Ledger’s Firmware Update Sparks Controversy

The launch of Ledger Recover, a new service that allows Ledger hardware wallet users to back up their secret recovery phrases, was met with intense opposition from the cryptocurrency community.

Ledger co-founder and former CEO Éric Larchevêque characterized the company’s criticism as “a complete PR failure, but not a technical one.”

Ledger Recover is an over-the-air firmware update that enables users to store seed phrases with third parties.

If a user opts into the new service, the fragments of the recovery phrase are encrypted and stored by three parties so that the user can recover the phrase in the future.

However, the seed phrase left on the hardware wallet did not resonate with users who viewed Ledger as an untrustworthy cryptocurrency storage service.

Larchevêque clarified on Reddit that Ledger was never a trustless solution in response to the rising concerns of users around the world:

“Some amount of trust must be placed into Ledger to use their product. If you don’t trust Ledger, meaning you treat your HW manufacturer as an adversary, that can’t work at all.”

He argued that the Ledger Recover update does not affect the security model of the hardware wallet, adding:

“My mistake as a CEO during my tenure was probably not be relentless enough about explaining the security model, but at some point you just give up as people don’t care at all. Until they care again, like now.”

Larchevêque believes the only thing that changed was the general user’s perspective on trustlessness, and the Recover code in the firmware was not malicious:

“Ledger is still safe, there is no backdoor, the Ledger Recover is not a conspiracy, no one will ever force anyone to use Recover.”

He added that trusting Ledger to shard the seed phrase is equivalent to trusting it to sign a transaction.

In response to a user’s suggestion to have two distinct firmwares to eliminate “backdoor” concerns, Larchevêque stated that “it wouldn’t change anything” and would make him sad.

The aforementioned firmware update is unavailable for the Nano S, Ledger’s most affordable hardware wallet, because the chipset lacks sufficient memory to store the new firmware.

In response to the release of Ledger’s contentious firmware update, GridPlus, a competing hardware wallet provider, decided to open-source its firmware for its customers.

Using the Ledger controversy as a marketing opportunity, GridPlus announced plans to release its device firmware as open source in the third quarter of 2023 to increase transparency.