Users are expressing their worries about the recover feature, fearing that it could be exploited as an additional way for attackers to access recovery phrases and IDs stored online. Ledger has recently introduced this new feature, which has raised concerns within its user base. The Recover feature is a subscription service that operates based on user IDs and allows for the retrieval of secret recovery phrases. It specifically applies to Nano X hardware wallets and will become available with the release of firmware version 2.2.1.
Ledger’s new phrase recovery feature has users spooked
Ledger, a prominent cryptocurrency wallet provider, has recently unveiled a new feature that has sparked significant apprehension among its user base. The feature, known as Ledger Recover, is an ID-based subscription service designed to facilitate the retrieval of secret recovery phrases for Ledger Nano X hardware wallets. It is set to be implemented with the forthcoming firmware release 2.2.1.
The introduction of Ledger Recover comes in response to a pressing issue within the cryptocurrency community. Last year alone, an estimated $545 million worth of Bitcoin (BTC) was reportedly lost due to forgotten passwords or errors associated with recovery phrases, underscoring the urgent need for solutions to address this problem.
However, Ledger users have expressed strong reservations about the newly introduced feature. The primary concern raised is the requirement for online storage of the secret recovery phrase, along with the association of this sensitive information with a passport or national ID card.
A Reddit post discussing the Ledger Recover feature has gained substantial attention, with one user labeling it as “a disaster waiting to happen.” The author of the post highlighted the risks associated with sharing seed phrases online, referencing Ledger’s unfortunate data breach incident in 2020.
Many commenters echoed similar sentiments, with the most popular comment expressing further unease about the security implications of uploading personal identification alongside the recovery phrase. The sentiment was summarized with a resounding “no” to subscribing to the new feature.
While some argue that the subscription to Ledger Recover is optional, others contend that the mere existence of the feature poses a potential compromise to the security of users’ devices and seed phrases, regardless of whether ID information is involved.
The concerns raised by Ledger users stem from a previous data breach incident that occurred in July 2020. During the breach, customer data, including names, phone numbers, email addresses, and, in certain cases, home addresses, was compromised. By December of the same year, the leaked information had made its way onto a hacker forum, leaving it accessible to anyone.
Following the data leak, Ledger customers reported receiving threatening messages. One Reddit user shared an example of a text message demanding 0.05 BTC within 48 hours, threatening physical harm if the demand was not met. Another user disclosed an email demanding $500 in BTC under the threat of a home invasion and torture.
While it is widely believed that these threats were empty attempts to induce compliance, users remain infuriated by Ledger’s mishandling of their personal information. Given this history, the request to upload identification for the recovery phrase feature is seen as a significant imposition.
In response to the backlash, Ledger CEO Pascal Gauthier issued an apology to users, expressing empathy for the distress caused by the menacing threats. Gauthier acknowledged the breach as a disappointing and infuriating situation.
The world of cryptocurrency, as a burgeoning industry, presents various inefficiencies and challenges. As it stands, assuming the role of one’s own bank requires individuals to take responsibility for safeguarding their recovery phrases, a responsibility that many Ledger users are hesitant to entrust to online platforms.
To access more crypto news: cryptodataspace.com
Leave a comment