Crypto Users Criticize Ledger’s New Seed Phrase Recovery Update

Crypto wallet provider Ledger has released a new feature that allows users to connect their crypto seed phrases to their passports and identification cards, but the crypto community is criticizing the firmware update.

Ledger Launches ID-based Key Recovery Service

Ledger unveiled the new service, dubbed Ledger Recover, in a Tuesday tweet, stating that it would soon be launched. As a subscription service, Ledger Recover gives users access to an additional layer of protection for their private keys. The feature requires users to provide their passports or ID card to verify their identity. 

After verification with an ID document and a selfie recording, the Ledger wallet duplicates the user’s seed recovery phrase and encrypts the duplicate. The encrypted copy, a backup linked to the verified identity, is then divided into three fragments, each secured independently by external parties, including Ledger, Coincover, and an unnamed provider.

Once put together and decrypted, the fragments can be used to reconstruct the original seed phrase. Ledger says that users will never be locked out of their crypto wallets when they utilize the new service, as their identity becomes the key. 

Crypto Community Reacts

Although Ledger clarified that the recovery service is optional, users do not have to use it, and they can continue managing their seed phrases themselves, the crypto community believes it could pose a security risk for every customer.

Social media platforms have been abuzz with criticism of the update, with prominent figures pointing out issues with the service. Mudit Gupta, chief information security officer at Polygon Labs, called the feature a “horrendous idea,” urging users to desist from enabling it. 

Ledger suffered a data breach in 2020 that exposed the physical addresses, phone numbers, and email addresses of about 300,000 users. The crypto community has referred to the unfortunate incident, insisting that the new service could lead to a repetition of the data leak.

One Reddit user said: “This is a disaster waiting to happen. I can’t actually believe what I’m reading, this seems absolutely crazy for a hardware wallet provider to encourage you to back up your seed phrase online AND give them your Passport/ID—especially one that has previously suffered a data breach!”