Do you have a cold wallet? In recent years, some people have been giving cold wallets as gifts to friends and relatives who are involved in trading cryptocurrencies. However, many recipients have probably not yet opened these generous gifts, choosing to keep their assets in exchanges instead. Not knowing how to manage private keys (or mnemonic phrases) is a major reason why people treat cold wallets as a "sacred object".
Last week, Ledger, the leading brand in cryptocurrency cold wallets, launched a new service called Ledger Recover. The original intention was to create a safety net for users in case they lose their private keys. Unexpectedly, this newly introduced service has caused a backlash, leading to a crisis of trust in the brand. In this article, we will first explain what Ledger Recover is and then discuss the root cause of its backlash.
Cold Wallet
I like to compare wallets to safes. The wallet is like a safe, and the private key is the unique key to that safe. If you lose the private key, you can't open the wallet. There are no "locksmiths".
A cold wallet physically isolates the private key from the internet, effectively blocking hacker intrusion. But it can't prevent users from being careless. How to store cold wallets and private keys is the first lesson in entering the crypto sphere. There is no standard answer to this lesson — it depends on whether you're the type to lose things easily.
Take the protagonist of this article, Ledger, as an example. It's suitable for meticulous people. The first thing people do after unboxing a Ledger is to backup their private key. But a Ledger cold wallet is an electronic device that could suffer screen failure or button malfunction, even if it is not lost. If you have millions of assets stored inside, you certainly wouldn't want to be unable to retrieve them. Therefore, backing up the private key is crucial. If the Ledger malfunctions or gets lost, you can restore it through the backup of the private key.
After completing the backup, you will have two keys to the safe. One is built into the Ledger cold wallet, and the other is your extra backup. The former is locked with a PIN code and a security chip, while the latter must be kept by yourself.
Humans are less reliable than machines. Therefore, the first page of Ledger's beginner's guide is dedicated to a safety notice video that teaches people how to back up their private keys in 7 minutes. Despite the prominence of this video, it has been viewed less than 5,000 times over the course of a year. This figure should be far from the number of Ledger cold wallets sold.
It's not surprising that people don't watch the video. After all, even airplane safety videos have to be produced with sophisticated animations to attract passengers' attention. Who would be willing to spend extra time listening to an engineer explaining a bunch of dry technical terms for 7 minutes? Still, people continue to lose their private keys.
Ledger began to think about how to design a mechanism to provide an additional safety net for people. The new subscription service, Recover, launched by Ledger last week, is their latest product, developed over two years.
Hot Backup
Recover's main feature is to allow the user to become the private key of the wallet, so there is no need to worry about losing the backup. According to Ledger's introduction:
Ledger Recover is an identity-based private key recovery service that provides a mnemonic backup for users. If a user loses or cannot access their mnemonic, they can retrieve their private key through this service with a Ledger device. Users can manage their mnemonics themselves, the advantage is complete control over assets, but also the responsibility to protect their assets. Ledger Recover is designed to meet the needs of those who want to add extra security in case they lose or cannot access their mnemonics.
Recover is an add-on feature for Ledger products, similar to how people can choose to purchase Apple Care after buying an iPhone. Once people subscribe to this service for €9.9 per month, Recover will ask users to verify their real identity through the KYC service provider Onfido, tying the private key to the individual. Then, Recover will shatter and encrypt the private key, backing it up with three different companies.
In the future, even if you lose your Ledger cold wallet and the paper you wrote your mnemonic on happens to be eaten by a dog, as long as you buy a new Ledger cold wallet and let Recover confirm that it's you, it can restore your wallet's private key. Put simply, Recover aims to become the third key to the user's wallet. The first is inside the Ledger cold wallet, the second is the mnemonic written down on paper, and the third is kept by the Recover service.
Ledger's CTO, Charles Guillemet, used his mother as an example to illustrate the practicality of this mechanism:
There are two major obstacles when my mother uses this Ledger product: addresses she can't remember, and private keys she can't manage well. If you know how to back up those 24 words securely, then Ledger Recover is not for you. But for people like my mother, managing those 24 words is very difficult.
Although Recover made it easy for Charles's mother to use Ledger, it contradicts the original intent of many Ledger users who purchased the cold wallet.
People buy cold wallets mainly in the hope of completely isolating private keys from the internet - trading ease of use for higher security. But the "secret" that allows Recover to help people retrieve their private keys is the design of a third-party private key backup mechanism via the internet, backing up the user's wallet private key to three specific companies - Ledger, Coincover, and EscrowTech.
