Overall, the release of the new feature “was a real PR disaster for the company,” according to Ledger co-founder and former CEO Eric Larchevec. He published a post explaining what happened in the r/CryptoCurrency and r/ledgerwallet sections on Reddit.

As Erik noted, this view of the situation should only be taken as his personal view, which is not the official position of the producing company. After all, he is now only a shareholder of the company. And this makes things even more interesting.

Is there a backdoor in Ledger’s wallets?

To recap, the scandal began with the announcement of a feature called Ledger Recover and the release of a corresponding software update for the Ledger Nano X. The update gives the user the ability to flush out their passport details to then use them to regain access to the funds in the event of the loss of a sido phrase or so-called recovery phrase. The sid-phrase itself is a secret combination consisting of 12, 18 or 24 words in a unique order, which opens the access to the contents of the address, i.e. the coins on it.


As a reminder, Ledger Recover involves splitting the user's cid-phrase into three parts by consent. This data is then encrypted and sent via secure communication channels to three companies, including Ledger itself and the popular Coincover. The latter store the information in special secure hardware security modules (HSMs). If a user loses access to a Sid phrase - for example, loses a piece of paper with the combination of words on it or defaces it - they can have the Sid restored with the help of intermediaries, confirming their own identity.

It is important to note that two out of three sid fragments are required to recover the recovery phrase and access the crypto. This means that if one company's security modules get hacked in theory, it won't result in the loss of the users' money. In addition, Ledger Recover requires permission granted directly from the user's hardware wallet. Well, the sido can be restored to the old device as well as to a new device.


The release of Ledger Recover has drawn a lot of backlash in the community for requiring users to rely on the wallet manufacturer and third parties to store their personal information in the entire process. Well, that doesn’t quite fit with the ideas of decentralization that Ledger is pushing.

According to Cointelegraph’s sources, Ledger’s reputation has also played against the company, as it has already had an incident of customer data leakage in the past. To be fair, however, the culprit in that situation was Shopify.


However, the main dissatisfaction for hardware wallet users stems from early statements made by Ledger employees. Prior to that, they repeatedly claimed that the sido phrase for accessing the contents of the user's address could not leave the special chip inside the hardware wallets.

Now it appears that hardware wallets are able to do so. And although Ledger Recover is an optional feature - meaning it won't be used without the user's consent - users of the devices have stressed anyway. Some have felt cheated by Ledger staff's previous replicas, while others have begun to worry about the safety of their own crypto-assets.


Larchevec has reached out directly to cryptocurrency enthusiasts via Reddit. According to him, Ledger Recover’s problem is a PR disaster, not a technical failure. Here’s the entrepreneur’s relevant rejoinder.

First, I need to apologise as a co-founder of the company for the way this release was handled. I can’t help but wish it had been done differently. I don’t have all the details, but surely something went wrong and the Ledger Recover service was presented to you in the worst possible way. Obviously this is a sensitive subject, it should have been better approached through communication with customers. In my opinion, everything going on is a complete PR disaster, but absolutely not a technical flaw.


Indeed, the ability of hardware wallets to share parts of users' sido phrases in encrypted form was made known by the release of the corresponding firmware for the Ledger Nano X. This happened before the official launch of Ledger Recover, so what was going on was reminiscent of a mistake by the developers. Obviously, the innovation should have been announced and its details explained first, and then the corresponding update should have been released.


As Eric points out, Ledger Recover has no problem storing customer information, and from a cybersecurity point of view, it’s implemented at its best. Alas, hardware wallet users haven’t fully understood the point of the update and how Ledger does business.

At first, people just trusted us. The more the company grew, raised money and got customers, the more the incentive to improve wallet firmware grew. Hence audits, management oversight of software releases and so on. So people started to think that Ledger was an ultimatum solution where you don’t have to trust the company, which isn’t true. A certain level of trust is required to use Ledger products.


And it does. The fact is that hardware wallets do store users' private keys securely and cannot conduct transactions with them without the consent of device owners. But that doesn't mean that in theory Ledger can't create malicious firmware that would, for example, reveal users' sid-phrases and allow their coins to be stolen.

