‘Backdoor’ privacy concerns over Ledger hardware wallet Recovery service

Ink

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Content source
https://finance.yahoo.com/news/backdoor-ledger-heres-whats-going-203940775.html
A contentious new feature has been added onto all Ledger hardware wallet devices. On Tuesday morning, the announcement had Crypto Twitter buzzing.

Although advertised several weeks back in a Wired article, today’s release brought the fire from the crypto community. The feature in question is Ledger Recovery, an ID-based private key recovery service would allow users to backup their private seed phrase directly to their personal identity through three different custodians. The service will cost $9.99 per month.
Click to expand...
The company claims there is no backdoor on its devices, and that this is an entirely opt-in service. That means if users don’t opt-in, it will have no effect on their Ledger devices.

Nicolas Bacca, co-founder of Ledger, spoke during a Twitter Space with several other Ledger executives. He was adamant that “this is not a backdoor at all, because nothing will happen without your consent on your device.” He also said the update does not increase attack vectors on Ledger wallets.

But there's been a lot of debate on Twitter over whether just the possibility of opting into the service presents its own security risk.
Click to expand...

How it works?
Your private key serves as the starting point for creating a backup of your Secret Recovery Phrase. Here’s how:
  1. When setting up your Ledger Recover login, you’ll first need to verify your identity using your ID card.
  2. You’ll be asked to connect your Ledger Nano X and give approval to the creation of the backup to your Secret Recovery Phrase. Once approved, your Ledger Nano X will duplicate, encrypt and fragment your private key into three parts within the Secure Element chip. These fragments become the backup of your Secret Recovery Phrase.
  3. These encrypted fragments are securely sent to three independent providers – Ledger, Coincover, and EscrowTech that will store them in Hardware Security Modules (HSMs). Each encrypted fragment is useless on its own. When you request access to your wallet, two of the three encrypted fragments will be sent back to your Ledger device, reassembling them to build your private key.
  4. The backup for your Secret Recovery Phrase is linked to your verified identity from Step 1 so only you have access to it.
Click to expand...
Read more




Landing page
www.ledger.com

Ledger Recover by Coincover

Protect your seed phrase with Ledger Recover! With Ledger Recover, you'll never get locked out of your wallet.
www.ledger.com www.ledger.com
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, harlan4096, brambedkar59 and 1 other person
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
Google Wallet for Android now supports digital IDs
Replies
1
Views
1,129
News Archive
Zero Knowledge
Z
vtqhtr413
    • Wow
    • +Reputation
    • Like
Privacy News Facebook Accused of Using Your Phone to Wiretap Snapchat
Replies
3
Views
1,021
Security News
Practical Response
Practical Response
Brownie2019
    • Like
Unlimited Giveaway Ashampoo Backup 2023 for free
Replies
9
Views
1,527
Giveaways, Promotions and Contests
Xtwillight
Xtwillight

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top