Hardware wallet provider Ledger has launched a new feature, Ledger Recover, stirring debates within the crypto community due to its approach to seed phrase recovery. The service, part of the company’s latest firmware update, is an ID-based key recovery mechanism that provides a backup for users’ seed phrases – vital components for accessing cryptocurrency wallets. 

Using Ledger Recover, a user’s seed phrase is split into three encrypted fragments, each stored by a different custodian – Ledger, Coincover, and an undisclosed third party. This process, according to Ledger, happens on the Secure Element chip within the user’s device, ensuring the Secret Recovery Phrase (SRP) isn’t compromised. Individually, the fragments are unusable. However, if a user loses their recovery phrase, two of the three shards can be combined, with an ID check, to regain access to the locked funds. 

However, the requirement for users to provide personal identification, such as a passport or national ID card, has raised privacy and security concerns, particularly given Ledger’s history with data breaches. In 2020, Ledger suffered a data leak, exposing the personal information of nearly 300,000 customers. Critics argue that connecting a user’s seed phrase to personal identification documents could expose users to new forms of attack. 

These fears are exacerbated by the idea of third-party custody. Despite Ledger’s assurance that the fragments are stored on secure hardware and are individually useless, critics worry about the security of their data under the custody of these companies. Some users have voiced concerns that this could potentially pose a risk even to those who don’t opt into the service.

In response to these criticisms, Ledger has provided detailed reassurances. Ledger emphasises that the Ledger Recover service is optional and requires explicit approval on the user’s device. The company also argues that ID theft alone would not be sufficient for an attacker to recover a user’s SRP. They further elaborate that there’s a full liveness detection process, where users interact with randomised prompts via their camera, which is both technologically and manually reviewed before the recovery process is initiated.

Despite the controversy, Ledger remains steadfast in its belief that Ledger Recover provides a valuable safety net for its users, maintaining that self-custody remains at the heart of their operations. They argue that the service is an additional tool for users who want a backup of their SRP, and that users can continue to manage their recovery phrase themselves if they prefer.