Hardware wallet provider Ledger has announced that it is pushing back the launch of its key-recovery feature after mounting criticism from the larger crypto community.
The hardware wallet provider also stated that it would open the source code before it releases the update.
Key-Recovery Service Delayed
The decision was conveyed to wallet users in a letter by Ledger CEO Pascal Gauthier. In the letter, Gauthier stated that the company would only launch the new feature after releasing its code to the community. Furthermore, Ledger also scheduled a Twitter Spaces session to discuss the issue with the community and reach a consensus on the way forward. The Twitter Spaces session was joined by over 13,000 users, with the CEO calling it a humbling experience and a lesson in communication. Gauthier stated,
“This experience has been very humbling. We miscommunicated on the launch of this product; it was not our intention to take people by surprise. So because of that, we understand the community’s direction and apologize for the miscommunication.”
Codebase To Be Open-Source
Gauthier also stated that as a response to concerns raised by the community, Ledger would be accelerating plans to open-source its codebase, starting with the core components of its operating system and Ledger Recover. Additionally, Ledger Recover will not be released until this is completed.
“We have made the decision to accelerate the open-sourcing roadmap! We will include as much of the Ledger operating system as possible, starting with core components of the OS, and Ledger Recover, which won’t be released until this work is complete. Furthermore, we will open-source the Ledger Recover protocol, enabling the community to have as much choice as possible over your self-custody, in addition to the service being fully optional. This roadmap will be shared and updated by our CTO and engineering team.”
The Chief Technology Officer at Ledger, Charles Guillemet, revealed that over the next few days, the company would make a white paper on the Recover Protocol public, along with technical blog posts. These would explain the principles governing Recover and give a detailed explanation of how the process works. Guillemet stated,
“It’s going to be very easy and clear for every single cryptography and security expert to have a look at the protocol to get more guarantees and understand how it works.”
He also added that developers could build their own backup provider for the seed phrase shards rather than using the ones provided by Ledger.
“This has always been something important for Ledger, but this recent event showed how important it is for the community, and this is why we decided to prioritize this open-sourcing process.”
Gauthier also stressed that offering key recovery services is critical to onboarding new users for whom self-custody may be difficult.
“The majority of users in crypto today either don’t own their private keys and/or are putting their private keys at risk using less secure forms of self-custody and hard-to-use forms of storing and securing their seed phrase.”
Ledger’s PR Nightmare
Ledger announced its Ledger Recover service last week, allowing users to store encrypted backups of their seed phrases with third-party custodians. This would enable Ledger users to restore their private keys even if they lost their seed phrases. The feature was announced as an opt-in feature and would require a KYC (Know Your Customer) verification. However, if Ledger was expecting a supportive reaction, it got quite the opposite.
Almost immediately after the announcement, Ledger came under heavy criticism from the crypto community. The main point of criticism was sharing seed phrases with third parties. Multiple users posted angry reactions on social media, stating that they felt betrayed by Ledger. Ledger had previously stated that the wallet’s private keys would never leave the device. Critics also pointed out the potential threats that could arise from such an arrangement, such as the hack of custodians entrusted with the private keys, data leaks from KYC service providers, and user data being compromised.
Other community members also pointed out that the code for Ledger’s Recover feature is not open-source, meaning there is no way to audit and test the feature’s safety. Unlike its competitors, Ledger does not publish all its code. Instead, its products are tested by a team of select security researchers.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2023/05/ledger-to-delay-key-recovery-service-launch-open-source-code