Last week, Ledger, the Paris-based crypto hardware wallet provider, launched a new service – Ledger Recover. This opt-in service, priced at $10 per month, lets you recover your wallet’s private keys if you lose them. This announcement stirred different ranges of displeasure and shock across crypto communities. A Ledger user even took to Twitter, @oklahodl1, to film himself destroying his Ledger wallet accusing the company of backdooring. How did the company get into this mess, and as it continues to stick to its decision, what are its odds of success out there?

Some Backstory

Like every wallet initiation process, setting up a Ledger wallet involves creating a unique seed phrase, a collection of randomly generated words constituting the private keys associated with crypto wallets. This system, while secure, has usability drawbacks. Losing the seed phrase means losing access to the funds, and if it falls into the wrong hands, it could lead to wallet compromise. 

In this light, Ledger launched Ledger Recover, arguing that the service was simply the company’s concerned response to a pertinent user need: the ability to recover lost private keys. The firm went on to say it had built this recovery service only for a subset of its existing and potential customer base exposed to the risks of self-custody (everyday people plagued with human error and theft). Crypto OGs who independently secure their assets can go about their businesses. Attached to the Ledger Recover launch page on the company’s website are excerpts from aggrieved users complaining about the pains of losing their private keys. One of them, from a Twitter user with the handle @fewture, reads, 

“Wrote my recovery phrase down with some tricks. forgot the tricks. RIP $btc”. 

Another from @SecurityBotNFT said, 

“You COULD try to memorize your seed phrase, but this is extremely challenging. Most people can’t remember what they had for breakfast yesterday….” 

At the time of writing, fewture’s post no longer exists, but the BOT’s remain part of a thread on “not your keys, not your crypto.” Interesting indeed how Ledger quotes them while trying to “hold your keys.” 

Ledger standing on the Ledge

The Ledger Recover service provides customers with a private key backup option on demand. Ledger collaborated with two third-party services – Coincover and Escrowtech- to optimize for security and allay customer fears.

With Coincover, Ledger said it is leveraging the crypto custodian’s military-grade encryption service for private key retrievals. Ledger Recover will comprise an extensive identity verification process – performed by Coincover within a secure environment built by Ledger. Escrowtech, on the other hand, will offer a code escrow service to make room for a more distribution register. Coincover will also provide insurance of $50,000 in the event of loss of crypto assets. 

How Ledger’s New Service Works

Foremost, Ledger uses a standard code called BIP-39 to generate and interpret the recovery phrase on all its devices. The exact type of BIP-39 seed used by Ledger devices by default is a 24-word mnemonic that consists of only the 2048 words from the BIP-39 English wordlist. This process results in a Ledger device generating a single mnemonic seed out of 2256 possible mnemonic seeds (The probability of correctly guessing a possible mnemonic seed combination is mind-boggling). 

Ledger Recover will encrypt a version of this private key combination and split it into three fragments (using Shamir Secret Sharing) – all of this happens on the Secure Element chip, so your Secret Recovery Phrase is not at risk. Similar to the multisig property of some wallets, this is supposed to take away concerns about having a centralized single point of failure. 

These encrypted fragments are stored by 3 different parties on cryptographically-secure Hardware Security Modules, one of them in your Ledger device. Individually, these encrypted fragments are completely useless. When you want to restore your keys, 2 of these 3rd parties will send back their fragments to your Ledger device (and not to Ledger as an organization). The Ledger device will then be able to reconstitute your Secret Recovery Phrase (SRP). 

The company says decryption will only happen on a Ledger’s Secure Element chip, and this feature has never been compromised. One would not be able to ascertain the veracity of this statement even if they wanted to.

If users lose or forget their private key, they will go through an identification confirmation service to recover and restore it. It is expected that Ledger Recover should provide some peace of mind to Ledger’s next 100 million customers as it targets “everyday people” who risk forgetting their private keys and losing all their crypto. 

Dire Concerns

Privacy. 

Ledger says that new and existing customers would need to approve the Recover service on their Ledger wallets. Otherwise, the backup is never created. However, this sounds like what any business would say with their tongue in their cheek. If a backup can exist, then the presence of a backdoor is possible, and if this backup exists for one wallet, it can as well exist for all wallets (whether you opt-in or not). 

Also, if you decide to opt in, you will need to provide some Know-Your-Customer (KYC) details. The company says it only requires this because its third-party services require them. Ordinarily, Ledger does not need your KYC. However, this implies that to use Ledger Recover; one has to trust not just the company but also Coincover and Escrowtech. Since Ledger does not have a good record of choosing trusted partners, users need to be wary. Back in 2020, a ‘simple mistake’ on its outsourced database exposed the personal details of about 270,000 customers, including email and home addresses. Convenience comes at a cost, and it just might be more than a monthly recurring $10 charge on your credit card.

Single Point of Failure and Backup Complexity.

The idea to decentralize the 24-word keyphrase backups across two security service providers – Coincover and Escrowtech – by distributing unique elements of user private keys presents the challenge of ensuring fail-proof systems for both entities. The corruption of one shard due to network, hardware, or systems problems can cause the failure of the entire dataset. Also, database backups of the individual shards must be coordinated with the backups of the other shards. That makes a case for possible backup complexities.

Aside from all of this, sharding is inherently complex. Not exactly sure this is the path Ledger should be walking now.

Navigating this Ledge

A possible fix that Ledger could explore is Leveraging Zero-Knowledge Technology. Zero-knowledge identity registration and verification technology like the recently-launched Polygon ID already exist, and Ledger could use that. This nascent tech design helps untrustworthy KYC users and should help Ledger verify ownership and recover assets. That takes away the pain point of traditional KYC’ing and centralized intermediaries. Let Decentralized Finance stay Decentralized. If seed phrases cannot be recovered in a decentralized manner, then it should not be a dead-on-arrival prospect.

Conclusion

The key issue surrounding the controversy is whether or not users who choose not to opt into the service will have a backdoor opened via a firmware update to their private keys that hackers could potentially leverage. And Ledger did admit during a Twitter space session that those who opt into the service technically open themselves up to a new attack vector because of the KYCs. Safe to say that skeptics are not overreacting.

However, Ledger wallets are inherently upgradeable, so that should quell fears about their accessibility and security and provide clarity on the basics of how wallets work. Without the capability to be upgraded, hardware wallets would lose their functionality, as blockchains themselves upgrade over time, and any device interacting with the blockchain needs to be able to adapt accordingly. It is therefore left to Ledger customers to evaluate how much value proposition the Recover service has and if that compensates for the risks they will be exposed to. Whoever Ledger loses, I believe Trezor will be there to welcome them. Win-win for crypto.