After criticism from the cryptocurrency community, the company pledged to open-source the Ledger Recover code before releasing the controversial update.
Following harsh criticism from the cryptocurrency community, hardware wallet provider Ledger will delay releasing a key recovery feature.
In a letter to users, Ledger CEO Pascal Gauthier wrote that the company wonโt introduce the new feature before releasing the code for it. The company likewise scheduled a Twitter Spaces session for 12:30 p.m. EST on Tuesday to discuss the issue.
Pastย week, Ledger announced the service, wasย known Ledger Recover, which will allow users to store encrypted backups of their seed phrases with a set of 3 custodians. Ledger owners will then be able to restore their private keys even if they lose or forget their seed phrases. The opt-in feature will mustย haveย a know-your-customer (KYC) verification.
Ledger came under fire almost instantly from members of the digitalย currency community, which criticized the idea of sharing seed phrases with anyone other than wallet owners. Numerous commentators wrote angry posts onย Twitterย platform, Reddit and other platforms, saying they felt betrayed by Ledger, which has previously stated that Ledger wallet private keys would never leave a device.
Several critics likewise highlighted potential threats such as hacks of the custodians, data leaks from KYC providers and law enforcement taking control of Ledger usersโ data. Others pointedย outย that the code for the Recover feature is not open-source, so thereย is no way to audit the safety of the proposed custody mechanism.
Inย contrastย toย some competitors, Ledger does not publish all its code, but instead has its product tested by a team of selected security researchers.
The company learned a hard lesson, Gauthier stated in his letter to users. Parts of the Ledger code have been open-sourced before, and more will follow soon, Gauthier said.
โWe have made the decision to accelerate the open sourcing roadmap! We will include as much of the Ledger operating system as possible, beginningย with core components of the OS, and Ledger Recover, which willย not released until this work is complete,โ he wrote.
Gauthier likewise reiterated the idea that offering key recovery services is essential to onboard a new wave of cryptocurrency users, for which self-custody canย potentially feel asย well difficult.
โThe bulkย of users in cryptocurrency today either doย not own their private keys and/or are putting their private keys at danger using less secure forms of self-custody, and hard-to-use forms of storing and securing their seed phrase,โ the letter reads.
James Rubin.
