Skip to main content

DON'T enable this feature on Ledger Nano X

 

‘There Is No Backdoor,’ Ledger Says in Response to Recover Reactions


Ledger’s newest Nano X update allows users to subscribe to a recovery tool that encrypts the users’ seed phrase and sends it to different custodians to reconstruct the seed after going through ID verification.

However, Ledger customers are less than pleased by the news.

Mudit Gupta, Polygon Labs’ chief information security officer, warned users not to enable the feature, calling it a “horrendous idea.”

Though Gupta did not take issue with the breakup of the key — he praised it, stating that “I may or may not be doing that personally as well.”

Gupta’s concern stems from the ID verification and the key access given to the contacts who are chosen by a user to store key parts, as it could open a door for identity theft.

Ledger just released a new update for Nano X that allows social recovery of your seed phrase.

It encrypts your seed in 3 shards and sends it to different entities that can then reconstruct the seed for you post ID verification.


It's a horrendous idea, DON'T enable this feature. 

— Mudit Gupta (@Mudit__Gupta) May 16, 2023

Gupta wasn’t the only person concerned about the update.

So the seed can leave the device now?

Sounds like a different direction than "your keys never leave the device". 🤷‍♂️

— CZ 🔶 Binance (@cz_binance) May 16, 2023

Stop using Ledger hardware wallets. Migrate away from them immediately. They’ve shown nothing but gross incompetence and wild misunderstanding of their own purpose. And now they’ve publicly admitted to intentionally backdooring their own proprietary hardware. Stop using Ledger pic.twitter.com/LLFFUsOW4y

— foobar (@0xfoobar) May 16, 2023

In a video on Twitter, Ledger Chief Technology Officer Charles Guillemet said that “there is no backdoor for anyone, neither us, a provider or even a very gifted hacker to access it.”

“Back door would mean that we control all ledger devices and could run automated updates for example…That’s not the case. Will never be the case. Only you can use functions on your Ledger. No one else can enter your pin code and press those buttons,” CEO Paul Gauthier also said.

The Recover feature is an opt-in feature.

“Ledger Recover is an optional subscription for users who want a backup of their Secret Recovery Phrase. You don’t have to use it, and can continue managing your recovery phrase yourself if that’s why you bought a Ledger,” Ledger tweeted.

Ledger Recover is an optional subscription for users who want a backup of their Secret Recovery Phrase. You don’t have to use it, and can continue managing your recovery phrase yourself if that’s why you bought a Ledger.

— Ledger (@Ledger) May 16, 2023

“The device sends encrypted shards of your seed to different companies if you decide to use the service. You can of course still choose to [back it up] yourself,” Ledger’s co-founder said on Reddit.

Ledger claims that “self-custody remains and will always be at the core principle of Ledger.”

Self-custody remains and will always be the core principle of Ledger. The ethos of self-custody is that it’s your choice – you can choose to manage all your assets yourself, or you can have a backup with Ledger Recover.

It’s up to you – and that won’t change.

— Ledger (@Ledger) May 16, 2023

Wired, in February, clarified that the three recovery custodians would be Ledger, Coincover – a crypto custody firm – and EscrowTech – a code escrow company.

The concern around Ledger’s update comes a few years after the company was targeted by a cyberattack in the summer of 2020 which led to personal information of 270,000 customers being leaked.

In response to the announcement, some Twitter users suggested that Ledger make Ledger Recover a totally separate product.

Ledger did not immediately respond to a request for comment.

Comments

Contact us

Name

Email *

Message *

Popular posts from this blog

Cryptocurrencies Adding to the Safety and Security in the UK Gambling Industry

These are exciting times for the UK gambling industry. The impact of internet technology is now being felt with online gambling now controlling the industry.  The adoption of cutting-edge technology is reasonable for the boom in the industry. From live casinos, mobile apps to artificial intelligence, incredible trends continue shaping the gambling industry. However, it is the rise of cryptocurrency casinos that seeks to redefine UK gambling.  Many operators now include crypto coins such as bitcoin, Ethereum and Litecoin as part of their banking methods. Others offer exclusive bitcoin payments and promotions based on digital tokens. This revolutionary trend has a huge impact due to enhanced safety and security on these platforms. Players looking for peace of mind when playing online now opt to use cryptocurrencies. This post looks at how cryptos guarantee the safety and security of players at online casinos. How Cryptocurrency Gambling Works There’s a lot of talk ab...

Coinbase to Require Recipient Information for Crypto Transfers From Users in Canada, Singapore and Japan

  Customers in those countries who send crypto outside their Coinbase accounts must provide recipients’ names, addresses and in some cases, additional information, as of early April. Cryptocurrency exchange Coinbase Global (COIN) will soon require its customers in Canada, Japan and Singapore who send cryptocurrency to another financial institution or exchange to provide the name, address and in the case of Japan, the destination wallet of the recipient. Coinbase has been sending notices to its customers in those countries that the changes will take effect in early April in order to comply with local travel rules in those places. Coinbase didn't immediately respond to requests for additional comment on the moves, but confirmed that they were taking place. The move  does not seem to be going over well  with Coinbase customers in those countries, who value the anonymity of transactions using cryptocurrency. According to a  FAQ provided by Coinbase , for Canadian users, ...

Farm GRASS earn MONEY

  Use your Unused Internet Bandwidth to make $$$ In today’s interconnected world, the concept of passive income has taken on new dimensions, offering innovative ways for individuals to monetize underutilized assets.  One such groundbreaking avenue involves earning money by selling your unused internet connection.  By participating in decentralized networks like Grass, individuals have the opportunity to turn their dormant bandwidth into a valuable asset, contributing to a fairer and more equitable digital landscape while generating income. Grass is a decentralized network sharing application designed to offer an alternative to existing centralized networks.  It allows users to sell their unused bandwidth directly, without the need for exploitative middlemen.  The platform operates by enabling users to download a web extension that runs in the background, assisting others in accessing public web data in exchange for payment using the protocol’s native token. How ...