And here it's pretty logical to assume that since the company hasn't done anything like that in the years since it was founded, it means it won't do so in the future. In addition, such a move would mean a cross for Ledger's reputation - and it won't do that. So if cryptocurrency enthusiasts have used Ledger devices before, it means they trusted the company in one way or another. And the launch of Ledger Recover won't affect the security of users' digital assets in any way, as they still control their own Sid-phrases.


The co-founder of the company said that nothing has changed in the model for securing customer funds with the release of Ledger Recover. All along, users of the devices had to trust their manufacturer, without that the whole system simply wouldn’t work. There are no loopholes in the wallet firmware for hackers, and the update itself was presented to users in the worst possible way.

???? YOU CAN FIND MORE INTERESTING STUFF ON US AT YANDEX.ZEN!

Larchevec noted that people had misunderstood how hardware wallets worked. And it’s the company’s fault. Here’s his quote to that effect.

Trying to explain the security model of hardware wallets to users with less and less knowledge has become increasingly difficult. So it seems that in 2022, the head of marketing tweeted the phrase “Firmware update can’t extract your sido from the Secure Element security chip”. This is not a lie, but the clarification “as long as you trust Ledger” is missing here.

This has led users to think that Ledger devices are a solution that does not require trust, but this is not the case. A certain amount of trust is required to interact with the company’s hardware wallets. And if you don’t trust Ledger – that is, treat the hardware manufacturer as the enemy – this approach won’t work.

Larshevec’s post didn’t satisfy all the commenters, and on top of that, led to more questions. The comments, thanks to Erik’s response, revealed that subpoenas from government agencies to third parties that store parts of users’ sid-phrases could be sufficient grounds for disclosure.

Which means, in theory, governments around the world could thus open up access to the crypto of the people they want via Ledger Recover. Users can only trust Ledger that something like this won’t become a reality.

Well, advanced users who understand the importance of sid-phrases and know how to store them obviously don’t need such a service. The same is true for those people who have certain reasons to fear unfriendly actions against them by the state.


With this in mind, many cryptocurrency enthusiasts have begun to advise switching to open-source hardware wallets like Trezor. However, it is important to understand here that open source does not guarantee the absence of problems, because only a few users can test a new firmware release on a separate device and make sure it is free of problems. As Ledger CTO Charles Guillaume pointed out in a recent edition of the Bankless podcast, in theory any hardware wallet vendor could create malicious firmware to steal their own users' assets, so the latter have to trust companies one way or another. That said, transactions affecting the sido-fraud still have to be confirmed by users.


The head of strategy at the Solana Foundation, Austin Federer, reacted to the developments. He commented on the topic that in theory the authorities could sue the companies that store parts of Ledger Recover users’ sid-phrases and gain access to certain people’s cryptocurrencies. Here’s the relevant quote.

This is not “the end”, this is how the whole end-to-end encryption industry works. That’s how software recovery works – and there’s no other way around it.

Your iPhone is encrypted, but backups to iCloud could be the subject of a lawsuit.

The Ledger Recover service is not designed for experienced cryptocurrency users. That’s fine.

Solana Labs co-founder Anatoly Yakovenko also shared his own comment. He believes the feature is the least likely threat to users. According to Yakovenko, much more dangerous could be a bug in the random number generator, but cryptocurrency users themselves lose money more often due to fraud rather than the actions of the authorities.


We believe that the current situation with Ledger can really be called a PR disaster for the hardware wallet maker. The company definitely should have presented the feature and explained its features first, and only then distributed the update. In that case, device owners could have reacted more calmly and in the worst-case scenario simply ignored the update.

Now the company has a lot of resources to spend on explaining what is going on and rebuilding trust. Although as we can understand now, in theory any hardware wallet maker could implement a corresponding backdoor to steal their own users' sido tags and gain access to their coins. However, since giants with an audience of millions have not done this over the years, it means they have no such goals.


What do you think about this? Share your opinion in our ex-wealthy cryptochat. There we wait for the onset of a new bullrun and the return of former wealth.