Despite facing significant criticism since its announcement back in May, Ledger has now introduced its controversial recovery feature, Ledger Recover. This new feature, priced at $9.99 a month, enables users to back up their Secret Recovery Phrase (SRP). Ledger stressed that Ledger Recover is an optional paid service designed to protect users’ secret recovery phrase.
To provide context, Ledger is among the most prominent and longstanding cryptocurrency hardware wallet manufacturers. Since its inception in 2014, the company has sold over six million hardware wallets. With investments exceeding $400 million, Ledger’s current valuation stands at over $1.4 billion.
The company launched Ledger Recover in response to the frequent issue of users losing access to their cryptocurrency, either through forgotten seed phrases or damaged hardware wallets. The service encrypts the pre-BIP39 version of a user's private key and splits it into three fragments. Each of these fragments is safeguarded by a separate company: Coincover, Ledger, and EscrowTech.
But here lies the main issue. People buy hardware wallets because they offer control over the seed phrase, making sure no one can get it from the device. One of the foundational principles of crypto storage is to always keep your seed phrase private and never share it with anyone. By sharing users’ seed phrases with third parties, Ledger is going against this fundamental principle, and understandably users are not happy.
Perhaps the most concerning part of this story is that, before the announcement of this new feature there was a perception that it was impossible to extract a private key from a hardware wallet. However, the launch of Ledger Recover shows that it can be done, raising numerous security concerns regarding hardware wallets in general.
Addressing these concerns, Ledger's CTO stated that, essentially, if a hardware wallet provider wants to implement a backdoor, there are numerous ways to do so: in the random number generation, in the cryptographic library, or in the hardware itself. So theoretically, if your worry is that the wallet provider is the attacker, there is no 100% security.
Added to this, there are concerns that, using Ledger Recover, governments could subpoena and access your funds. This implies that private keys might not stay completely private.
Currently, Ledger Recover supports the new Ledger Nano X. Integration with Ledger Stax and Ledger Nano S Plus is planned for the upcoming period. Ledger Recover is not compatible with the older Ledger Nano S, which could potentially boost demand for this wallet.