‘Backdoor’ privacy concerns over Ledger hardware wallet Recovery service

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
A contentious new feature has been added onto all Ledger hardware wallet devices. On Tuesday morning, the announcement had Crypto Twitter buzzing.

Although advertised several weeks back in a Wired article, today’s release brought the fire from the crypto community. The feature in question is Ledger Recovery, an ID-based private key recovery service would allow users to backup their private seed phrase directly to their personal identity through three different custodians. The service will cost $9.99 per month.
The company claims there is no backdoor on its devices, and that this is an entirely opt-in service. That means if users don’t opt-in, it will have no effect on their Ledger devices.

Nicolas Bacca, co-founder of Ledger, spoke during a Twitter Space with several other Ledger executives. He was adamant that “this is not a backdoor at all, because nothing will happen without your consent on your device.” He also said the update does not increase attack vectors on Ledger wallets.

But there's been a lot of debate on Twitter over whether just the possibility of opting into the service presents its own security risk.

How it works?
Your private key serves as the starting point for creating a backup of your Secret Recovery Phrase. Here’s how:
  1. When setting up your Ledger Recover login, you’ll first need to verify your identity using your ID card.
  2. You’ll be asked to connect your Ledger Nano X and give approval to the creation of the backup to your Secret Recovery Phrase. Once approved, your Ledger Nano X will duplicate, encrypt and fragment your private key into three parts within the Secure Element chip. These fragments become the backup of your Secret Recovery Phrase.
  3. These encrypted fragments are securely sent to three independent providers – Ledger, Coincover, and EscrowTech that will store them in Hardware Security Modules (HSMs). Each encrypted fragment is useless on its own. When you request access to your wallet, two of the three encrypted fragments will be sent back to your Ledger device, reassembling them to build your private key.
  4. The backup for your Secret Recovery Phrase is linked to your verified identity from Step 1 so only you have access to it.
Read more




Landing page
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top