It’s counterintuitive for a CEO to defend a competitor, particularly when that competitor is rolling out a feature similar to one we pioneered years ago. But given the debacle around Ledger’s new “Ledger Recover” feature, it’s time to provide a balanced perspective.
The company is under fire for releasing an update to its wallet firmware that allows it to send a version of the wallet seed phrase to third parties. But the outrage feels out of proportion. The perception that Ledger is carelessly “sending seed phrases to a server” is fundamentally misinformed. Let’s be clear: The new system is opt-in only. There is no forced participation or hidden backdoor. The seed is locally split into three encrypted shards using Shamir Secret Sharing, a well-respected cryptographic process, and sent encrypted, a practice the industry has been familiar with for years.
One of the corporations hosting the shards is EscrowTech, a company we brought into the crypto sector four years ago. I’m confident that Ledger, despite our rivalry, can successfully implement a system that matches its claims. They’ve shown commitment and seriousness in the past, and there is no reason to expect otherwise now.
WTF is this real @Ledger ? this is unreal im literally getting sick
do you have any idea how much money your devices secure ???
have you been lying all this time saying the seed on the device cannot be accessed in anyway? pic.twitter.com/34txno7koR
— Clouted (@CloutedMind) May 16, 2023
In the face of backlash, it’s essential to remember: If you don’t like it, don’t use it. Period.
We have always strived to provide an upgrade to such systems, but for those who choose to stick with seed phrases, Ledger Recover is undeniably a step forward. I’m giving credit to Ledger where it is due: To truly onboard billions, and move assets to our self-custodial universe, Ledger Recover is a potential solution. Securely encrypted secrets stored in the cloud are the future, not pieces of paper or steel plates stored under your mattress or worse in a bank vault (the irony…)!
That being said, there are a few things Ledger got wrong. Their suggested solution identifies a fundamental problem that cannot be fixed by Ledger Recover: seed phrases. I dislike them and consider them outdated and unfit for personal security. An estimated $100 billion in Bitcoin (BTC) (alone) has been lost or stolen in the last decade because of seed phrase mismanagement. And it’s not getting any better: Every day, new stories of key misplacement and loss appear on forums, such as Reddit and Twitter.
Seed phrases represent a single point of failure, which puts too much burden on the user and is prone to human error, phishing attacks, account takeovers and so many more disasters. Multiparty computation (MPC) wallets and other battle-tested cryptographic techniques offer vastly superior trade-offs where seed-based approaches seem archaic in today’s rapidly advancing digital landscape.
Ledger’s current users, mostly hardcore crypto enthusiasts, feel betrayed, but the existing seed model simply doesn’t work for everyone. Even Ledger acknowledged it on its own website.
Beyond ignoring the fundamental seed phrase vulnerability, Ledger Recover itself has its own share of issues: The one-way firmware update, the closed-source sharding, the Know Your Customer (KYC) gating, the pay-to-recover scheme and, most of all, the “trust me this is opt-in only” without ways to verify the source code. The closed code, dependence on external custodians and the seven-day cut-off if payment ceases will absolutely surface more questions (and already has).
The introduction of Ledger Recover might also invite new attack vectors on and off systems: From local malware to government coercion, social engineering (already deployed at scale in their last e-commerce breach) and fake KYC recovery, which need to be addressed. Lastly, Ledger’s communications and timing could have been better articulated and managed to avoid the current uproar.
However, this doesn’t take away from the fact that they are trying to innovate and improve user security, albeit in a different way than we might.
To Ledger, I suggest providing a comprehensive demo video end-to-end, a documented white paper with possible third-party audit reports, and a thorough explanation of how Ledger Recover works. The FAQs leave questions unanswered, and customers are left guessing or misinterpreting the service. The community thought they could trust you blindly, but you need to earn this back after this episode.
This is not a clear-cut case of right or wrong. Ledger is making strides in the right direction and has built a remarkable track record in an incredibly hostile environment — we know that first-hand. But they also have room to learn and improve.
Imposing a new security path, even optional, is like asking to believe in a second religion you did not choose in the first place. It’s a divisive issue, certainly, but it’s vital for the crypto community to focus on facts rather than interpretations. Eventually, our words here (or on social media) will not matter, and people will vote with their dollars (I mean their crypto). As competitors, we may not agree on every detail, but we can all agree on the need for innovation, security and transparency.
Ouriel Ohayon is a co-founder and the CEO of ZenGo, a consumer MPC wallet established in 2018. He’s a former executive at ICQ/AOL; the founder of TechCrunch France (sold to AOL); and the founder rof Isai.fr, a leading French VC. He was general manager of the Gemini’s internet lab and Lightspeed Ventures.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.