French hardware wallet manufacturer Ledger faced backlash from customers and cryptocurrency enthusiasts following a statement on Twitter. The company claimed they had always possessed the technical ability to install firmware on their devices, enabling access to users’ private keys. This was said in an attempt to calm concerns about Ledger’s new service, Ledger Recovery, which restores user passwords for access to wallets. The service stores encrypted parts of the secret phrase and issues it upon request, with identity confirmation.
Critics in the Ledger user base and cryptocurrency community derided the innovation, calling it a breach of confidentiality and security. Users on Reddit noted the absurdity of offering to store a backup copy of the phrase on the internet and requiring confirmation of identity. After these criticisms, Ledger tweeted to say they always had the ability to extract user keys but later deleted the tweet.
Ledger clarified in a later statement that the remarks on Twitter were taken out of context. The firmware of the wallet includes protection controls to ensure that no one, even Ledger staff, can publish malicious firmware. However, this response was not satisfactory to some who argued that they bought a hardware wallet, not “access levels.”
Some Ledger Nano users appraise the debut of the update as a logical step to strengthen the regulation of the crypto industry. Conversely, certain Reddit users are anxious that governments may someday demand such measures from every cryptocurrency service provider.