Are your funds still secure? Ledger case

Are your funds still secure? Ledger case

Back to all


That moment when “Recover” turns into “resign”

Is there a potential backdoor in Ledger’s hardware? With the recent introduction of the Recover service on their crypto wallets, concerns have been raised regarding whether Ledger allows such access. The cryptocurrency community is currently divided on whether this feature could provide a covert means for government agencies to access private coins without proper authorization.

The Bitfold experts also weighed in on the matter, stating that it inadvertently revealed the truth that the king is, in fact, naked. The hype surrounding this situation stemmed from people’s lack of deep understanding of the equipment’s architecture, leading them to overlook the fact that their keys ultimately remain under the control of the wallet producer. “Despite the keys being stored within the device, they remain under the control of Ledger’s software” – stated Radosław Szczygieł, Bitfold Hardware Architect.

In other words, the statement provided by the company that “a firmware update cannot extract the private keys” sounds legit; however, it was neglected to mention that “the updated firmware can do anything”.

What more do our experts think about this issue? We have scheduled an intervention webinar with the Bitfold team on Monday, May 29 at 20:00. Join our community for free participation. You will receive a link to the live event via email 15 minutes before it starts. Note that the event will be held in Polish.

Ledger intervention webinar


To recall, the introduction of the Ledger Recover feature on May 16 has sparked such an unease and anger within the crypto community due to its option of using a controlled seed fragment as a wallet password for “trusted third parties.” Some members of the Web3 community claim that the service violates Ledger’s longstanding policy of ensuring that a user’s private key never leaves the device.

The purpose of this feature is to help users restore their mnemonic phrases and private keys using the Ledger device in case of loss or lack of access to the seed phrase. The firmware update allows cryptocurrency users to divide the seed phrase into parts and store them with three different entities: Coincover, Ledger, and an independent backup service provider.

Pascal Gauthier, Ledger CEO, reaffirmed that funds are secure, and that no backdoor has been created in their wallets. However, he stated that the government can access the private keys of users utilizing the Ledger Recover feature only if a subpoena is issued. This statement seems to have only added to the anxiety in the community.

After facing substantial media criticism following the announcement, Ledger has decided to postpone the launch and has unveiled an expedited open-source roadmap. The company now faces a considerable challenge in persuading the public that their primary goal is to offer users secure storage for their digital assets, all while maintaining transparency and verifiability throughout their operations.

Let the conclusion serve as a summary that balancing the distrustful nature of cryptocurrencies with the growing adoption continues to pose a huge challenge – as Ledger recently discovered.

Remember to join our community to receive a link and attend the discussion on this topic, scheduled for Monday, May 29 at 20:00.

The opinion expressed within the content is solely the author’s and does not reflect the opinions and beliefs of the website owners.