Despite significant criticism from the crypto community, famous hardware wallet company Ledger is launching its cloud-based private key recovery tool called Ledger Recover. Ledger Recover’s required identity checks differ from know-your-customer (KYC) checks as they need less information.
According to the firm’s official announcement on X (formerly Twitter) in October 2023, it was revealed that Ledger Recover is an ID-based private key recovery service for the Ledger hardware wallet. The report mentioned that the release is expected to come with Ledger finalising the open-source code for the Ledger Recover on GitHub.
Overview
According to the report, Coincover is a renowned blockchain platform that designed the recovery tool. Ledger Recover will allow users to back up their Secret Recovery Phrase (SRP), a 24-word passcode that controls access to crypto assets through an ID-based recovery system. Ledger Recover will be available to identity card and passport holders in the United States (US), the United Kingdom (UK), Canada and the European Union (EU). Ledger said’ “We will be covering more countries and adding support for more documents.”
A subscription to the new recovery solution is not free. The service is priced at $9.99 per month and plans to give users an extra layer of protection if their SRP is ever lost. If a user defaults to paying the subscription, the subscription will be suspended, allowing the user to reactivate the subscription in the next nine months. Ledger Recover noted, “You will need to pay an administration fee of 50 EUR along with any outstanding balance.” According to a news media outlet, a spokesperson for Ledger revealed that a Ledger wallet encrypts a “string of random 1s and 0s from which an SRP is computed. The encrypted string of numbers is then fragmented into three pieces to back up an SRP.”
According to Ledger, encrypted SRP fragments are distributed using end-to-end encrypted and authenticated channels of three independent companies, including Ledger, Coincover and EscrowTech. According to the firm:
“Each fragment on its own is a useless set of random numbers, and no single company has access to the entire backup. This ensures the highest level of security and removes a single point of failure.”
Background
Experts at Bitai Method official mentioned that Ledger’s Chief Technology Officer (CTO), Charles Guillemet, revealed that Ledger Recover was designed for users who “want to add an enhanced layer of resilience” in case their SRP is ever destroyed or lost. Ledger’s Chief Officer also highlighted that Ledger Recover is an optional recovery service. Guillemet said, “If you don’t wish to use the service, no worries — it’ll always be 100% optional. You can continue using your Ledger as you did previously — nothing will change.”
Ledger Recover is compatible with the Ledger Nano X hardware wallet.
The wallet manufacturer intends to integrate the recovery solution later with the upcoming Ledger Nano S Plus and Ledger Stax. Ledger revealed that its recovery system only requires a “valid, government-issued document.” Ledger said’ “Identity verification inherently collects much less information compared to KYC […] KYC involves ID verification, but it can also include revenue information, record of criminal activity, citizenship check, etc.” The launch comes after Ledger paused Ledger Recover earlier this year due to significant backlash over security concerns, which arose around a cloud-based recovery system. Some critics argued that this increased vulnerability. The wallet manufacturer highlighted that Ledger Recover is optional and does not change how existing wallets work.
Ledger Recover Timeline
In May 2023, Ledger paused the recovery service in response to community backlash. In May 2023, Ledger CEO Pascal Gauthier revealed that the firm will launch the product once its open-source code is released. Gauthier said, “Right now, the overwhelming majority of crypto users hold their funds on exchanges of software wallets, which are not secure.” The CEO added, “Many people find managing their 24 words daunting or too complex. Ledger Recover — which again is completely optional — is designed for those people to make secure self-custody easier, while not compromising on security.”
Gauthier also emphasised that the goal behind Ledger Recover is to onboard the next 100 million users to the crypto sector. With the belief that “access to secure self-custody should be much easier.” While this may be the case, the reception within global communities was far from positive. According to the head of security products at Fireblocks, Shahar Madar emphasised that Ledger Recover goes against the core ideas of Ledger’s customers.
Madar said, “If it indeed allows a user to recover the full private key into a brand new device with just a form of identification, then technically, if the providers wanted to collude and initiate the process without the proper identification and authorisation, they could.”
Renowned Youtuber @ColinTCrypto mentioned that he had been using Ledger hardware for seven years but has now decided to consider alternatives due to the unveiling of Ledger Recover. Trezor, which is Ledger’s largest competitor, has held back on introducing a cloud-based private key recovery solution and opted for a physical backup solution. On October 12 2023, Trezor launched a new hardware wallet and metal private key backup, Trezor Keep Metal.
With the Ledger Recovery tool now live, a reignited criticism of the Ledger hardware wallet approach and its impact on the global crypto landscape could kick off.