Decentralized Security in Focus: Evaluating Ledger’s Misstep

Dan Thompson
October 25, 2023
5 min read

A few months back, we witnessed a new firestorm of bad press in the blockchain world. This one surrounded Ledger, a Paris-based provider of cryptocurrency hardware wallets. The controversy revolved around their new data recovery feature.

This piece dissects the controversy around Ledger’s new service, its implications for user privacy, and the lessons the community can learn. We also compare Ledger’s approach to Serenity Shield’s StrongBox solution, underlining the significance of decentralized security in the digital asset management landscape.

Ledger’s Announcement: A Shock to the System

The recent Ledger announcement sent ripples through the cryptocurrency community, underscoring the delicate balance between convenience and security. Ledger, a respected hardware wallet provider, unveiled its “Ledger Recover” feature, enabling users to back up their seed phrase online via a divided private key system.

Typically, new feature announcements generate a fair amount of positive press. However, this time, the response was different. The seemingly innovative solution quickly attracted criticism due to privacy concerns.

The feature allows users to recover their lost or stolen cryptocurrency by dividing their private key into three fragments, each secured by a different company. However, to use this new service, customers must provide a government-issued ID to the company. This requirement, seen as a violation of core blockchain principles around privacy, has been interpreted as a betrayal of privacy and security principles in the blockchain community.

The Backlash: A PR Nightmare

Social media platforms, particularly Twitter and Youtube, played a significant role in amplifying the Ledger PR debacle. Many users took to these platforms to express dissatisfaction with Ledger’s new service, further stoking the controversy. The fiasco has undoubtedly tarnished Ledger’s reputation in the blockchain community. The company, once known for its commitment to security and privacy, has come under significant scrutiny and is now under considerable pressure.

The community, however, did not receive their response well. Ledger continues to face criticism from blockchain community members, with the most vocal criticisms coming from security specialists. They argue that outsourcing the storage and protection of private keys to external entities presents users with an unacceptable fundamental risk.

Before the PR fiasco, Ledger managed to cultivate an impressive reputation for reliability and widespread adoption — and for good reason. Their hardware wallets provide multi-currency functionality, allowing users to store private keys for blockchain assets offline. These wallets combine a Secure Element and a proprietary operating system to protect a user’s cryptocurrency assets from malicious actors and misfortune.

On the back of their success, Ledger has become one of the most well-known and recognized brands in the blockchain space. Their hardware wallets became a popular choice amongst blockchain enthusiasts. Its products stand out for using a Secure Element component to provide an extra layer of security. In the world of blockchain, security and reliability supersede all other concerns.

The Ledger Situation: A Closer Look

Let us take a moment to consider how it works, the criticisms, and Ledger’s responses. We first need to understand more granular details to get a better handle on the issue.

Ledger’s approach to seed phrase recovery involves creating an encrypted backup of the secret recovery phrase. That phrase gets split into three fragments using Shamir Secret Sharing. These encrypted fragments are then stored by three companies: Coincover, Ledger itself, and an independent backup service provider.

To recover the wallet, users must provide their government-issued ID to Ledger, which will verify their identity and send the encrypted fragments to them. Users can then combine the fragments and reconstruct their original seed phrase with the Ledger Recover application.

As we mentioned above, the service is optional. Ledger designed this service to help users who want to securely restore their private keys regardless of location. Here’s how it works.

1. If you subscribe, Ledger Recover encrypts a version of your private key and splits it into three fragments using Shamir Secret Sharing.

2. These encrypted fragments are stored by three different companies: Coincover, Ledger, and an independent backup service provider.

3. To recover your wallet, you must provide your government-issued ID to Ledger, which will verify your identity and send the encrypted fragments to you.

4. You can then combine the fragments and reconstruct your original seed phrase using the Ledger Recover app.

Ledger’s Critics

Critics of Ledger’s new wallet recovery service have raised several concerns, including the following:

1. The service undermines the very concept of a hardware wallet, which is intended to keep private keys secure from prying eyes and malicious activity.

2. The recovery setup does not appear safe. Additionally, the firmware update may provide another potential attack vector.

3. The service requires online storage of the secret recovery phrase and association with a passport or national ID card. This requirement compromises holders’ privacy. Many users argue that this creates more risk than it solves.

4. Outsourcing the storage and protection of private keys to external entities adds additional points of failure and potential compromise.

5. The service may prove incompatible with the autonomy of cold storage, further compromising security.

Ledger’s Response

Predictably, of course, Ledger defended its new service. According to them, they intended its new service primarily for newcomers to the world of self-custody. They intended to cater to individuals who may not have a safe place to store their Secret Recovery Phrase.

To be fair, newcomers often find managing their recovery phrase independently challenging. Additionally, Ledger emphasized that Ledger Recover will remain an optional subscription. The subscription will remain optional, not mandatory. Users who prefer to manage their recovery phrases themselves can still do so.

Good Intentions, Bad Outcomes

At Serenity Shield, we applaud Ledger’s attempt to appeal to newcomers. Lowering the impediments to less savvy potential blockchain enthusiasts will lead to broader adoption. In that regard, we are willing to give Ledger’s development team the benefit of the doubt. Until we see a reason to believe otherwise, we take them at their word that their intentions were pure.

However, the old adage rings true: The road to hell is paved with good intentions.

Serenity Shield believes fervently that the primary cornerstone of blockchain technology is decentralization. With decentralization, true security and data sovereignty become possible.

Our Approach

We do not require users to reveal themselves. We do not share or retain access to your data — or even an encrypted piece — with anyone else. You remain in complete control of your data. You alone decide how your data gets used and with whom you share it.

This approach informed our entire development approach. We built our StrongBox as a cryptographic data storage and succession solution that allows users to store their private keys in a decentralized manner. StrongBox employs a combination of multi-party computation (MPC) and threshold cryptography to ensure that no single entity has access to the user’s private keys. Only the user or their designee can ever access that information.

How We Compare

While both approaches aim to provide secure seed phrase recovery solutions, Serenity Shield’s StrongBox takes a more decentralized approach. It ensures that no single entity can access the user’s private keys. In contrast, Ledger’s process involves storing encrypted fragments of the seed phrase with multiple private companies. This approach should raise immediate concerns about outsourcing the storage and protection of private keys to external entities.

In addition, the Serenity Shield team pledges never to compromise on your security. Ever!

Ledger’s recent misstep with its Ledger Recover service serves as a poignant reminder of the critical importance for companies to deeply understand the values and expectations of their communities.

Our Takeaway

While we commend their intention to assist newcomers, the disregard for privacy, security, and user autonomy has significantly eroded trust. As the blockchain industry continues to mature, companies must align their actions with their users’ core principles and desires.

On the optimistic side, however, Ledger’s well-intentioned yet misguided Ledger Recover service has underscored the need for solutions that prioritize security, privacy, and user autonomy.

Our StrongBox, with its decentralized approach and emphasis on preserving user control, presents a compelling alternative. By carefully evaluating the strengths and weaknesses of each solution, users can make informed decisions to safeguard their data effectively.

Join Us

For more information, please join us on our Telegram channel. There, you will be the first to know about official project announcements and developments. Additionally, you can also find us on Twitter, Discord, and our website. Please visit our whitepaper and previous articles here for a more in-depth discussion of our project. We are always available on all of our platforms to assist with your questions.