Welcome to another Crypto Weekly Digest brought to you by VirtualBacon.
The biggest news this week is with the Ledger Recover program is an over-the-air firmware update that allows users of Ledger hardware wallets to back up their secret recovery phrases.
What is the Ledger Recover Program?
Here's the lowdown on the new Ledger Recover service:
- This subscription-based feature allows users to store their seed phrase online for an easy recovery process if lost, costing $9 per month.
- It isn't a compulsory purchase or the default setting; users have the option to enable this feature.
- Once activated, the backup is divided into three portions and stored across three separate companies: Ledger, Coincover, and EscrowTech.
- The service necessitates Know Your Customer (KYC) identification checks, which includes a document and a selfie recording.
- For the time being, original Ledger owners are unaffected as the feature isn’t compatible with the older S wallets. However, it will be available in the forthcoming firmware update 2.2.1 for the newer wallets.
What is the Security Risk and Controversy?
This service has sparked a lot of controversy within the crypto community. Many users have expressed their concerns, as they considered Ledger a trustless service for storing cryptocurrencies, and the idea of the seed phrase leaving the hardware wallet did not resonate with them.
In fact, Ledger has always advertised their devices with "Your Private Keys never leave the Device"
However with the introduction of the Recover Program, there is now a clear scenario where your private keys CAN in fact leave your device, as long as you consent to Ledger doing so. Even though the keys would be encrypted and split into multiple shards, people are still not happy.
So the seed can leave the device now?
— CZ 🔶 Binance (@cz_binance) May 16, 2023
Sounds like a different direction than "your keys never leave the device". 🤷♂️
To make things worse, Ledger Support's communication on twitter has only added fuel to the fire, using language like "Technically it's always possible, you just trusted us to not do it".
So is this a real problem? Let's break down the few key aspects
- Splitting Seed Phrases as Backup is NOT A PROBLEM
The problem here is not splitting the key in 3 parts. That's actually good! Many expert crypto holders use this method to split up their seed phrase and diversify the risk of having a single point of failure. Most large projects use Multi-Signature wallets to manage their treasury funds, and Vitalik himself also uses seed phrase shards to manage his personal funds.
Adriana Hamacher
2. The Recover Program and KYC is NOT A PROBLEM, but YOU SHOULDN'T USE IT
The Ledger Recover Program is only optional, and you have to pay $9 per month for it. So technically all you need to do is to not use the program. This also isn't a problem.
How am I protected from Ledger Recover if I’m not interested in it?
— Ledger Support (@Ledger_Support) May 17, 2023
Ledger Recover is an optional, paid subscription service.
User consent is needed on your Ledger product in order to subscribe and to generate the encrypted fragmented backup of your SRP.
I highly encourage everyone to NOT use this recover program, because once your seed phrase is backed up, there is no going back. Although the program seems useful in case you lose your recovery phrases, it does go against the entire premise of self custody.
What if someone steals your identity and passes KYC with the recovery providers, then they can restore your wallet and steal your funds.
In a more extreme scenario, what if the government or courts subpoena your crypto wallet, and forces the recovery providers to give up your seed phrases, chances are they will have to comply.
Luckily to opt out of the Ledger Recover program, users simply need to do nothing and not subscribe to the service.
3. Recover Program Reveals Ledger's new Firmware Might be Able to Extract Seed Phrases, This is a BIG PROBLEM
The real issue is the new Ledger firmware update 2.2.1 which starts to support this recover program.
You see, how the recover program works is that you opt in, pay the fee, then simply sign a transaction that allows Ledger to backup your seed phrase, then magically your seed comes out.
This is a big issue as the promise of hardware wallets is that you and you alone control your seed phrase and private keys.
I would be much more comfortable if the program instead requires you to manually enter in your seed phrase that you wrote down on paper in order to work. However since Ledger does not need my manual entry, it means there is a way for them to get access to the seed phrase in the latest firmware.
This breaks trust assumption that seed phrase and private key never leaves device.
It's important to note that this firmware MIGHT be able to access your seed phrase whether you sign up to the recover program or not.
