The Ledger Recover Service: A Controversy Surrounding Hardware Wallets

This article delves into the concerns and criticisms surrounding the market leader in hardware wallets and its plans for backing up the most precious things of crypto. We explore trust issues that users must contend with.

The Ledger Recover Service: A Controversy Surrounding Hardware Wallets

There has been a storm of criticism around the newly introduced ‘recover’ function of hardware wallet manufacturer Ledger. The company's first intention was to increase the resilience of its hardware wallets by introducing a new optional recovery subscription service for users who wanted to backup their secret recovery phrase.

However, many have argued that this introduces new security risks and compromises the Ledger wallet as a whole. Although Ledger recently announced that it is delaying its recovery service, we’ll take an in-depth look at the market leader in hardware wallets and its plans for backing up the most precious things of crypto.

What is the Ledger Recover Service?

Ledger's 'recover' function would split users' private keys into three encrypted shards, a type of database partitioning, that would be stored separately by three separate custodians, one of which would be Ledger itself. If users needed a backup for their private key, they could combine the shards to recover their lost or forgotten private keys.

By implementing this backup recovery, Ledger hoped to potentially make storing cryptocurrency more user-friendly and accessible, thereby expanding their user base. But what actually happened was the complete opposite.

Concerns Across the Board

Many users argue that the ability for private keys to leave Ledger devices in any way compromises the security of its hardware wallets. Initially, users believed that their keys could never leave their devices when purchasing Ledger products. Even if users do not opt-in, the fact that the firmware update enables key export raises concerns. And some argue that the subscription-based service could undermine users' privacy and potentially corrupt their security. We'll take a look at some of the main concerns and criticisms.

Closed Source instead of Open Source

A first concern is that the recovery software is closed-source, which means users cannot verify how it works or whether it is secure. Blindly trusting the hardware wallet manufacturer is thus a must, and the age-old maxim 'Don’t trust but verify' is turned on its head. If the source code is closed, users cannot verify if keys can be exported.

Trusting Multiple Parties

Users must trust not only Ledger but also Onfido, the identity provider, and the three separate custodians who store the encrypted seed shards. This means trusting that none of these parties will misuse or leak user data.

Mandatory KYC

Even if the service is opt-in, users will still have to make decisions that are determined by Ledger. The recovery service will require KYC checks, which is seen by many as another regulative crackdown and an attack on the whole ethos of being permissionless. According to many, this should not be the case, as users should not be forced to make decisions and choices against their will.

Risk of Fund Seizure

At last there is the interference of the state that is a concern for users that must provide personal identity details. This creates a single point of failure for data leaks and government surveillance, as some of the custodians are based in 5-eyes countries, governments could potentially compel them to disclose user identities and seize funds, as stated by Ledger former CEO below.


The intended help for users who do not feel comfortable securing their own keys has sparked a whole new controversy around the idea that the cryptocurrency ideology has been corrupted from within. If Ledger launches 'recover,' it may break many of the security and privacy principles that hardware wallets are based on. The lack of transparency, the need to trust multiple parties, and the introduction of KYC severely weaken the core concepts of the cryptocurrency movement. Transparency and open discussion will be crucial to rebuilding trust, and users should always have the choice to decide their privacy needs and risk profile.

Connect with Bitfinity Network

Bitfinity Wallet | Bitfinity Network | Twitter | Telegram | Discord | Github

*Disclaimer: While every effort is made on this website to provide accurate information, any opinions expressed or information disseminated do not necessarily reflect the views of Bitfinity itself.