The hardware wallet Ledger often cited as the most secure way to hold your crypto has come under fire after its latest update. Ledger revealed last night that it will give an option to its users to link their seed phrase to their identity card or passport.
The entire selling point of a crypto hardware wallet like Ledger is that the users themselves have to be responsible for their recovery seed phrase. No third party has access to your recovery seed phrase. However, with the new Ledger Recover update, the hardware crypto wallet is offering a subscription service that would allow you to store your recovery seed phrase in an encrypted way.
How will Ledger store your seed phrase?
Ledger Recover update promises to encrypt and divide your seed phrase into three pieces. After that you will give over your identity proof, a selfie recording, and then three different custodians will secure those shards for you. The three custodians will be Ledger, Coincover, and a third provider. Ledger clarified that this is an additional service and users are allowed to keep their recovery seed phrases with them as they were doing before. Many online privacy advocates called this update dangerous and started a stir on Twitter.
Why Ledger Recover update is dangerous?
In order to avail this seed recovery update service, a user will have to connect their identity to their Ledger account. This will give another KYC pain-point for data leaks, hacks, and government censorship or surveillance. Above all, a user is being put in a position where they will have to trust a third party with their crucial ID information and information on all their crypto holdings.
A database of this sort could also become vulnerable to hacks and leaks. Also, the sales of the crypto hardware wallet’s users would be extremely valuable. Any of the “authorized third parties” could also decide to leverage the data as an income stream at any moment.
Earlier in 2020, Ledger suffered a data leak exposing phone numbers and physical addresses of nearly 300,000 customers along with over a million email addresses.
From the technical point of view, the code for this entire process is closed-source and unverifiable. Ledger Live uses Ledger’s nodes for all wallet sync, revealing every detail of your cryptocurrency activity and making it trivial for Ledger to link this to your ID itself.
All the KYC data is collected by Onfido. The company also handles the KYC onboarding and keeps track of your device and current activity when you upload/verify identity. Not only you are trusting Ledger and other authorized parties, you’re also trusting Onfido with your crucial information. Is it a disaster waiting to happen?
The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.