Ledger co-founder clarifies “there is no backdoor” in Recover firmware update
2 min readThe launch of Ledger Recover, a service that allows users of the Ledger hardware wallet to back up their secret recovery phrases, met with immense resistance from the crypto community. Ledger co-founder and ex-CEO Éric Larchevêque took the criticism against Ledger as “a total PR failure, but absolutely not a technical one.”
Ledger Recover is an OTA firmware update, which would allow users to back up their seed phrases by third-party entities. If a user chooses to opt-in to the new service, the recovery phrase fragments get encrypted and are stored by 3 different parties, which can be used to recover the phrase in the future. However, the idea of the seed phrase leaving the hardware wallet did not resonate with users that considered Ledger as a trustless service for storing cryptocurrencies.
Addressing the rising concerns of users worldwide, Larchevêque posted on Reddit clarifying that Ledger was never a trustless solution:
“Some amount of trust must be placed into Ledger to use their product. If you don’t trust Ledger, meaning you treat your HW manufacturer as an adversary, that can’t work at all.”
He argued that the Ledger Recover update has no impact on the hardware wallet’s security model. He added:
“My mistake as a CEO during my tenure was probably not be relentless enough about explaining the security model, but at some point you just give up as people don’t care at all. Until they care again, like now.”
Larchevêque believed that the only thing that changed is the general user’s perspective on trustlessness and that the Recover code in the firmware is not a malicious code:
“Ledger is still safe, there is no backdoor, the Ledger Recover is not a conspiracy, no one will ever force anyone to use Recover.”
Trusting Ledger with sharding the seed phrase is just like trusting Ledger with signing a transaction, he added. Addressing a user’s recommendation about having two different firmware to eradicate ‘backdoor’ concerns, Larchevêque said that “it wouldn’t change anything” and would be saddening for him personally.
The firmware update in question is not available for Nano S — Ledger’s cheapest hardware wallet offering — as the chipset does not have enough memory to store the new firmware.
Related: Crypto community reacts to Ledger wallet’s secret recovery phrase service
Amid the rollout of Ledger’s controversial firmware update, competing hardware wallet provider GridPlus decided to open-source its firmware for its users.
The most trusted name in cryptography, relied upon by the world’s governments for their highest security applications for decades, sold products backdoored by the CIA. How can we ensure this won’t happen again? Open-source software.
GridPlus will open-source its firmware in Q3. pic.twitter.com/889OnqXd20
— GridPlus (@gridplus) May 18, 2023
Turning the Ledger controversy into a marketing opportunity, GridPlus announced plans to open source its device firmware in the third quarter of 2023 to deliver greater transparency.