Current Events: Ledger Seed Recovery

 

Hardware wallet providers once again proving they can't be trusted.

Ledger Recover is a subscription service that allows users to utilize an additional layer of protection for their private keys. This service employs a technique where the user’s seed phrase is divided into three encrypted fragments, each sent to different external entities. Once these fragments are combined and decrypted, they can be used to reconstruct the original seed phrase.

And understandably people are pissed.

Mudit Gupta, the chief information security officer at Polygon Labs, shared, “It’s a horrendous idea, DON’T enable this feature.” Gupta expanded further in his Twitter thread that “the problem here is that the encrypted keys parts are sent to 3 corporations and they can reconstruct your keys.”

Of course many assumptions are being made here.

For example... um so the three parts are encrypted... but encrypted with who's password? It could be more secure than it sounds, but like others I have my doubts.

Bitcoin investor and podcaster Chris Dunn shared, “First they exposed mailing address, phone numbers, and email addresses of their customers," referencing the Ledger data leak that exposed users’ information in 2020. “And now they’ve put a back door into seed phrases. It’s time to say goodbye to Ledger.“

Hm yeah exactly.

Ledger has already shown that they are incompetent by storing data that they never should have been storing in the first place, and then getting hacked. People literally were threatened, kidnapped, and died over this event, and as far as I know Ledger got away with it essentially scot free.

Also... what if you have 2 of the three pieces of the seed?

Each word added to the seed phrase adds exponential security to the encryption process. If someone controls 8 out of the 12 words? LoL, you could brute-force hack that shit on a laptop in five seconds.

I wish I had the numbers on me because I know I've seen an infographic showing how secure adding each word is, but it might even be possible to hack a 12 word seed even if someone only controls 4 of the words, which would render this entire process completely pointless and even less secure than storing all the words in a single place (because if any of the three get hacked you're done, son).

Binance founder and CEO Changpeng Zhao chimed in on Gupta’s thread, saying, “So the seed can leave the device now? Sounds like a different direction than ‘your keys never leave the device.’”

Sick Burn by CZ

That is such a political and polite way of putting it.
Underneath the surface it is absolutely scathing.
Very nice.
 

The wallet provider shared that Ledger Recover is an optional subscription for users who want to back up their secret recovery phrase. “You don’t have to use it, and can continue managing your recovery phrase yourself if that’s why you bought a Ledger,” the company explained.
 

"Don't worry about it," said untrustworthy corporation.

"It's just optional, bro." LoL, yeah but if the code exists to extract the seed from the device then spoiler alert: the code exists to extract the seed from the device. It doesn't matter that it's "optional". It exists, and that's a threat.

This is something I have spoken to multiple times now, and I'm actually quite flabbergasted that only when the untrustworthy corporation comes out and openly admits they are going to implement a bad idea that people seem to realize what's going on here. What if they had simply said nothing and programmed a backdoor into the next firmware update? Kek... as if they can't do it at any time.

Now governments and other institutions all around the world can apply pressure to companies like Ledger and Trezor and demand that so-and-so's wallet needs to be confiscated. This is such a bad look it's unbelievable, but hopefully I'm exaggerating (at least in the short/mid term). Hopefully these threats don't actually materialize until we have better options available.

Better options like what?

Event's like this always bring me back to my idea of creating an air gapped hardware wallet on something like a Raspberry Pi device. Something like this would be 100% trustworthy if the user set everything up themselves, and would be fairly trustworthy if they bought it from a trusted third party on Hive (even if it was hacked you'd be able to see all the data exiting the device when you scanned the QR code on your phone).

Of course something like this is a serious end-game type project that has to be either funded by the @hive.fund or by a philanthropist on Hive. Sorry boys, I'm not a multimillionaire yet so I can't afford it. Still, it would be super cool (especially if it was hidden and embedded on a Raspberry Pi that played video games via emulator or something: then no one would even know it was a hardware wallet).

Conclusion

Terrible terrible idea from Ledger. Just terrible. Of course mathematically it's a great idea if the number of seeds that get recovered are greater than the number of seeds that get stolen due to this functionality. However such a point might be moot as it opens up all seeds to systemic risk (meaning it's possible they could all get hacked at the same time after the appearance of being secure for years).

This kind of "solution" is a very slippery slope. On the one hand it's just the kind of thing we'd expect for mainstream adoption so noobs can rest at ease knowing that they aren't going to make a mistake and lose everything, but also it opens Pandora's box in terms of the security of everyone with a Ledger, not just the users who opt into the service. If code allows the seed to escape the device by design it doesn't matter if it's "optional" as Ledger is claiming here.

Luckily I like my Trezor quite a bit, but I only trust them slightly more than Ledger at this point. Corporations are corporations after all. It's also noteworthy to point out that Hive account recovery is superior to this solution in every way because Hive recovery doesn't add any attack vectors to the platform and is a very elegant solution that can't recover a seed but it can allow a seed to be changed securely.

In any case it's nice to see that Ledger has gotten so much bad press over this and we need to be watching them closely to see what they do next. Whatever it is I imagine it won't be good.