Many people, like me, might have never heard of those two companies outside of Ledger before today, or what they do. Can we really trust them with our private keys? What if the government, in the name of law enforcement, demands that they hand over the user's private keys, will they resist to the end? Users now have to trust the company that holds the private keys, no longer managing their own private keys.
Privacy is also a major issue. In the past, people who owned cold wallets didn't have to go through real-name verification. But in order for Recover to allow users to restore their private keys "by themselves", it must force users to verify their real identity. The more a company knows, the less privacy the user has. Is the company willing to guarantee that it will not track or sell user's on-chain behavior in the future?
Most importantly, is the Recover mechanism secure? Ledger has not made the code public, in reality, Recover's operation is a black box. Although Ledger has made the general logic public, the outside world will not know whether there are any code vulnerabilities that hackers can exploit during each step of shattering, encrypting, and backing up the private key.
The hot backup of the cold wallet" not only sacrifices privacy but also raises security concerns. This is the main reason why Recover has sparked controversy.
Some may argue, isn't everything fine as long as you don't pay to subscribe to Recover? Not exactly. A Ledger cold wallet is a small computer. While it is mostly disconnected from the internet, it still needs to be updated regularly to support more currencies or blockchain updates. People worry that the Recover feature will be automatically included in future operating system upgrades.
Upgrading the Ledger operating system is like adding a lockable door to a solid wall. For those who have not paid to subscribe to Recover, this door cannot be opened. Ledger would say that a door that can't be opened is no different from a wall, but opponents question that since it is a door, it has the possibility to be opened. So far, Ledger still staunchly defends its original position.
Beyond the technical debate, I'm more curious about Ledger's motivation for launching Recover. If Ledger does not deny that Recover will sacrifice some privacy and autonomy of assets, what do they want in return? I think it's higher revenue.
Reason for the contradiction
People have often been told in the past to manage their mnemonic phrases themselves when using a wallet. If they are not confident, they are "not suitable for use". So everyone had to keep their assets on centralized exchanges. Ledger hopes to turn these people into their own users through Recover:
The initial idea for Recover dates back to 2020 or 2021. Over these years, the industry has realized that while some people are willing to manage their assets, the vast majority keep their assets within exchanges. Because managing cryptocurrencies in a cold wallet is not easy, you need to have technical knowledge and know how to manage mnemonic phrases, which is a big limitation for many people. So we asked ourselves: how can we get more people to start managing their personal assets?
Ledger's vision is good, but the method is a bit problematic.
If Ledger launched a brand new cold wallet with Recover built-in and encouraged elders like Charles's mother to purchase it, I believe no one would object. After all, asking elders to manage mnemonic phrases is indeed too much. Although using Recover would sacrifice some privacy, it is negligible compared to the risk of forgetting private keys. Advanced users who don't want to be "contaminated" by Recover just need to buy other types of cold wallets.
But it's not commercially reasonable to restrict Recover software to a specific hardware device. For one, users who want to try it out have to spend extra money to buy a new cold wallet. For Ledger, Recover can't serve the most users or receive the most subscription fees.
Therefore, the more "smart" solution is as it is now, putting Recover into the user's cold wallet through operating system upgrades, and then allowing users to decide whether to open it with a subscription service. Ledger doesn't have to create new hardware, and can push Recover to existing users. However, they didn't expect that Recover, even before it began to increase Ledger's revenue, has already caused a brand crisis for Ledger.
People are debating not just whether the Recover mechanism is safe, but at a deeper level, how to manage private keys safely. For Charles's mother, using Recover is safe. For critics, the original Ledger is safe. Ledger has tried to combine the needs of both sides, creating a "catch-all" solution they thought could cover all bases, but it ended up dragging down the entire brand.
The reason people are willing to pay for cold wallets is that they hope to achieve higher security. What Charles's mother needs is another product, such as a future smart contract wallet, not the Recover service stacked on Ledger.
Blocktrend is an independent media outlet sustained by reader-paid subscriptions. If you think the articles from Blocktrendare good, feel free to share this article, join the member-created Discord for discussion, or add this article to your Web3 records by collecting the Writing NFT.
In addition, please recommend Blocktrend to your friends and family. If you want to review past content published by Blocktrend, you can refer to the article list. As many readers often ask for my referral codes, I have compiled them into a single page for everyone's convenience. You are welcome to use them.