Crypto hardware wallet firm Ledger is pushing back against critics who say their new seed phrase recovery option indicates the company has a potential “backdoor” to obtain user data.
Ledger says their new product, “Ledger Recover,” is an optional subscription for users who want a backup of their secret recovery phrase.
The product encrypts a version of a customer’s private key and splits it into three encrypted fragments that are stored by three different parties “on hardware security modules,” according to the company.
Hardware security modules are tamper-resistance devices that secure cryptographic processes by generating and managing keys used for encrypting and decrypting data.
Recovering your seed phrase will require a comprehensive ID verification process, and then the third-party providers will send the encrypted shards directly to a customer’s Ledger Nano device, Ledger explains.
Mudit Gupta, the chief information security officer at Polygon (MATIC) Labs, argues that anything secured by ID verification is “inherently insecure.”
“The problem here is not splitting the key into three parts. That’s actually good! I may or may not be doing that personally as well.
The problem here is that the encrypted key’s parts are sent to three corporations and they can reconstruct your keys.
Additionally, they use ID verification to confirm your request for key construction. Identity theft is relatively easy and super common. It’s not a secure method at all.”
Changpeng Zhao, Binance’s chief executive, also criticized the product.
“So the seed can leave the device now?
Sounds like a different direction than ‘your keys never leave the device.’”
Pascal Gauthier, Ledger’s CEO and chairman, pushed back against the critiques on Twitter.
“Backdoor would mean that we control all ledger devices and could run automated updates for example… That’s not the case. Will never be the case. Only you can use functions on your ledger. No one else can enter your pin code and press those buttons…”
Don’t Miss a Beat – Subscribe to get crypto email alerts delivered directly to your inbox
Check Price Action
Follow us on Twitter, Facebook and Telegram
Surf The Daily Hodl Mix
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney