Ledger used to be the standard hardware wallet choice for most crypto investors.
Some time ago, they announced Ledger Recover. It’s an optional service aimed at n00bs that don’t trust themselves to take care of their seed phrase.
If you were a Ledger user with significant capital secured by it when this news came out, you were most probably shocked.
What is Ledger Recover?
Ledger Recover is an optional service for users of Ledger hardware wallets.
If a user opts in, Ledger sends encrypted fragments of the device’s seed phrase to 3 companies as a backup. Upon user request and ID verification, the private key can be restored on a Ledger device.
As you can imagine, this triggered outrage, uncertainty, and many discussions online.
Eventually, someone asked for clarification on the Ledger subreddit and the cofounder responded:
The device sends encrypted shards of your seed to different companies if you decide to use the service. You can of course still choose to backup it yourself.
Needless to say, subscribing to this service defies the purpose of self-custody (because you’re trusting third parties) and using a hardware wallet (because the seed exists online, although encrypted and sharded).
But using the recovery service is not the problem. No sane user would use it anyway.
The Problem With Ledger Recover
The problem is the technical ability of the device to extract the seed phrase from the secure element.
The ledger device, technically, can expose your seed phrase to the internet.
Ultimately, it’s a matter of the French government knocking on their doors and asking for it.
But let’s assume Ledger is 100% trustworthy and would never inject a backdoor. Then, how can we know that the implementation of the recovery service is robust? What if there are bugs exposing the devices to third-party exploits?
We can’t know – the firmware is closed source.
In summary:
You can’t opt out from the device being able to leak data to the internet.
You can only opt out of Ledger doing it intentionally.
Addressing Common Arguments
Besides all facts, there are still people delivering pro-Ledger arguments that I’d like to address.
Most of these are from people falling for commitment bias because they’re customers. To me, this is simping. I also own 2 Ledger Nano S devices but I’m comfortable with the reality of the situation.
Below I compiled a list of the most common misconceptions and will try to dispute them all:
“All hardware wallets can expose your seed”
This statement is technically true.
However, it’s not an argument that defends Ledger’s position. Here’s why.
While all hardware wallets can do it, most have open source firmware. This means that if such a change is implemented, you’ll know not to upgrade to that version and you won’t be at risk.
Ledger has closed source firmware – this means that their code is not public and you trust them not to expose your seed.
TLDR All hardware wallets can leak your seed, but Ledger is one you can’t see coming.
“I Trust Ledger”
If you’re basing security on trust, just use a free CEX account. Why even bother with self custody?
Also, why are you in crypto at all?
Anyway, it’s easy to assume that Ledger doesn’t lie. I also believe they released the service as described. However:
- A chain of employees may organize a seed phrase heist
- An honest/unintentional bug might expose your keys to the public
- A malicious actor can inject an exploit that interacts with the secure element
Also, this is not the first time Ledger messes up:
- They had a data leak in 2020, exposing the names and addresses of all their customers
- They put all Ledger users’ assets at risk in 2023 through an exploit in their Connect Kit
How can you be 100% sure that an unintentional “seed leak” is not next?
TLDR While Ledger wouldn’t do it intentionally, never underestimate their negligence.
“Just don’t upgrade the firmware to v2.2.1”
Indeed, please don’t upgrade. Don’t even open Ledger Live if you can avoid it.
However, as Ledger’s firmware is closed source, you can’t be sure that this functionality wasn’t there already. All we know is that the Ledger Recover service went live with v2.2.1 – which is a functionality on top of exposing seed phrases online.
In the best case scenario, you’re safe if you don’t upgrade. But in the worst case scenario, Ledger and Emmanuel Macron already have your seed phrase.
TLDR You don’t know when the ability to extract the seed phrase was implemented.
“Don’t put everything there, diversify wallets”
Arguments such as this one were common and plentiful.
First of all, this is easy to say if your net-worth is $27. However, people with 6 or 7 figures in digital assets might disagree.
Even Ledger confirmed in their Twitter Space after the incident (1:03:30 until the end):
“We didn’t build this for maxis who have huge amounts of value on their Ledger.”
And the second point: even if you’re diversifying wallets, why wouldn’t you choose all of them to be as secure as possible?
TLDR Sticking with a potentially vulnerable wallet should not be an excuse for diversification.
“I trust Ledger more than me not making a mistake”
Then you also trust other hardware wallet more than yourself, don’t you?
Especially open source ones with which you’ll always know exactly what’s going on.
But most of these people are referring to them transferring the assets to the new wallet. Here’s a easy-to-follow tutorial:
- Buy a new wallet
- Click “Receive” and copy the address
- Go to your Ledger account
- Click “Send” and paste the address
TLDR You shouldn’t rely on trust.
“[Another HW] also offers sharded backups”
Yes, there are other hardware wallets that offer sharded (Shamir) backups.
However, the seed phrase fragments aren’t sent anywhere. They’re generated and shown on the device itself. Then it’s up to the user, and not random companies, to write them down and store them securely.
They’re never transferred from the cold wallet to a device connected to the internet.
This is verifiably true.
TLDR The problem is not getting fancy with seed phrase backups, the problem is leaking secrets online.
“Nothing changed for me / it was always like this”
This is true to an extent. Effectively, you were trusting Ledger with their proprietary software.
But now we have confirmation that this vulnerability exists. Maybe you were aware of the possibility before, maybe you weren’t.
If you weren’t: you’re probably reevaluating your choice already.
If you were: you trusted that Ledger’s firmware won’t interact with the secure element in a malicious way. Ledger Recover is your reminder to revisit your decision.
Of course, I understand that people might decide to stick with Ledger. And that’s fine if they understand the risks. I still keep mine, although I migrated my long-term positions to another hardware wallet.
TLDR There is new information – there’s a potentially exploitable vulnerability in the firmware.
“I use a passphrase”
Passphrases are a great way to generate new sets of addresses and increase security through plausible deniability.
With that being said, you don’t know what Ledger does with the passphrases and whether the device stores them in memory.
I know this because nobody has read Ledger’s firmware code.
TLDR Passphrases are part of the BIP-39 standard. You can continue using them with open source wallets.
“I won’t opt-in to the Recovery Service”
The recovery service is irrelevant.
The problem is the device’s ability to access your seed and expose it to the internet.
Ledger confirmed that this could always been done and now they’ll offer a service to do it for you (while sharding and encrypting it).
With open source hardware wallets, you can see their firmware code and know exactly what they’re doing with your seed. With Ledger, you have to trust their word.
TLDR You can opt out of the Recovery Service. You can’t opt out of the device’s ability to leak your seed.
Conclusion & TLDR
Remember, the only advantage cold wallets have over hot wallets is the that the seed phrase will never be exposed to a device connected to the internet. I cover this in detail in my introduction to hardware wallets.
Ledger hardware wallets fail this test because users of the recovery service can trigger exposing data from the secure element.
This is a fact, confirmed and offered by Ledger.
As your portfolio grows, you might want to reevaluate if you’re comfortable with this setup.
While being your own bank, it’s all about what makes you sleep well at night.
This post is not against Ledger nor promotion of any particular hardware wallet. This is my honest opinion about the Ledger Recover service based on public information from the company. I still keep my Ledger devices but only use them for my DeFi adventures. I moved my long-term positions to BitBox02 and Keystone 3 Pro.
Need a step-by-step guide to buying Bitcoin and securing it safely with a hardware wallet? Head to: The Self Custody Manual.