The Ledger Hardware Wallet Question - Why Do We Need To Use A Recovery Service?

Do repost and rate:

The LEDGER hardware wallet was designed to securely store and manage cryptocurrencies. It offers an offline storage solution, known as cold storage, which helps protect your private keys from online threats such as hacking or malware. Hardware wallet solutions offer your custody of your keys, thus you are in control of your crypto. 

Now there is some controversy with Ledger's hardware wallet solution, after they offered a new service called Ledger Recover (May 2023). The service provides an encrypted backup of the secret recovery phrase, in case a user loses or forgets that information. It is important to have the secret recovery phrase in order to restore a wallet.

The Secret Recovery Phrase

A wallet, regardless of type, has a secret recovery phrase. It is also known as a seed phrase, and consists of 12 or 24 random words that are generated by the wallet. This is provided to the user in order to be able to restore their wallet on another computer or system. The secret recovery phrase is important because it contains the information for recovering the private keys that a user holds for their cryptocurrency assets. 

Why Is Ledger Offering The Service?

If you are familiar with IT best practices, having a backup of your data is essential for daily operations. You need a backup in order to restore files in the case of an emergency. Corporate IT operations have been implementing this for decades with a high level of success. The service is being offered to allow users of Ledger's hardware wallet to have the feature of restoring their wallet and recovering their private key(s).

When you implement this for crypto, it is another issue. That is because it requires a trusted entity, in this case the way the secret recovery phrase is split (called ) will be through 3 parties. The independent parties involved are Ledger, Coincover and EscrowTech, who will hold pieces of the secret recovery phrase for the user.

Ledger is offering this as a paid service, and will not be mandatory. Despite not being opt-in, there is a vocal group of critics who deem the service as very concerning. That is because it removes the element of self-custody and decentralization from users when you introduce other parties who have access to personal data. This gives Ledger a way to be able to gain access to a user's hardware wallet. 

The Problem With Trusted Intermediaries

If you have been in crypto for a long time, you have probably heard "Your keys, your coins" or "Not your keys, not your coins". The problem with the recovery service is that you are putting trust in another party to restore a wallet to recover private keys. What if a subpoena was sent to the trusted company to unlock a wallet for some sort of investigation? 

The access to your crypto assets can be compromised with this type of setup. With a subpoena, there is legal compliance required. Otherwise, if a user has full custody of their crypto, no one can access it unless they force the user at gun point or threat of harm. This type of recovery is like a backdoor that can give access to a user's crypto.

Another problem is what if something happens to one of the independent parties for the recovery service? Supposed that one of them had a data center crash or a backup server problem. These companies probably have redundant systems that keep a copy of the data, so there is nothing to fear. Then again, that is another reason for concern. Having multiple copies available at all times makes it a target for attacks by bad actors.

If a hacker is able to breach the trusted party's system, they can gain access to a shard. Now imagine if the hacker was able to penetrate the other systems, and collect all the shards to restore a user's wallet. Although these companies should have hardened security protecting your data, there is never a guarantee on that.

A more serious problem is if there are rogue elements within the intermediaries who can manipulate the data. Although there are legal agreements that can prevent this, it can still be possible. Trust is based on a customer's faith in the vendor. It can still be broken and is not always bonafide.

Addressing The Concerns

Since there was backlash, Ledger has paused the service (as of May 24, 2023). Perhaps this was due to pressure from not only critics, but the customers who use the product. Ledger had to address these concerns, and they have made announcements regarding that.

The good thing about this is that it can clear up the intents and purpose of the service, and make Ledger more attentive to these matters. This may lead to Ledger open sourcing the code for more transparency of how the service works, and give both developers and customers more transparency. 

This service could actually be beneficial to users who are not as technically savvy as veterans in the crypto space. By paying for a service like this, it gives them some assurance that there is a recovery plan. It is much like in corporate IT systems, where the data can be backed up and restored. That usually requires a third party, and that is what more experienced crypto users are worried about.

Another concern is that if the service requires a firmware update, it can be like a ready-to-use backdoor. Older systems will not be affected, but those who opt-in and have a newer device will be. By not getting the firmware updates, users can also leave their system open to exploits and vulnerabilities. That is not the intent of the vendor, but it still gives them a form of access that can later be used or even abused.

People have different viewpoints, whether you just started out in crypto or you have been involved in the space. Newbies will need more hand holding in order to understand how crypto works. After more experience and understanding, users tend to go for self-custody rather than trusted custody of their crypto assets.

There is no need to jump to conclusions at the moment. What is important here is that if you custody your crypto, you still have control. You do not need to opt-in to a service. Users who are also uncomfortable about the idea can always use a different product or try other wallet solutions.

Hopefully Ledger can provide the service in good faith for those who need it.

Disclaimer: The content of this article is for reference or informational purposes only. This is not financial advice. Please do your own research always.

Banner Photo Credit:Tima Miroshnichenko

Regulation and Society adoption

Ждем новостей

Нет новых страниц

Следующая новость