Ripple CTO Weighs in on Ledger Controversy: Details

Ripple CTO David Schwartz has shared his take on the controversial Ledger Recover service. Hardware wallet provider Ledger caused a stir in the crypto community after the details of its newly introduced Ledger Recover service surfaced online.

Per the company’s last Twitter update, the new Ledger Recover encrypts a version of the user’s private key and splits it into three fragments (using Shamir Secret Sharing); all of this happens on the Secure Element chip.

Here’s an explanation of what we all understood (until recently) was Ledger’s security model and value proposition.https://t.co/zxNAU0caJA

— David “JoelKatz” Schwartz (@JoelKatz) May 17, 2023

Security concerns have been raised over the new product since many people believe hackers could use the service to “recover” the seed phrases of users.

The worries are not unfounded because Ledger experienced a data leak in 2020 that made approximately 300,000 client phone numbers, physical addresses and more than one million email addresses public.

Schwartz referred to a Nov. 15, 2022, tweet wherein Ledger made it known that private keys never leave the Secure Element chip, which has never been hacked.

Ledger, in the tweet, also mentioned that the Secure Element is thid-party certified, being the same technology used in passports and credit cards and that a firmware update could not extract the private keys from the Secure Element.

The Ripple CTO mentioned that this was what was understood until recently about Ledger’s security model and value proposition.

Ripple CTO and Solana co-founder comment

In another thread of tweets where the Ripple CTO and Solana co-founder Anatoly Yakovenko responded to a user’s concern about the new Ledger product, Schwartz maintained his stance: “I trusted them to design a device not capable of exfiltrating keys because that’s what they explicitly said.”

He had commented under the Solana co-founder’s tweet, “If you trusted them before not to exfiltrate your keys, you can trust them now not to do it when that feature is off. I think the attack surface is about the same.”

On Twitter, a user expressed his reservations about the product, stating that a truly secure hardware wallet should not be able to send users’ private keys. “The device’s flaw is its capability to send the private key,” he stated.

Per details provided by the hardware wallet provider, Ledger Recover is an optional subscription for users who want a backup of their secret recovery phrase that is not automatically enabled by any firmware updates.