While Ledger has maintained that there is no backdoor in the Recover firmware update, the controversy has highlighted that users do place a certain amount of trust in Ledger when they use their products.
We Need to Rethink How Hardware Wallets Work
This Ledger situation should act as a wake-up call for all of us to learn how Hardware Wallets really work. Although Ledger is the first company to come up with such a program, experts revealed that all hardware wallets technically do have the ability to make changes to the firmware that can extract your seed and private keys.
Every time you accept a firmware update from Ledger, Trezor, or whatever hardware wallet you use, you are trusting their company to not have put in a secret backdoor to extract your keys.
Obviously this is highly illegal if they do this without revealing it, BUT the premise of trust in crypto is always reliant on cryptography, NOT on legal actions. On this front, it's not wrong to say that hardware wallets are not as fool-proof as a paper wallet backup.
What are our best options now?
Despite all the controversy, from a real user perspective, hardware wallets still provide the best security and convenience combination. Using an exchange or hot wallet is simply always going to be more risky than a hardware wallet, as your keys are directly exposed to the internet and third party at all times.
Physical backups like Paper wallets or steel wallets can be more mathematically proven to be safe. However they obviously sacrifice on convenience since you cannot spend the coins without creating a brand new wallet.
So I personally still use a hardware wallet for my everyday use and long term storage.
I have been using Ledger for the past 6 years, going from a Nano S to a Nano X now. However this incident is the first time that I'm seriously considering switching for good.
The best option now in my opinion would be the Trezor Model T. Although Ledger and Trezor both have the same firmware trust issues that technically COULD install backdoors, Trezor does have an edge in security right now.
Ledger co-founder and former CEO says 'all hardware wallet manufacturers could make a firmware update to extract the seed phrase but trust them not to'
— OKHotshot (@NFTherder) May 20, 2023
Says even @Trezor could make rogue firmware pic.twitter.com/FIJQteslgW
Obviously Trezor does not have a recover program which gives them a reason to install potential backdoor to the firmware.
But more importantly, Trezor's software is completely open source, whereas Ledger's is closed source. This means all firmware updates of Trezor can be publicly scrutinized by users and independent developers. They can check and verify that there isn't any backdoor, before installing the updates.
This cannot be done on Ledger, you have to trust their changelogs for the updates but you cannot verify the code.
Other brands like the Keystone, GridPlus, SafePal claim to be airgapped and open source, but to be honest I only trust security that stands the test of time. Hence why my two main choices are the two longest running brands Ledger and Trezor.
Weekly Bullets
🟠EU Mandates Identification for All Cryptocurrency Transactions in New Law.
🟠Venezuela Abandons US Dollar, President Maduro Announces.
🟠Iraq Decide to Ban U.S. Dollar Transactions.
🟠Tether Plans to Allocate Up to 15% of Profits to Bitcoin Investments.
🟠Grayscale and Bitwise Retract Plans for Ether Futures-Based ETFs.
🟠Ripple Introduces CBDC Platform for Streamlined Development of Central Bank Digital Currencies and Stablecoins.
🟠SEC Declares Filecoin a Security, Impacts Grayscale Investors
🟠BitBoy Dumps His Crypto Tokens, Breaking Promise Not to Sell.
🟠FTX Lawyers File Lawsuit Against CEO Sam Bankman-Fried.
🟠Coinbase launches subscription service with focus on European expansion.
🟠Robert F. Kennedy Jr. Becomes the First Presidential Candidate to Accept Bitcoin Campaign Donations.
New Videos
How to find the next 100x Crypto EARLY
How to qualify for the MetaMask Airdrop $MASK Step-by-Step Guide
End
Thanks for reading! If you enjoyed this newsletter, please share it with your friends.
Also check out APEX Exchange - The official DEX of ByBit.
They have all the advanced trading tools like limit orders, stop loss, and even leverage for long and short positions.
The best part is you control your own funds as you can directly trade from your MetaMask Wallet. There is no KYC and you can trade from anywhere in the world
Start Trading on APEX and earn extra $APEX tokens
