Laptop with ledger wallet on wooden surface

Ledger wallet’s digital asset recovery option irks law-averse maxis

The Ledger hardware wallet’s new digital asset recovery option may have raised holy hell with the ‘not your keys, not your coins’ crowd, but mass adoption of blockchain tech will require such sacrifices.

On May 16, Ledger announced Ledger Recover, a new opt-in subscription service ($9/month). Recover offers Ledger Nano X users the ability to regain access to the assets stored on their device if their confidential 24-word seed phrase is lost, damaged or inaccessible.

This ‘backup solution’ works by duplicating your secret recovery phrase, encrypting it, linking it to your identity and splitting it into three fragments that are separately secured by three different companies.

Paris-based Ledger is one of the three companies involved in this shard-storing process. Another is Coincover, the Cardiff-based digital asset theft/disaster/protection firm that is ‘providing’ the Recover option to Ledger. The third is Utah-based EscrowTech, which traditionally deals with software and source code escrow services.

To recover their seed phrase, customers are required to verify their identity using pre-registered physical ID and facial recognition. This verification is conducted by two different companies (Onfido and Tessi) with lengthy track records in this field.

The problem that Ledger is attempting to address here is a genuine one. Estimates suggest that as much as one-fifth of some prominent tokens worth hundreds of billions in fiat currency is currently locked up in lost or ‘stranded’ digital wallets.

However, public reaction to Ledger’s new recovery option—which was rolled out as part of a firmware upgrade—has been a mix of unease and outright hostility. Complaints stem in part from the ‘crypto’ community’s traditional aversion to disclosing one’s personal identity to anyone for any reason.

Others were more alarmed by the realization that Ledger might have had the ability to access customers’ private keys all along, something that wasn’t previously understood. In a since-deleted tweet issued during the initial backlash, Ledger wrote: “Technically speaking it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.”

But trust can be a big ask, given that Ledger has suffered breaches in which bad actors compromised its systems and accessed customer data. In late-2020, a hacker marketplace published one million Ledger customer email addresses as well as the names, physical addresses and phone numbers of 272,000 customers. Many of these customers were then targeted by sophisticated phishing campaigns.

Ledger had claimed that only around 9,500 customers’ names and physical addresses were compromised by the hack that June. Ledger declined to offer compensation to affected customers, saying the scale of the problem would ruin the company. (Ledger’s rival Trezor hasn’t been immune to these types of problems.)

Horrible mess

As the vitriol flew in the immediate aftermath of the Ledger Recover announcement, CTO Charles Guillemet took part in a Twitter Ask Me Anything session in an attempt to lower the temperature. He wasn’t entirely successful.

A couple days later, Ledger co-founder/ex-CEO Éric Larchevêque took to Reddit to offer his apology for the “horrible mess” that caused some users to tweet “images of Ledger devices burning.” Larchevêque called the rollout “a total PR failure, but absolutely not a technical one.”

Larchevêque lamented the difficulties in explaining Ledger’s security model “to customers with a less and less knowledgable user base.” Larchevêque acknowledged that late last year a Ledger exec had tweeted: “A firmware update cannot extract the seed from the Secure Element.” Larchevêque said this wasn’t a total lie, “but it’s missing ‘as long as you are trusting Ledger.’”

Larchevêque claimed that the absence of this caveat led customers “to think Ledger was a trustless solution, which is not the case.” Using Ledger products requires “some amount of trust” in the company, but that “false sense of trustlessness went into pieces” following the Recover announcement.

Larchevêque insisted that the reality is “nothing changed. Absolutely nothing happened. The security model is the same than before you knew Ledger Recover existed … there is no backdoor … the Recover code in the firmware is not a malicious code nor does it open a way to arbitrary [sic] extract the seed.”

Larchevêque sympathized with those who felt victimized but he warned that those who “jump on the hate bandwagon” and spread conspiracy theories wouldn’t just be hurting Ledger. “The real victims will be the noobs who in panic will try to offload their crypto from Ledger, make stupid mistakes and lose it all.”

Larchevêque’s apology/non-apology didn’t placate everyone. Some suggested that if private keys to digital assets could be exposed during firmware updates, then hackers had a promising new attack vector to exploit. Others felt Ledger asking for trust was a bit rich given its ‘lie of omission’ regarding the firmware’s capacity for seed extraction.

Others worried that Ledger—along with Coincover and Escrowtech—could be inundated by subpoenas and/or seizure orders from government agencies, ‘requests’ that they might feel compelled to obey, regardless of whether or not a user had opted into the Recover feature.

Swimming with the current

Putting aside the question of the validity of these concerns, one has to consider that those complaining the loudest typically resist the notion that anyone other than themselves can ever be trusted to do the right thing. They certainly don’t trust centralized exchanges, on which the vast majority of digital assets are currently stored.

These most vocal parties also represent the minuscule subset of digital asset users who are willing to pay the not insignificant cost of acquiring a hardware wallet. This cost is not only financial but also mental, requiring users to navigate an unfamiliar and steep learning curve that threatens doom for anyone with fat fingers.

It’s highly ironic that those who so boldly predict that the fiat value of their digital assets is moon-bound somehow fail to grasp that the only way that rocket achieves ignition is via mass adoption. But the masses look at the current state of affairs and see only intimidating knowledge barriers and stern warnings that one little slip-up could result in irrevocable loss of their funds.

Ledger CEO Pascal Gauthier addressed this in a Twitter session last Tuesday, calling the Recover option “what future customers want. This is the way that the next hundreds of millions of people will actually onboard to crypto.”

CTO Guillemet added: “When I think of my mom using our product – there are two main hurdles. One is unreadable addresses, and two is managing your private key. If you know how to back up your 24 words securely, Ledger Recover isn’t for you. But for people like my mother, those 24 words can be really complicated.”

Ledger Recover may be an imperfect solution, but it reflects the growing recognition that the status quo is a dead end. Digital assets can remain in their cliquey cul-de-sac forever but mainstream adoption will only occur when consumers feel reassured that there’s some safety net underneath them should they forget to say ‘Simon says’ at the wrong moment.

The way things are going

On this front, the sector is once again following a trail blazed by the BSV blockchain, which features digital asset recovery tools such as Token Recovery. Such tools allow users victimized by fraud, theft or their own ineptitude the means with which to make themselves whole.

Digital asset recovery works by securing a court order or its legal equivalent calling for the lost assets in question to be frozen on their particular blockchain, then moved in a new transaction at the tip of the chain to their rightful owners. A full audit trail is provided so that everyone understands the provenance of these restored tokens.

While more libertarian-minded blockchain believers might view the above actions as illegal, nothing could be further from the truth. Digital asset recovery merely brings existing property law to the blockchain, eliminating some of the sector’s ‘wild west’ disregard for legal traditions that customers expect from other financial arenas.

BSV may have blazed this trail, but this approach works on other blockchains as well, provided they recognize the necessity to impose the rule of law within their network. There’s clearly a way, but is there the will?

For more info on BSV’s other trailblazing efforts, be sure to check out the London Blockchain Conference, three days of cutting edge tech talk that gets underway at the QE II Centre on May 31. It’ll help you recover your faith in blockchain.

Watch: Learn how to create the future with blockchain at the London Blockchain Conference

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.