The launch of Ledger Recover, a new service that allows Ledger hardware wallet users to back up their secret seed phrases has met with massive resistance from the crypto community. Ledger co-founder and former CEO Éric Larchevêque dismissed the criticism of Ledger as "a total PR failure, but definitely not a technical failure."
Ledger Recover is an over-the-air firmware update that allows users to back up their seed phrases with a third-party entity. If the user chooses to join the new service, the recovery phrase fragment will be encrypted and stored by the third party, allowing the user to recover the phrase in the future.
However, the seed phrase leaving the hardware wallet did not resonate with users, who saw Ledger as a trustless service for storing cryptocurrencies. Addressing growing concerns from users around the world, Larchevêque posted on Reddit clarifying that Ledger was never meant to be a trustless solution: “There has to be a level of trust in Ledger to use their product. If you don’t trust Ledger, that means you’re treating the hardware manufacturer as an adversary, and that doesn’t work at all.” He believes that the Ledger Recover update will not affect the security model of hardware wallets, adding: "During my tenure, my mistake as CEO may have been not being tough enough in explaining the security model, but at some point you give up because people just don't care. Until they care again, like now."
Larchevêque believes that the only thing that has changed is the perception of trustlessness among ordinary users, and the Recover code in the firmware is not malicious: "Ledger is still safe, there is no back door, Ledger Recover is not a conspiracy, no one will force anyone to use Recover."
He added that trusting the Ledger to shard the seed phrase is like trusting the Ledger to sign transactions. Responding to a user suggestion to use two different firmwares to eliminate the "backdoor" problem, Larchevêque said that "it doesn't change anything" and that it makes him personally sad. The firmware update in question didn’t work with the Nano S Ledger’s cheapest hardware wallet product because the chipset didn’t have enough memory to store the new firmware. During the rollout of Ledger’s controversial firmware update, competing hardware wallet provider GridPlus decided to open-source its firmware for its users.
Turning the Ledger controversy into a marketing opportunity, GridPlus announced plans to open-source its device firmware in Q3 2023 to provide greater transparency.
