Ledger, a prominent cryptocurrency wallet provider, has recently unveiled a new feature that has raised concerns among its user base. Known as Ledger Recover, this ID-based subscription service allows users to retrieve their secret recovery phrase, specifically targeting Ledger Nano X hardware wallets. The feature will be rolled out with the firmware release 2.2.1. The introduction of Ledger Recover comes as a response to the significant loss of Bitcoin (BTC) in 2022, estimated to be around $545 million, due to forgotten passwords or errors with recovery phrases, highlighting the urgent need to address this issue.
Despite the intended benefits, many Ledger users have voiced strong objections to the feature due to its requirement of storing the recovery phrase online and linking it to a passport or national ID card. Concerns surrounding the security implications of sharing seed phrases online have been raised, with users referencing Ledger’s previous data breach in 2020. The breach compromised customer data, including names, phone numbers, email addresses, and, in some cases, home addresses. The leaked information eventually made its way to a hacker forum, RaidForums, exposing it to potential abuse.
On Reddit, a post discussing the Ledger Recover feature described it as a “disaster waiting to happen,” capturing the sentiment of many users. The risks associated with sharing seed phrases online, coupled with the possibility of Ledger’s systems being hacked again, have intensified the objections to the feature. Additionally, the requirement to upload an ID document further compounds the security concerns expressed by the community.
While some users argue that subscribing to the feature is optional, others counter that the mere existence of Ledger Recover poses a potential compromise for devices and seeds, regardless of whether an ID is involved or not.
Recognizing the outrage and frustration of its user base, Ledger CEO Pascal Gauthier issued an apology, expressing sympathy for the threatening messages that customers had received in the aftermath of the data breach. Gauthier acknowledged the disappointment and anger caused by the breach and emphasized the importance of user security.
Ledger’s introduction of the Ledger Recover feature has generated significant controversy among its users. The requirement to store recovery phrases online and link them to personal identification documents has raised valid concerns regarding the security of user data. Despite the company’s attempt to address the pressing issue of lost recovery phrases, the objections voiced by the community reflect the need for more secure alternatives. As the cryptocurrency sector continues to evolve, users are reminded of the importance of assuming responsibility for safeguarding their recovery phrases when acting as their own bank.