After criticism from the cryptocurrency community, the company pledged to open-source the Ledger Recover code before releasing the controversial update.
Following harsh criticism from the cryptocurrency community, hardware wallet provider Ledger will delay releasing a key recovery feature.
In a letter to users, Ledger CEO Pascal Gauthier wrote that the company won’t introduce the new feature before releasing the code for it. The company likewise scheduled a Twitter Spaces session for 12:30 p.m. EST on Tuesday to discuss the issue.
Past week, Ledger announced the service, was known Ledger Recover, which will allow users to store encrypted backups of their seed phrases with a set of 3 custodians. Ledger owners will then be able to restore their private keys even if they lose or forget their seed phrases. The opt-in feature will must have a know-your-customer (KYC) verification.
Ledger came under fire almost instantly from members of the digital currency community, which criticized the idea of sharing seed phrases with anyone other than wallet owners. Numerous commentators wrote angry posts on Twitter platform, Reddit and other platforms, saying they felt betrayed by Ledger, which has previously stated that Ledger wallet private keys would never leave a device.
Several critics likewise highlighted potential threats such as hacks of the custodians, data leaks from KYC providers and law enforcement taking control of Ledger users’ data. Others pointed out that the code for the Recover feature is not open-source, so there is no way to audit the safety of the proposed custody mechanism.
In contrast to some competitors, Ledger does not publish all its code, but instead has its product tested by a team of selected security researchers.
The company learned a hard lesson, Gauthier stated in his letter to users. Parts of the Ledger code have been open-sourced before, and more will follow soon, Gauthier said.
“We have made the decision to accelerate the open sourcing roadmap! We will include as much of the Ledger operating system as possible, beginning with core components of the OS, and Ledger Recover, which will not released until this work is complete,” he wrote.
Gauthier likewise reiterated the idea that offering key recovery services is essential to onboard a new wave of cryptocurrency users, for which self-custody can potentially feel as well difficult.
“The bulk of users in cryptocurrency today either do not own their private keys and/or are putting their private keys at danger using less secure forms of self-custody, and hard-to-use forms of storing and securing their seed phrase,” the letter reads.