Anonymous France

Ledger Clarifies ‘No Backdoor’ in ‘Recover’ Firmware Update

• Ledger Recover is a firmware update allowing users to back up their seed phrases by third-party entities.
• Ledger co-founder and ex-CEO Éric Larchevêque clarified that the new service does not impact the hardware wallet’s security model, and there is no “backdoor” in the firmware update.
• He stated that trusting Ledger with sharding the seed phrase is similar to trusting them with signing a transaction.

Ledger’s New Firmware Update

Ledger has released a new over-the-air firmware update called Ledger Recover, which allows users to back up their secret recovery phrases with third-party entities if they opt into the service. The launch of this new service was met with resistance from crypto users, who saw it as compromising trustlessness—raising concerns about whether or not there were hidden “backdoors” in the firmware update.

Clarification From Co-Founder

Ledger’s former CEO and co-founder Éric Larchevêque took to Reddit to clarify that trust must be placed into Ledger for users to use their product safely, but also reassured that there was no malicious code in the code for Recover, and no backdoor either. He admitted that he hadn’t done enough as CEO to explain the security model of Ledger wallets during his tenure —but noted that even if users had been made aware of this then, they likely wouldn’t have taken much notice anyway until now.

Trust With Signing Transactions

Larchevêque likened trusting Ledger with backing up a user’s seed phrase via Recover to entrusting them with signing transactions: both require placing some level of trust in the company. A recommendation from one user suggested creating two different firmwares — one for those who want a “trustless” solution and another for those who don’t mind sharing their seed phrase—but Larchevêque responded saying this would not make any difference either way.

Firmware Not Available For Nano S

The new firmware update is unfortunately not available for Nano S —the cheapest wallet offered by Ledger— because its chipset does not have enough memory storage space available for it.

Conclusion

Overall, while some members of the crypto community are still skeptical about using services like Recovery due to trust issues, Larchevêque made it clear that there are no malicious codes or backdoors present in any part of this firmware update —and ultimately warned against treating your HW manufacturer as an adversary if you wish to remain safe when dealing with cryptocurrencies.