en.cryptonomist.ch
The hardware wallet company Ledger, after a rather disastrous week marked by a barrage of community criticism, postpones the launch of Ledger Recover.
Below are all the details.
What happened to the wallet company Ledger?
In a Twitter Space on 23 May, attended by more than 13,000 users, Ledger President and CEO Pascal Gauthier said it had been a “humbling experience” and a tough lesson in communication:
“This experience was very humbling. We miscommunicated at the launch of this product; it was not our intention to take people by surprise. So for that reason, we understand the direction of the community and apologize for the miscommunication.”
Ledger found itself in a public relations nightmare after revealing plans on 16 May to introduce a key recovery tool called Ledger Recover:
I want to address the feedback over Ledger Recover, the way it was communicated, and share our path forward. Read my letter and join our town hall with our leadership team to learn more.
— Pascal Gauthier @Ledger (@_pgauthier) May 23, 2023
🧵👉 https://t.co/2hlPrMwzaN pic.twitter.com/juVBOpWeeG
The firmware update would allow users who have lost their private seed phrase to retrieve it through an optional feature.
The company faced backlash from some members of the cryptographic community who believed this would add a “backdoor” for removing a user’s private keys from the device.
Ledger’s future intentions
Gauthier revealed that in response to concerns about the launch of Ledger Recover, the company would accelerate its plans to make more of its code base open source.
It will start with the core components of its operating system and Ledger Recover:
Ledger Recover will be launched as soon as the source code is auditable. We believe in these amendments to the project and will continue to build the industry together.
— Pascal Gauthier @Ledger (@_pgauthier) May 23, 2023
Charles Guillemet, chief technology officer of Ledger, said that in the coming days a white paper on the Recover protocol will become open source along with technical blog posts to “explain the principles of Recover” and to provide more detailed explanations of how the process works.
“It’s going to be very easy and clear for every single cryptography and security expert to have a look at the protocol to get more guarantees and understand how it works.”
Guillemet noted that this would also allow developers to create their own backup provider for seed phrase fragments rather than using the one offered by Ledger:
Ledger’s mission is, and will always be, to provide our users with the right tools to own their digital value securely.
— Charles Guillemet (@P3b7_) May 23, 2023
We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do.
A thread 🧵 pic.twitter.com/Dv0jBCM4Ys
Ledger community discontent following the release of the latest feature
As anticipated, several members of the cryptocurrency community, including Ledger wallet owners, took to social media to express their discontent following the release of Ledger’s latest feature.
The wallet provider shared that Ledger Recover is an optional subscription for users who wish to back up their secret recovery phrase. In fact, the company had explained:
“You don’t have to use it, and you can continue to manage your recovery phrase yourself if that’s why you bought a ledger.”
However, the concept infuriated many in the cryptocurrency community, including security specialists.
In particular, Mudit Gupta, chief information security officer at Polygon Labs, shared:
Oh but it is secured by ID verification!
— Mudit Gupta (@Mudit__Gupta) May 16, 2023
You know what else is secured by ID verification? Mobile number porting.
Do you know how many high profile sim jacking cases happen every day? Too many.
Anything secured by "ID verification" is inherently insecure. Too easy to fake.
Investor and podcaster Chris Dunn, referring to the Ledger data leak that exposed users’ information in 2020, also wrote:
“First, they exposed their customers’ mailing addresses, phone numbers, and email addresses. And now they’ve put a back door into the seed sentences. It’s time to say goodbye to Ledger.”