Ledger, a popular provider of crypto hardware wallets, has received criticism from its users after releasing an update that has raised security concerns. While the company has defended the update, experts and crypto holders are distancing themselves from the provider.
The Issue
The controversy began after a Reddit user raised questions about whether Ledger has a built-in backdoor that allows access to users’ private keys. Private keys are secret alphanumeric strings that allow users to access their crypto on the blockchain. The question centered around Ledger’s Ledger Recover service, which is a subscription service for Nano X device holders that allows them to recover their crypto even if they’ve lost both their wallet device and recovery phrase.
Ledger has defended the service, stating that it works by duplicating the device’s recovery phrase, fragmenting it into three parts, and securing it with Ledger, Coincover, and another provider. To access the service, users must verify their identity using an ID document and selfie recording. However, the update has raised concerns that Ledger devices do not fully protect users’ private keys from external access.
The Response
Despite Ledger’s assurances, many in the crypto community have expressed concern about the update. Some have recommended that Ledger launch a separate wallet that offers a seed-recovery service, rather than rolling it out as a firmware update to existing customers who expected maximum security from their devices. Additionally, popular crypto developer and auditor “foobar” has urged followers to migrate away from Ledger wallets immediately.
The Controversy
The controversy is not the first time that Ledger has faced criticism over user security. In July 2020, the company accidentally leaked personal information about over 270,000 customers, who were later victims of email and SMS phishing campaigns. However, this leak did not impact the security of users’ private keys.
Ledger’s controversial update has raised concerns about the security of users’ private keys. While the company has defended the update, many in the crypto community are urging caution and recommending users consider other options. As the crypto industry continues to grow, it’s essential for providers to prioritize user security and protect against potential threats.