Would You like a feature Interview?
All Interviews are 100% FREE of Charge
It’s counterintuitive for CEOs to defend their competitors. Especially when that competitor has rolled out features similar to the ones we developed years ago. But given the debacle surrounding Ledger’s new “Ledger Recover” feature, it’s time to offer a balanced perspective.
The company has come under fire for releasing an update to its wallet’s firmware that allows it to send a version of the wallet’s seed phrase to a third party. But the anger feels disproportionate. The perception that Ledger is inadvertently “sending seed phrases to the server” is fundamentally wrong. Just to clarify, the new system is opt-in only. No forced participation or hidden backdoors. The seed is locally he split into 3 encrypted shards using Shamir Secret Sharing, a reputable cryptographic process, and sent encrypted. This is a technique that has been well known in the industry for many years.
One of the companies hosting shards is EscrowTech, a company that entered the cryptocurrency sector four years ago. I am confident that Ledger will successfully implement a system that lives up to its claims, despite its adversarial relationship. They’ve shown their dedication and seriousness in the past, and there’s no reason to expect them to be otherwise.
how this is real @ledger ?This is unreal, I’m literally sick
Do you know how much money your device holds?
Have you lied all along that you can’t access seeds on your device? pic.twitter.com/34txno7koR
— Clouted (@CloutedMind) May 16, 2023
When faced with backlash, it’s important to remember, “If you don’t like it, don’t use it.” period.
We have always strived to provide upgrades to such systems, but for those who choose to stick with the seed phrase, Ledger Recover is definitely a step forward. I, of course, give credit to Ledger. To truly onboard billions of assets and move assets into a self-custody world, Ledger Recover is a potential solution. Secrets stored securely and encrypted in the cloud belong to the future, not scraps of paper and griddles stored under mattresses or, worse, in bank vaults (ironically… ).
Related: Elizabeth Warren Asks Senate to Ban Crypto Wallets
That being said, Ledger made some mistakes. Their proposed solution identifies the underlying problem that Ledger Recover cannot fix: the seed phrase. I hate them and consider them outdated and unsuitable for personal safety. Over the past decade, an estimated $100 billion in Bitcoin (BTC) (alone) was lost or stolen due to seed phrase mismanagement. And things aren’t getting any better. Every day there are new articles about misplaced or lost keys on forums like Reddit and Twitter.
Seed phrases represent a single point of failure, costing users a lot and making them prone to disasters such as human error, phishing attacks, and account takeovers. Multi-Party Computation (MPC) wallets and other proven cryptographic technologies offer a very good trade-off when seed-based approaches seem outdated in today’s rapidly advancing digital environment. .
Ledger’s current users, mostly hardcore crypto enthusiasts, feel betrayed, but the existing seed model doesn’t work for everyone. Ledger also confirmed this on its website.
Besides ignoring basic seed phrase vulnerabilities, Ledger Recover itself has its own problems. One-way firmware updates, closed source sharding, Know Your Customer (KYC) gating, Pay-to-Recover schemes, and more. Best of all, it says “this is opt-in only” and there is no way to verify the source code. A closed code, reliance on external administrators, his seven-day deadline in case payments stop, and more will undoubtedly (and already do) raise more questions.
The introduction of Ledger Recover can also introduce new attack vectors inside and outside the system. From local malware to government coercion to social engineering (already deployed at scale in the last e-commerce breach) to bogus his KYC recovery, these have to be addressed. Finally, Mr. Ledger’s communication and timing could have been clearer and managed to avert the current uproar.
Related: Crypto miners lead the next phase of AI
However, this does not change the fact that they are trying to innovate and improve security for their users, even if they do it differently than we do.
For Ledger, we are happy to provide end-to-end comprehensive demo videos, documented whitepapers with possible third-party audit reports, and a thorough explanation of how Ledger Recover works. Recommended. FAQs don’t answer their questions and leave customers with guesses and misunderstandings about your service. The community blindly thought you could be trusted, but after this episode you need this money back.
This is not a clear case of right or wrong. Ledger is moving in the right direction and has built an impressive track record in an incredibly challenging environment. We know it first hand. But they also have room to learn and improve.
Imposing a new security pass, even if it’s an option, is like asking you to believe in a second religion that you didn’t choose the first time around. While this is certainly a contentious issue, it is important for the cryptocurrency community to focus on facts rather than interpretations. Ultimately, our words here (or on social media) won’t matter and people will vote with their dollars (i.e. virtual currency). As competitors, we may not agree on every detail, but we can all agree on the need for innovation, security and transparency.
Uriel Ohayon He is the co-founder and CEO of ZenGo, a consumer MPC wallet founded in 2018. He is a former executive at his ICQ/AOL. Founder of TechCrunch France (sold to AOL). And founder of rof Isai.fr, a leading French VC. He was the General Manager of Gemini’s Internet Labs and Lightspeed Ventures.
This article is for general informational purposes and is not intended, nor should it be taken as legal or investment advice. The views, thoughts and opinions expressed herein are those of the author alone and do not necessarily reflect or represent the views or opinions of Cointelegraph.