- Ledger CEO Pascal Gauthier communicated the decision to wallet users through a letter, expressing that the company will introduce the new feature only after sharing its code with the community.
- In response to community concerns, Gauthier also announced that Ledger would expedite its plans to make its codebase open-source.
Key-Recovery Service postponed
Ledger CEO Pascal Gauthier communicated the decision to wallet users through a letter, expressing that the company will introduce the new feature only after sharing its code with the community. Additionally, Ledger organized a Twitter Spaces session to engage with the community, discuss the matter, and establish a collective agreement on the next steps. The Twitter Spaces session witnessed the participation of more than 13,000 users, and Gauthier described it as a humbling experience and a valuable lesson in communication.
“This experience has been very humbling. We miscommunicated on the launch of this product; it was not our intention to take people by surprise. So because of that, we understand the community’s direction and apologize for the miscommunication.”
Codebase To Be Open-Source
In response to community concerns, Gauthier also announced that Ledger would expedite its plans to make its codebase open-source. This process would commence with the core elements of its operating system and Ledger Recover. As a result, Ledger Recover would not be launched until this open-sourcing initiative is successfully completed.
“We have made the decision to accelerate the open-sourcing roadmap! We will include as much of the Ledger operating system as possible, starting with core components of the OS, and Ledger Recover, which won’t be released until this work is complete. Furthermore, we will open-source the Ledger Recover protocol, enabling the community to have as much choice as possible over your self-custody, in addition to the service being fully optional. This roadmap will be shared and updated by our CTO and engineering team.”
Ledger’s Chief Technology Officer, Charles Guillemet, disclosed that within the upcoming days, the company would publicly release a white paper on the Recover Protocol, accompanied by technical blog posts. These resources would elucidate the guiding principles behind Recover and provide a comprehensive explanation of its functioning process. Guillemet expressed that,
“It’s going to be very easy and clear for every single cryptography and security expert to have a look at the protocol to get more guarantees and understand how it works.”
Additionally, he mentioned that developers have the option to create their own backup provider for the seed phrase shards instead of relying on the ones supplied by Ledger.
“This has always been something important for Ledger, but this recent event showed how important it is for the community, and this is why we decided to prioritize this open-sourcing process.”
Gauthier also emphasized the importance of providing key recovery services, particularly for new users who may find self-custody challenging.
“The majority of users in crypto today either don’t own their private keys and/or are putting their private keys at risk using less secure forms of self-custody and hard-to-use forms of storing and securing their seed phrase.”
Ledger’s PR Crisis
Last week, Ledger introduced its Ledger Recover service, which enables users to securely store encrypted backups of their seed phrases with trusted third-party custodians. This functionality allows Ledger users to recover their private keys in the event of seed phrase loss. The service was presented as an optional feature and required Know Your Customer (KYC) verification. However, instead of receiving the anticipated positive response, Ledger encountered a significantly different reaction.
Shortly after the announcement, Ledger faced severe backlash from the cryptocurrency community. The primary point of contention was the sharing of seed phrases with third parties. Numerous users expressed their anger and feelings of betrayal towards Ledger through social media posts. This negative reaction stemmed from Ledger’s earlier assurance that the wallet’s private keys would never leave the device. Critics raised concerns regarding potential risks associated with this arrangement, including the possibility of custodians being hacked, data leaks from KYC service providers, and the compromise of user data.
Additional community members highlighted the fact that the code for Ledger’s Recover feature is not publicly available in an open-source format, which restricts the ability to audit and assess the safety of the feature. Unlike its competitors, Ledger does not disclose all of its code. Instead, its products undergo testing by a limited group of security researchers.
A lifelong learner with a thirst for knowledge, I am constantly seeking to understand the intricacies of the crypto world. Through my writing, I aim to share my insights and perspectives on the latest developments in the industry. I believe that crypto has the potential to create a more inclusive and equitable financial system, and I am committed to using my writing to promote its positive impact on the world.