Hardware wallet provider Ledger recently introduced its latest firmware update, which includes the Ledger Recover service. This service allows users to back up their seed phrases using an ID-based key recovery system. Users must provide a passport or national identity card to verify their identity. While the service offers convenience and peace of mind, there are concerns regarding the security implications of entrusting custodians with encrypted fragments of users’ seed phrases. This blog will explore the potential risks of connecting your crypto seed phrase to your passport and the arguments surrounding this controversial feature.

The Ledger Recover Service: A Brief Overview

The Ledger Recover service is a new addition to the Ledger hardware wallet firmware update. It enables users to back up their seed phrases using an ID-based key recovery system. Users can confirm their identity and store their seed phrase securely by providing a passport or national identity card.

How the Service Works

When opting for the Ledger Recover service, users must pay a $9.99 monthly fee and provide their government-issued identification. The user’s seed phrase is then divided into three encrypted fragments. Each fragment is stored separately with trusted custodians, including Ledger, Coincover, and a third-party provider. These fragments are stored on hardware security modules (HSMs) akin to super-powered Ledgers.

Addressing Security Concerns

While some users express concern about relying on the security of custodian companies, Ledger emphasizes the safety measures in place. According to a Ledger spokesperson, the encrypted fragments are useless and can only be decrypted on a Ledger device. Additionally, the recovery process requires the user’s direct approval on their Ledger, similar to authorizing any other transaction.

The Backlash and Security Risks

Despite Ledger’s assurances, concerns have arisen regarding the security risks of connecting one’s crypto seed phrase to their passport. These risks stem from potential vulnerabilities and past data breaches. The tweet from Decrypt highlights how “Exposing the seed phrase and then allowing anyone with ID or Passport to regain access to the locked funds is a bad security posture,”. Ledger started seeing some backlash from Reddit users too. A user expressed their opinion on the updates by commenting “It seems like they found a hack that allows the seed phrase to be accessed from the device. This is their way of saying it exists and they cant fix it. Then they can profit from the service before the class action lawsuit happens. Ledger is about to get rekt”. It was pretty evident that user’s perception for Ledger was going downhill which resulted in a ton of backlash.

Ledger’s Previous Data Leak

In 2020, Ledger experienced a data leak that exposed the personal information of thousands of customers. Critics argue that this incident raises doubts about entrusting sensitive data to a company that has previously suffered a breach. Some users are skeptical about backing up their seed phrases online and providing their passport or ID to Ledger, citing concerns about potential misuse of personal information.

Exploiting the Ledger Recover Service

If a hacker gains unauthorized access to a user’s Ledger Recover account, they could potentially exploit the service to “recover” the seed phrase. By combining a stolen passport or ID with the exposed seed phrase, the hacker could access the locked funds. This scenario highlights the vulnerability of connecting a seed phrase to a government-issued identification document.

New Attack Vectors: Identity Theft

Allowing anyone with access to a user’s ID or passport to regain control of their funds introduces a new security threat—identity theft. Adrian Hetman, tech lead triager at the Web3 bug bounty platform ImmuneFi, warns that exposing a seed phrase in conjunction with personal identification details could expose crypto users to a heightened risk of attacks.

The Reliance on Third-Party Custodians

One of the main worries surrounding Ledger Recover is the need to rely on the security of the three custodians involved—Ledger, Coincover, and the third provider. Users fear that entrusting their encrypted seed phrase fragments to these companies might introduce new vulnerabilities. While Ledger claims that the fragments are securely stored on hardware security modules (HSMs), some individuals remain skeptical about the overall safety of the process.

Ledger’s Security Measures and Rebuttal

In response to the concerns raised, Ledger argues that the ID verification process is just one component of the Ledger Recover service’s security measures. The company claims to employ full liveness detection, incorporating randomized prompts during the verification process. These prompts are designed to prevent pre-recorded or faked attempts at recovery. 

Conclusion

The introduction of Ledger Recover, the ID-based key recovery service offered by Ledger, has generated both interest and concerns within the cryptocurrency community. While the service aims to provide a secure backup solution for users’ seed phrases, there are legitimate worries surrounding the reliance on third-party custodians, potential security risks for non-opt-in users, the previous data breach incident, the potential misuse of the recovery service, and the overall security posture and exposure to new forms of attack.

These concerns highlight the importance of robust security measures in the storage and recovery of cryptocurrency assets. Users must carefully evaluate the risks and benefits of utilizing such services and consider alternative approaches like social recovery, which distribute the responsibility among trusted individuals rather than relying solely on personal identification.

Ledger, as a company, will need to address the concerns raised by the community to regain and maintain trust. Transparent communication, strong security protocols, and ongoing efforts to enhance user privacy and data protection will be crucial in addressing these concerns.