Recently concerns have been raised about the security of Ledger hardware wallets, ever since their announcement of ‘Ledger Recover’, a seed phrase (private key) backup service.
What is the fuss about?
One of the cardinal rules of bitcoin OpSec is to never expose your private key directly to an online device. That is, after all, the entire reason for hardware wallets like Ledger in the first place; to shield your key from hackers and the internet.
Ledger has stated that they will hand over Ledger Recover user keys in the case of a government subpoena, which is concerning. However, Ledger promises this only applies to “serious acts” such as crimes involving drugs and terrorism.
Add to this that Ledger is a closed-source device, making it impossible to verify what the wallet actually does, and it’s not surprising that many bitcoiners are not comfortable with this service, or are concerned that the device is even capable of exporting the keys.
Should you be concerned?
Ledger Recover is an opt-in service. We trust that if a user doesn’t download the firmware, they will not be exposed to added risk. It’s worth noting that Ledger Nano S is incompatible with the Ledger Recover feature.
We do believe that Ledger devices are safe to use. If we didn’t, we wouldn’t sell them. Ledger’s motivations as a company should align with their customer’s security concerns, as they are invested in maintaining their customer’s trust.
This is a security model most people are comfortable with. You trust your bank, Google, and Apple with your financial information. Why not Ledger?
However we do have some clients who are not comfortable with this arrangement. For them, BitcoinVN Shop also serves as an authorized supplier of alternative hardware wallets such as Trezor, Coldcard and Blockstream Jade which are open source devices that have been verified by different parts of the community.
What does Ledger say?
“The core value proposition remains the same as it always has – the ethos of self custody and self sovereignty means you get to choose. The introduction of Ledger Recover doesn’t change that, it’s entirely up to you if you feel it’s a service you would like to subscribe to.”
Ledger mentioned that, despite numerous accusations circulating on social media, the original seed phrase remains securely stored within the device and is not exposed.
“What you’re creating, if you choose to, is an SSS encrypted and sharded backup. These shards are completely useless unless the user restores the backup on a Ledger device, and only on a Ledger device, where multiple parts are needed in order to decrypt.”
What are the benefits of Ledger Recover service?
We understand concerns about this service, but also understand how some may find it useful, as a large number of crypto users are still extremely unsophisticated when it comes to key management.
For them, the biggest risk of losing access to their crypto is not “the government stealing their money” – but simply their own mishandling of seed phrase backup procedures.
If you feel confident in your key management abilities, you will have no need for Ledger Recover.
But is keeping your funds on a Ledger device with Ledger Recover enabled better than keeping it on an exchange or hot wallet?
The answer is likely yes as well.
Should I change wallets?
If you’re using a Ledger now, don’t be too concerned. For most people, it is secure. Only upgrade your security model to open source if it makes economic sense to do so. And even then, don’t throw away your Ledger just yet. They still make excellent additions to multi-vendor multisig wallets using nunchuk, or as spares or decoy wallets.
Or as a gift to a friend just getting into this space. Just be sure to factory reset it first.