Ledger’s Controversial Firmware Update Sparks Backlash: Security and Privacy Concerns Surround New Recovery Feature

Ledger, a prominent hardware wallet manufacturer, is facing intense criticism and controversy following the release of a firmware update that introduces a new recovery feature called “Recover.” The feature allows Ledger to back up seed phrases, leading to concerns about security and privacy within the cryptocurrency community.

The firmware update, known as version 2.2.1, has raised eyebrows as it grants Ledger access to users’ seed phrases. This access contradicts the primary purpose of a hardware wallet, which is to securely store and protect cryptographic keys. The community is questioning why Ledger would introduce a feature that compromises the very foundation of its product.

Adding to the discontent is the requirement for Know Your Customer (KYC) registration, which necessitates users to provide a picture of a government-issued ID. This move clashes with the privacy values cherished by many in the crypto community. Currently, the subscription-based service is only available to Ledger Nano X devices, and the ID requirement applies to users from the EU, the U.K., Canada, and the U.S.

One significant factor contributing to the backlash is Ledger’s history of data breaches. The company has previously experienced security lapses, eroding trust among users. In December 2020, for instance, a data breach resulted in the theft of physical addresses belonging to 270,000 Ledger owners. This incident led to targeted extortion campaigns against the victims. Although Ledger assured users that the compromised data was not linked to their wallet funds, the incident damaged the company’s reputation.

Ledger has faced criticism for its decision-making in the past, such as the release of a necklace accessory for its cold wallet, the Nano X. The community viewed the necklace as unnecessary and potentially inviting theft, highlighting concerns about Ledger’s judgment.

In response to the negative feedback, Ledger has defended the new recovery feature, emphasizing that there is no backdoor for unauthorized access to users’ funds. The recovery tool encrypts the seed phrase and sends encrypted shards to different custodians for reconstruction. Ledger asserts that only the users themselves can utilize the functions on their Ledger devices, and no one else can access their pin code or manipulate the device remotely.

Despite Ledger’s assurances, users remain skeptical. Many took to social media to express their concerns about the safety implications of the new feature. Security experts, including Polygon Labs’ Chief Information Security Officer Mudit Gupta, warned against enabling the feature, citing potential risks of identity theft due to the ID verification process and key access granted to chosen contacts.

Ledger has clarified that the Recover feature is an opt-in subscription and not enabled by default. Additionally, the decryption of the seed phrase shards can only occur on the Ledger device after user identity verification. The three custodians involved in the recovery process are Ledger, Coincover, and EscrowTech.

The controversy surrounding Ledger’s firmware update comes at a crucial time, as the company seeks to rebuild trust following the cyberattack in 2020 that resulted in the leakage of personal information of 270,000 customers.

The concerns raised by Mudit Gupta, CEO of Binance, CZ, and other prominent figures in the crypto industry regarding Ledger’s firmware update are indicative of the widespread apprehension surrounding the new feature. Their statements highlight the need for careful consideration and attention to security in the development of such updates. As the crypto community engages in discussions about the implications of this update, it becomes clear that addressing these concerns and ensuring the protection of user funds and privacy should be paramount for Ledger and other hardware wallet manufacturers.

While Ledger aims to provide users with an additional backup option, the introduction of the recovery feature has sparked a heated debate about the trade-off between convenience and security. The crypto community remains divided on whether Ledger’s update is a step forward or a compromise to the fundamental principles of hardware wallet security.

Following the announcement, certain users on Twitter recommended that Ledger introduce Ledger Recover as a distinct and independent product, separate from its existing offerings.

Ledger did not provide an immediate response when asked for a comment.

DISCLAIMER: All the Information on our website is provided in good faith as general market commentary and does not constitute investment advice. Any action the reader takes upon the information found on our website is strictly at their own risk.

We encourage you to do your own research (DYOR) before investing. Coinzone®