Why Ledger’s New Seed Phrase Recovery Update Is Dangerous?

The hardware wallet Ledger often cited as the most secure way to hold your crypto has come under fire after its latest update. Ledger revealed last night that it will give an option to its users to link their seed phrase to their identity card or passport.
The entire selling point of a crypto hardware wallet like Ledger is that the users themselves have to be responsible for their recovery seed phrase. No third party has access to your recovery seed phrase. However, with the new Ledger Recover update, the hardware crypto wallet is offering a subscription service that would allow you to store your recovery seed phrase in an encrypted way.
How will Ledger store your seed phrase?
Ledger Recover update promises to encrypt and divide your seed phrase into three pieces. After that you will give over your identity proof, a selfie recording, and then three different custodians will secure those shards for you. The three custodians will be Ledger, Coincover, and a third provider. Ledger clarified that this is an additional service and users are allowed to keep their recovery seed phrases with them as they were doing before. Many online privacy advocates called this update dangerous and started a stir on Twitter.
Why Ledger Recover update is dangerous?
In order to avail this seed recovery update service, a user will have to connect their identity to their Ledger account. This will give another KYC pain-point for data leaks, hacks, and government censorship or surveillance. Above all, a user is being put in a position where they will have to trust a third party with their crucial ID information and information on all their crypto holdings.
A database of this sort could also become vulnerable to hacks and leaks. Also, the sales of the crypto hardware wallet’s users would be extremely valuable. Any of the “authorized third parties” could also decide to leverage the data as an income stream at any moment.
Earlier in 2020, Ledger suffered a data leak exposing phone numbers and physical addresses of nearly 300,000 customers along with over a million email addresses.
From the technical point of view, the code for this entire process is closed-source and unverifiable. Ledger Live uses Ledger’s nodes for all wallet sync, revealing every detail of your cryptocurrency activity and making it trivial for Ledger to link this to your ID itself.
All the KYC data is collected by Onfido. The company also handles the KYC onboarding and keeps track of your device and current activity when you upload/verify identity. Not only you are trusting Ledger and other authorized parties, you’re also trusting Onfido with your crucial information. Is it a disaster waiting to happen?
- Grayscale Staking Ethereum ETF Debuts By Locking 32,000 ETH But Inflows Disappoint
- Pi Network Loses $18B Value in Six Months as Expert Warn of “Rug Pull” Risk
- Fed’s Jeffrey Schmid Signals Opposition to Further Rate Cuts With Inflation ‘Too High’
- IBIT Bitcoin ETF Becomes BlackRock’s Most Profitable Fund, Nears $100B Milestone
- Bitcoin Tops $126,000 as Market Prices In Three-Week U.S. Government Shutdown
- Solana Price Eyes 56% Rebound Amid Solana Company’s Massive $530M SOL Acquisition
- Ethereum’s Price Bullish Cycle Resumes as Grayscale Launches Spot Staking ETPs – Is $7,331 Next?
- Pi Network Price Risky Pattern Points to Crash as 14M Coins Leave OKX
- Bitcoin Price Prediction as Exchange Reserves Hit 6-Year Low—Is $150K Within Reach?
- Dogecoin Price Rebounds 15% From Buy Zone as Whales Add 30M DOGE – Can Bulls Push Beyond $0.30?
- FLOKI Price Prediction as ETP Listing Drives Adoption—Is a 160% Rally Ahead?