BCCN3

View Original

Ledger Recover: The End of Closed-Source Wallets?

After the announcement of Recover, Ledger is still experiencing harsh criticisms from the web3 community and customers alike over their new feature which allows the company to extract private keys from users. The feature is seen as a massive infringement on self-custody and the entire purpose of cryptocurrency, while also posing massive risks to users’ assets.

Despite the company’s best efforts, Ledger is struggling to rebuild customer confidence which eroded almost entirely from the fallout; but it’s important to look at the bigger picture: closed-source hardware wallets pose a massive risk to investors because they are not aware of what the company has built into the device. 

What is Ledger Recover?

To recap, Ledger revealed a new feature called Recover earlier in the month of May that was meant to act as a backup for private keys in case users forgot or lost them. This can be a serious issue for users who have a significant amount of assets stored on a blockchain because there is no way to recover a lost private key (hence the concept of total ownership). 

The Ledger Recover program was designed as a way to help prevent users from losing their private keys, but the system they designed compromised the security that users are looking for when purchasing a hardware wallet. 

The Recover feature, which comes with a subscription fee, would take a user’s privet key and break it into three separate shards which the company believed would prevent private keys from being identified. Yet, this still meant that the company would have custody of one’s private keys, just in the form of shards. 

To make matters worse, the company also revealed that, if pressed by a government agency or local law enforcement, they would be able to convert the shards into a completed private key and hand them over.

Fallout from Ledger’s customer base

After Ledger’s announcement, crypto communities across social media platforms such as Twitter and Reddit were quick to notice the new shard feature for private keys and how they completely contradicted the point of cryptocurrency and self-custody. 

It didn’t take long before customers were sharing their outrage and moving funds off of ledger devices to more secure wallets such as MetaMask and Trezor. Popular influencers like Bitboy even went so far as to redact their support for Ledger, encouraging others to do the same. 

Ledger, caught off guard by the harsh reaction, did their best to continue supporting their new Recover feature by holding multiple Twitter spaces to discuss the security of Recover, but users were not convinced. 

Trezor, Ledger’s primary hardware wallet competitor, was quick to chime on the situation as well, reminding crypto users that their hardware wallets have always been open-source with various tweets and memes.

Issues with closed-source hardware wallets

Aside from Ledger’s PR disaster, the real problem here beyond just Recover is the concept of a closed-source hardware wallet which users on Twitter have described as a “trust us bro” technology because users are not able to see the code used to develop Ledger hardware. 

Although closed-source products are commonplace, hardware wallets require a separate approach more akin to open-source development because private key security needs to be heavily scrutinized. 

By preventing customers from looking under the hood of their wallet devices, users are highly unaware of any backdoor features that may exist in a product meant to secure crypto assets from prying eyes which is an extreme risk for investors. 

What Next for Ledger?

Ledger already has a troubled past with their customers after the company was hacked in 2021, causing all of their customer’s private data to be stolen by hackers. In most cases, this type of event would cause a company to address the problem head-on, but Ledger kept the hack hidden from the public for months before explaining what happened. 

At this rate, Ledger is doing a great job of turning away new and existing customers, but the crypto community should be proud of themselves. When FTX crashed there was a lot of criticism circling in the crypto community about the lack of investors using self-custodial wallets. 

The belief was that many crypto investors were more interested in financial gains than understanding the purpose of decentralized currencies, yet here we are seeing the entire crypto community banded together to denounce Ledger’s god-awful Recover feature.