Crypto wallet producer, Ledger, has drawn flak for introducing an update enabling its devices to transmit encoded fragments of users' seed phrases to others.
The Paris-based firm has asserted that this move aims to facilitate the recovery of seed phrases, akin to passwords, for users.
However, detractors have voiced concerns about potential security risks associated with the update.
Hardware wallets, also known as cold wallets, are tangible devices that maintain the offline storage of crypto private keys.
Given their offline nature, they're often deemed safer than their 'hot wallet' counterparts, which involve storing keys on internet-connected computers or mobile devices.
Ledger, as a cold wallet, is designed to provide users with full control over their digital assets.
The newly introduced "Recover" feature enables the device to share a user's private key, in an encrypted and compressed form, with three firms: Ledger itself, Coincover, and EscrowTech.
During a discussion on Twitter Space, Ledger's CEO, Pascal Gauthier, defended the new feature.
“You’re saying this is not what customers want. Actually, this is what future customers want. This is the way that the next hundreds of millions of people will actually onboard to crypto," he said.
Also Read: BlockFi's $240M Disaster: The Blame Game And The Lost Millions
The crypto community has voiced its concerns, highlighting Ledger's history of security breaches and questioning the wisdom of the new update.
One critic labeled the update as a "betrayal" of customers, suggesting that Ledger should have developed a new device or smart contract wallet instead.
They emphasized that the company's decision to include what they termed a "backdoor" in firmware upgrades was a display of "extreme negligence."
By including a backdoor in canonical firmware upgrades for existing ledgers, you guys have betrayed your customers and mandate and displayed extreme negligence.
— Ryan Berckmans ryanb.eth🦇🔊 (@ryanberckmans) May 16, 2023
You should have created a whole new device with different firmware or smart contract wallet.https://t.co/HOlHXUqVoJ
Another Twitter user criticized Ledger's proposal for users to export their private keys from their hardware wallet and provide fragments to Ledger, Coincover, and a third party. They pointed out that this would require users to disclose more personal information, thereby increasing the risk of their funds being accessed by unauthorized individuals, especially in the event of further data breaches. The user called the decision "poorly thought out."
Ledger, the company that has experienced multiple security breaches that exposed the personal information of hundreds of thousands of its customers
— ChainLinkGod.eth (@ChainLinkGod) May 16, 2023
Now wants you to export your private keys from your hardware wallet and give fragments to them, Coincover, and an unnamed third… https://t.co/PO7OGy4DLT
Ledger last year: Your private keys never leave your hardware device.
— Vanessa Harris (@technologypoet) May 16, 2023
Ledger today: Pay us $9.99 to copy your private keys to our servers. Soon every device will have firmware capable of sending your seed phrase off device.
This is just begging to be exploited.
Photo: BestCryptoCodes on Flickr.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
