Ledger's newly launched Ledger Recover, why was it scolded?

Multi-party escrow key, is it really safe?

Written by: Leo

On May 16, hardware wallet maker Ledger released an update to its version that introduces a service called "Ledger Recover." It is reported that Ledger Recover is an ID-based "subscription" key recovery service that can provide backups for users' private key recovery mnemonic words. Currently Ledger Recover is compatible with Ledger Nano X and is available on Android and iOS running the latest Ledger Live version. Users who can subscribe to the service now need to hold a passport/ID issued by the European Union, the United Kingdom, Canada or the United States. In the near future, this user's subscription scope will cover more countries.

And Ledger also explained the specifics of the service, which divides the wallet mnemonic (key) into three parts (encrypted sharding technology) and distributes it to three custodians: Ledger, cryptocurrency custody company Coincover and Code hosting company EscrowTech. If someone loses their keys, two of the three shards can combine — pending identity checks — to regain access to locked funds. The price to subscribe to the service is $9.99 per month.

First of all, let me popularize hardware wallets. Generally, the private key is stored in a secure hardware device, which is isolated from the environment such as network computers. Awareness of the wallet.

User Objections

After the information about the service was released, it triggered a large number of users' opposition and boycotts. BlockBeats summarized some of the views of users against the service:

• As a hardware wallet, it is fundamental that the key does not leave the wallet, and Ledger’s new service is obviously unacceptable to many users who can keep the key by themselves, and after subscribing to the service, you need to entrust your key and personal identity to other users Institutions, once there is a problem with these institutions (hacking, information theft), there is a high probability that the information under custody will not be intact;
• Subscribing to this service requires national passport and ID verification. Anything protected by "identity verification" is inherently insecure. Identity is too easy to falsify, and identity verification is required to confirm the user's key reconstruction request. Nowadays, identity verification fraud and theft are too rare and common, so this is not a safe way;
• The service will split the key into three parts, which is fine, but the problem is that the service sends the three parts of the user's encryption key to three entities, who can completely reconstruct the user's key. In terms of mathematical probability, the more third-party organizations are hosted, the probability of problems will increase exponentially;
• Most Ledger users use Ledger Live, which uses Ledger nodes for all wallet synchronization, revealing every detail of user encryption activities, your assets and transaction details are exposed to third parties, plus your keys and keys after subscribing to the service The identity is also hosted by a third party, so is your cryptocurrency still your own?
• We can't be sure if Ledger has built-in safeguards to prevent someone from sending all three parts of the key to one entity, nor how they distribute it to all three entities, so even less clear is the decryption process during recovery how it was actually done;
• In theory, I know that you have used Ledger Recover and obtained identity information. It is not difficult to pass identity verification with current technical means, and your encrypted assets can also belong to others;
• From a macro point of view, regulatory conditions need to be considered. EscrowTech and Ledger are American companies, and Coincover is a British company. These institutions are under the jurisdiction of the United Kingdom and the United States. However, the supervision of encryption in the United States and Britain has always been a problem. It is easy for the government to come to ask for all holders identities, and then seize funds at will.

Deeper thinking after Ledger Recover

Interestingly, one piece of content was deleted after Ledger had just posted about the service. The content means that "Ledger and our trusted third parties do not have access to user keys." Although Ledger later explained that the wording of the article was inaccurate, this explanation is somewhat far-fetched.

Image source Twitter

Combined with user feedback, a thought-provoking question emerges. Is the service behind the pursuit of profit after user subscriptions, or some regulators force Ledger to do so? If it is a function launched under the request of regulators, then they can easily It is very scary to easily obtain user KYC and data and recover user assets.

Another point is that the use and recovery of the three parts of the key must be verified on the Ledger official website (Email, identity information, Onfido KYC). This company called Onfido handles the KYC process and requires users to upload/verify their identities. User IDs, picture/video/sound from selfie videos, and overall picture of the device and current activity are also preserved. Onfido has full knowledge of user identity and the fact that you are a Ledger user, so when you hold a considerable amount of cryptocurrency, they also have full knowledge of the device you use for authentication. As mentioned above, sound/picture/video these are not Cannot be imitated.

Is it really safe?

Other hardware wallets on the market

Therefore, Ledger’s service has completely broken the traditional hardware wallet mechanism, and there have been many loopholes indirectly. In fact, the problem of hardware wallets is not prominent. Previously, the hardware wallet giant Trezor had a few minutes to crack the key through physical methods. So what other hardware wallets are available on the market? BlockBeats sorted out some hardware wallets with good reviews today as follows:

OneKey

OneKey is a completely open-source hardware wallet. The source code of its internal system can be found on GitHub, and there is no backdoor problem. And the experience of using the OneKey hardware wallet is very good, the shape is the same size as a bank card, the price is not particularly expensive, and it can be easily put in the wallet.

Keystone

Keystone is a hardware wallet based on QR code for data transmission, which can realize mnemonic words and private keys never touch the Internet. For hardware wallets, it is easy to be attacked, but Keystone has designed a multi-layer self-destruct mechanism. To prevent the device from being attacked, that is to say, when the device detects that someone is disassembling it, the self-destruct mechanism will immediately clear your private key information and other sensitive information, so the attacker cannot obtain the user's sensitive information. Keystone and MetaMask (extended and mobile versions) and other top software wallets like Solflare, Sender, Fewcha, etc.

Conclusion

Of course, there are also some positive views. The service is not mandatory to update, and users have optional options, so you can continue to use your Ledger. There are also views that theft of encrypted assets is too common, and the probability of losing keys is far away. More than the probability of key theft, and only $ 9.99 per month, why not do it. It is up to you to choose to continue using or switch to other hardware wallets.