Content Directory:

· Ledger has launched Ledger Recover

· From planning to implementation, Ledger Recover has always been controversial

Ledger has launched Ledger Recover

BlockBeats reported on September 20th that Ledger plans to launch its private key recovery service by the end of this year. The service aims to help users recover their private keys by splitting their seed phrases into three parts and sharing them with Ledger and two other security companies, CoinCover and EscrowTech.

Ledger's CEO Pascal Gauthier previously stated that the Ledger Recover service is expected to be launched by the end of the year, with some open source features requested by users. In addition, Ledger is also considering how to provide privacy protection tools and identity verification information when needed. On October 26th, the official Ledger tweeted that Ledger Recover has been launched.

Ledger's Chief Technology Officer @P3b7_ discussed the Ledger Recover whitepaper, open-source code for verification, and Ledger's product vision from a technical perspective in a tweet. The content can be found in the tweet.

It is reported that Ledger Recover is an ID-based "subscription-based" key recovery service that provides backup for users' private key recovery phrases. Currently, Ledger Recover is compatible with Ledger Nano X and can be used on Android and iOS devices running the latest version of Ledger Live. Users who can subscribe to this service must hold a passport/ID issued by the EU, UK, Canada, or the United States. In the future, the subscription scope of this service will cover more countries.

And Ledger also explained the specific situation of the service. The function will divide the wallet mnemonic (key) into three parts (encrypted shard technology) and distribute them to three custodians: Ledger, cryptocurrency custodian company Coincover, and code custodian company EscrowTech. If someone loses the key, two of the three shards can be combined - waiting for identity verification - to regain access to the locked funds. The price for subscribing to this service is $9.99 per month.

From planning to implementation, Ledger Recover has always been controversial

Hardware wallets generally store private keys in secure hardware devices, isolated from environments such as network computers, to prevent private key leakage. They are plug-and-play devices. However, Ledger's actions have completely shattered our understanding of traditional hardware wallets.

Ledger believes that while individuals being responsible for storing their own secret recovery phrases can allow users to enjoy the benefits of self-custody and complete control over their assets, it also puts the responsibility of asset protection solely on the user. Ledger Recover is designed specifically for users who want to add an extra layer of security in case their secret recovery phrase is lost or inaccessible.

Of course, it is precisely this "well-intentioned help" that has sparked controversy. When the product was first introduced in May, it received a cold response from users. BlockBeats summarized some of the reasons why users opposed the service:

Related reading: "Ledger's new Ledger Recover, why is it being criticized?"

-As a hardware wallet, the key not leaving the wallet is fundamental, but Ledger's new service is obviously unacceptable to many users who can keep their own keys. After subscribing to the service, you need to entrust your keys and personal identity to other institutions. Once these institutions have problems (hacker attacks, information theft), the entrusted information is likely to be damaged;

-Subscribing to this service requires national passport and ID verification. Anything protected by "identity verification" is essentially insecure, as identities are too easy to fake. In addition, the request for user key reconstruction needs to be confirmed through identity verification. Nowadays, identity verification fraud and theft are too common, so this is not a secure way;

-This service will divide the key into three parts, which is not a problem, but the problem is that the service will send the three parts of the user's encrypted key to three entities, and they can completely reconstruct the user's key. In terms of mathematical probability, the more third-party institutions are entrusted, the exponentially higher the probability of problems;

-Most Ledger users use Ledger Live, which uses Ledger nodes for all wallet synchronization, revealing every detail of the user's encryption activity. Your assets and transaction details are exposed to third parties, and after subscribing to the service, your keys and identity are also entrusted to third parties. Is your cryptocurrency still yours?

-We cannot be sure whether Ledger has built-in security measures to prevent someone from sending all three parts of the key to one entity, nor can we be sure how they distribute them to three entities, so it is even more unclear how the decryption process during the recovery process actually works;

-In theory, I know that you have used Ledger Recover and obtained identity information. With current technology, it is not difficult to pass identity verification, and your encrypted assets can belong to someone else;

-From a macro perspective, regulatory conditions need to be considered. EscrowTech and Ledger are American companies, and Coincover is a British company. These institutions are within the jurisdiction of the United States and the United Kingdom, and regulation of cryptocurrency has always been a problem for these governments. It is easy for the government to come and demand the identity information of all holders, and then arbitrarily seize funds.

The center of controversy for users is whether Ledger Recover will compromise the security of their private keys. The official response from Ledger is that "Ledger Recover service follows the same principles as signing transactions on the blockchain, it is secure and only operates with your consent. It will not access your private keys to enable Ledger Recover."

Despite controversy, Ledger's CEO Pascal Gauthier has launched the Ledger Recover service with some open-source features requested by users. Ledger Recover includes a wide range of identity verification processes, executed in a secure environment built by Coincover on Ledger. Therefore, Ledger proposes additional protection measures, and in case of any issues, Coincover may provide compensation of up to $50,000.

However, the community is still skeptical of this feature. Cryptocurrency researcher @ChrisBlec stated that "if you use Ledger Recovery, you are no longer using true cold storage or true self-custody. Once recovery is enabled, your cryptocurrency can be seized by the government without your consent. Clearly, Ledger does not want you to know this."

Regarding this, Ledger states, "Coincover will never disclose your information to third parties unless legally obligated to do so. Only in the most serious criminal cases (such as suspected terrorism financing) will any orders of this nature be obtained."

Previously, on October 6th, Ledger laid off 12% of its employees. Pascal Gauthier, the CEO of the company, stated in a letter to the employees, "We must continue to make decisions for the long-term development of the company. The macroeconomic headwinds have limited our ability to generate revenue, and in order to respond to the current market conditions and business reality, we must reduce our workforce by 12%."

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群：https://t.me/theblockbeats

Telegram 交流群：https://t.me/BlockBeats_App

Twitter 官方账号：https://twitter.com/BlockBeatsAsia