Ledger dubs service ‘risk-free’ despite losing millions of user emails

Hardware wallet maker Ledger has moved to reassure concerned users following the announcement of a new firmware update that some say will make their funds “less safe than on MetaMask.”

The company claims that its subscription-based ‘Ledger Recover’ service will give users extra peace of mind in the event they lose or forget their all-important seed phrase.

However, critics say that it will expose their details to “the internet” and break the number-one rule of keeping your coins safe – that you should never type your seed phrase into a connected device.

Ledger, however, has moved to dispel these fears. According to the company’s CTO Charles Guillemet, there is no “back door,” neither Ledger nor its “trusted providers” will have access to any complete seed phrases, and the service will be completely “risk-free.”

He even goes as far as to say that there will be no access even for a very “gifted hacker.”

Exciting update, Ledger has a new product, Ledger Recover, that’s launching soon: https://t.co/nT1VHnnSYz

🧵Here’s what Ledger Recover is and what it isn’t, explained by @P3b7_ & in the thread below. pic.twitter.com/RW1w07H6pK

— Ledger (@Ledger) May 16, 2023

Read more: Hackers keep sending fake crypto wallets to Ledger leak victims

How Ledger Recover works:

• A user’s ID is confirmed using official documents and a selfie recording.
• Their Ledger Nano X duplicates their secret recovery phrase and encrypts the copy.
• The backup is then linked to the user’s verified ID.
• Finally, this backup is split into three pieces which are secured independently by Ledger, digital assets security specialist Coincover, and a third provider.

This need to provide ID has also drawn criticism from those who see such a move as being fundamentally at odds with the privacy-first beliefs common in the crypto community.

Ledger users point to its dodgy record with personal data

Many Ledger customers are also – perhaps rightly – uber-cautious when it comes to their personal information, given that less than two years ago, nearly 300,000 users saw their details leaked to a hacker forum.

Names, phone numbers, and physical addresses were uploaded to RaidForums in December 2020. RaidForums operates as a marketplace for stolen databases.

An additional one million email addresses were also posted, exposing a vast chunk of Ledger’s user base to fraud and social engineering attacks.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on Twitter, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.