families to access those funds should they not be technically inclined.
- Fourth, Ledger Recover provides insurance on deposits based on a fiat amount, which might be attractive to users who travel or are nomads and have their wallets with them while travelling.
What are the cons of a recovery service?
Now that we know who this product is catered towards and why they would be interested let’s look at some of the cons.
- First, recovery services require a monthly fee; while not a lot of money, it could be used to purchase Bitcoin instead.
- Service puts you into a KYC honey pot list of Bitcoin holders.
- Service exposes your keys to several custodians, which could be compromised or pressured to reveal the information.
- The service means you’re always at the mercy of Ledgers software to remain secure.
- The service discourages personal responsibility and safety best practices by individuals.
- The service could easily be replaced by upgrading to a multi-sig which you could manage with a custodial partner or by yourself.
- The service could be replaced by BIP85, also known as Child Seeds.
Should I bin my Ledger wallet?
Now you’ve come to the end of my rant, and you’re hoping I was going to tell you what to do? Nope, this is not security or financial advice. The decision is always up to you; if you’re sitting with a Nano X, you might feel like you’ve been had, while the Nano S users are sitting in Limbo wondering if their wallets are also open to this form of access.
Your Ledger wallet is still the same wallet it was prior to you uncovering this news; it will still work regardless of what Ledger has done. You can still create addresses and sign transactions. But how you do that might change; instead of using Ledger Live, you might want to switch over to an open-source wallet like Sparrow or Spector Desktop, along with the use of your own node.
Keeping the device but not using Ledger servers or nodes is still a viable option.
Note: if you’re a Bitcoin-only user, this transition is easy; if you’re using shitcoins, sorry, but you’re stuck with Ledger, so it might be a good time to sell all those coins and go Bitcoin-only.
Secondly, you could limit the amount of funds you keep in a Ledger and use it as a more secure hot wallet instead, while your cold funds go into another single signature device.
Alternatively, you could assume that your Ledger private key is always compromised but use it in a 2 of 3 multi-sig instead of a single-signature set-up. That way, your funds still remain safe even if that key can be secured by a third party.
Lastly, you can go scorched earth, move your funds to a new open source wallet, burn the keys and destroy the Ledger, and take zero chances.
Whether or not you should bin your Ledger wallet depends on your individual circumstances. If you are comfortable with the security of your hardware wallet and you will never lose your recovery phrase, then you may not need to use a recovery service.
Do you take self-custody of your stack?
If you’re new to Bitcoin and have not ventured down the self-custody rabbit hole, what is stopping you? If you’re already self-sovereign, how has the experience been since you took hold of your funds? Let us know in the comments down below. We’re always keen to hear from bitcoiners from around the world.
