The hardware-wallet maker Ledger will accelerate disclosure of its software’s source code to dispel users’ doubts about the security of their assets. This was stated by the company’s CEO, Pascal Gauthier.
I want to address the feedback over Ledger Recover, the way it was communicated, and share our path forward. Read my letter and join our town hall with our leadership team to learn more.
?? https://t.co/2hlPrMwzaN pic.twitter.com/juVBOpWeeG
— Pascal Gauthier @Ledger (@_pgauthier) May 23, 2023
The company’s announced subscription Ledger Recover for restoring private keys faced a negative reaction in the community. The service splits the seed phrase into three encrypted fragments and stores them with external custodians. The client can recover information on their device using the credentials.
Several users expressed concerns about the theoretical possibility that the three fragment custodians could independently restore the seed phrase and gain access to the wallet. Others suggested that in the Ledger firmware initially had a built-in backdoor in the software for obtaining the keys.
Gauthier assured that the company “never compromises on security.” He said that the Recover situation was caused by an “unintentional communication error,” which led customers to misunderstand the option.
“We apologise for how this was communicated. We never intended to surprise you. Indeed, that is why we have been publicly talking about this product for more than a year. We have learned a lot from this experience, and you will see this in future communications,” wrote Gauthier.
The Ledger chief noted that the team is convinced of the necessity of such a Recover service:
“The main challenge in implementing self-custody of cryptocurrency is precisely the ability to recover the seed phrase. Most users today either do not own their private keys, or expose them to risk by using less secure forms of self-custody and complex methods of storing and protecting the seed phrase.”
Although open-source code is not always a security feature, in the interest of greater transparency the company will accelerate the disclosure of its product codebase, emphasised Gauthier. This will affect parts of the OS and various aspects of software, including the Recover tool.
Earlier, Ledger co-founder and former CEO Éric Larchevèque stated that the only problem with the new option is its disastrous PR launch. He also acknowledged that governments could compel custodians of the encrypted seed fragments to appear in court and gain access to the wallet.
Gauthier confirmed that authorities have the ability to request information from custodians in court.