- Ledger grabbed headlines in the last two weeks over its Recover service.
- Bitfold Co-Founder Jakub Żurawiński spoke to DailyCoin about what businesses could learn from the debacle.
- Żurawiński believes Ledger could have handled the situation better.
The essence of cold wallet storage is to offer customers the ability to store crypto assets without trusting a third party.
This is according to Jakub Żurawiński, co-founder of Bitfold. The Polish crypto hardware wallet company claims to produce the world’s first “standalone private vault for digital assets and identity.
In an email interview with DailyCoin, Żurawiński spoke about the recent controversy surrounding the Ledger Recover Service. Ledger grabbed headlines over the last two weeks for introducing the new feature that could extract user key phrases from their hardware wallet for safekeeping by three different firms, including Ledger.
While the seed phrase recovery service was billed as optional, the existence of the code sparked fears of an exploitable backdoor in the hardware wallet.
Prioritize Customer Values
Bitfold’s Żurawiński noted that as a business, the key takeaway from the Ledger Recover controversy was prioritizing customers’ values.
"To not derail even the best business idea, it is crucial to review that with the minds and values of your clientele, always," the Bitfold co-founder wrote.
Żurawiński asserted that “trustless systems are not for everyone,” adding that those that faced difficulty storing their seed phrases could always turn to cloud storage alternatives.
The Bitfold co-founder implied that hardware wallet users are often core crypto users looking to limit third-party access to their funds as much as possible, making the Recover service incompatible with Ledger’s existing customer base.
As customers flocked to self-custody solutions at the peak of the FTX collapse in November 2022, Ledger claimed it could never access customer seed phrases with a firmware update. However, the existence of its Ledger Recover service appeared to invalidate this claim, as confirmed by Ledger in a now-deleted tweet. According to Żurawiński, this deception was Ledger’s “biggest” mistake.
"This raises many questions about the company's integrity and transparency. On top of that, Ledger claimed that this feature in the firmware does not increase the threat model or the attack surface, which is fundamentally false. Any additional code, functionality, or external interface has security implications," he added.
The Bitfold executive notably expressed that Ledger could have handled the situation better.
What Ledger Would Have Done Differently?
Żurawiński believes that the outcomes could have been different if Ledger had engaged in public consultation and openly discussed the risks associated with cloud services before announcing the rollout of the Recover service with its firmware update.
"Given the topic at hand and its weight, I am confident such an approach would have been much appreciated by the users and clients," the Bitfold executive asserted.
As highlighted by Żurawiński, the Ledger Recover drama raised serious questions about how much users can trust wallet providers, whether their code should be open source, and what it means for this code to be open source.
Following the continued backlash, Ledger announced that it would suspend the launch of the Recover service in a message to customers on May 23. The Parisian firm asserted that it would only proceed with the service after it open-sourced as much of its codebase as possible. Despite this decision, several members of the crypto community expressed that the damage had already been done to the company’s reputation.
On the Flipside
- Crypto community members have urged Ledger to create a separate line of products for its Recover service.
Why This Matters
The Ledger Recover service has raised new questions about how hardware wallets work.