Is This Latest Ledger Firmware Update A Disaster In The Making?
Ledger, the hardware wallet provider, recently upgraded its firmware to version 2.2.1. They introduced an additional safety net called the “Ledger Recover” that the crypto community is vehemently rejecting.
While upgrades are critical considering the fast-paced nature of cryptocurrencies, Ledger is now being criticized after offering an option for users to store their seed phrases online. The hardware wallet manufacturer said this feature makes it easier for users to quickly recover their seed phrases in case they misplace them.
The “Ledger Recover” Feature Rejected
The subscription-based service called “Ledger Recover” effectively grants the manufacturer access to clients’ seed phrases; defeating the purpose of using a cold wallet in the first place.
Related Reading: DOJ Crypto Task Force Goes After DeFi Hackers As Illicit Activity Soars
The platform says Recover is an “ID-based key recovery service that provides backup” for seed phrases for coins like Bitcoin.
Earlier, Ledger’s co-founder said Recover will split a seed phrase into three shards. A section is distributed to Ledger, Coincover — a crypto custody firm, and EscrowTech, a company that escrows codes. Therefore, if a user loses access to their cold wallet by misplacing their private key, two of the three custodians can combine their code to recover the wallet’s contents.
While this could help, as it is designed, a cold or hardware wallet is non-custodial. Technically, it should be delinked from the internet. By default, Ledger wallet holders should always be responsible for their seed phrases.
Seed phrases allow users to sign transactions confirming that they are the true owners. Whenever they are misplaced, the token owner losses access to all their coins.
Although the “Ledger Recover” feature is a precaution, some even claim this move makes Ledger a “hot” wallet. A hot wallet is a cryptocurrency wallet connected to the internet and is often the target of nefarious agents. Whenever hackers strike, they aim to wipe clean assets stored in hot wallets like MetaMask or Coinbase Wallet.
KYC Requirements And Learning From The Past
Besides Ledger requiring access to private keys, the “Recover” feature demands that users verify their identity as part of the know-your-customer (KYC) rules.
As part of this verification and compliance with KYC, users must submit their government-issued cards. Critics say this is against the principles of crypto that work toward preserving privacy and diffusing power from one entity.
Trusting private identity documents to a centralized entity can be disastrous. In 2020, Ledger’s database was compromised, and hackers dumped hundreds of thousands of wallet buyers’ confidential information, including physical addresses.
Hackers later used the same dumped details to target clients in an extortion campaign that affected even some of the top executives of Ledger.