Users of Ledger, the crypto hardware wallet provider, have been panicking and questioning their crypto fund’s safety with the firm after a controversial tweet. (that’s deleted now!) Unfortunately, the tweet spread like wildfire among the crypto community, leading various users to abandon the platform.

Let’s check what exactly happened. Before that, here’s a quick overview of the Ledger wallet.

About Ledger Wallet

A Ledger wallet is a hardware crypto wallet that provides a secure way to store and manage your digital assets. It is designed to keep your private keys offline, away from potential online threats such as hacks and malware.

Ledger wallets are small devices that resemble USB drives or smart cards. They use a safety element (a specialized chip) to store private keys and perform cryptographic operations securely. The wallets support a wide range of cryptos, including Bitcoin, Ethereum, Litecoin, and many others.

To use a Ledger wallet, you typically connect it to a computer or mobile device via USB or Bluetooth and interact with it through a companion application. The application allows you to manage your crypto holdings, view balances, send and receive funds, and sign transactions securely.

One of the major benefits of using a Ledger wallet is that it provides an offline, or “cold,” storage solution. Since the private keys are stored on the device and never exposed to the internet, they are less susceptible to hacking attempts or online scams.

What was the update about?

Ledger took it to Twitter to announce its latest firmware update post-which users started questioning their privacy and security.

It was about the introduction of the 2.2.1 firmware update that brings forth a new recovery feature called “Recover” in Ledger, allowing users to back up their seed phrases securely. This news garnered a lot of attention and ignited heated discussions within the crypto community.

Ledger Recover is a subscription service available to Ledger Nano X wallet users, offering a seed phrase recovery system that involves third-party custodians. Ledger presented this new feature as an innovative solution, allowing individuals holding cryptos and NFTs to retrieve access to their assets if they lose or forget their seed phrase.

However, a segment of the Web3 community has strongly criticized the announcement. They argue that the firmware update enabling this service contradicts Ledger’s longstanding policy (and key selling point) of ensuring that a user’s private key remains exclusively on the device. These concerns have sparked doubts regarding Ledger’s claimed commitment to privacy and security, although the company denies these accusations.

Why did the community rage?

Ledger, a renowned provider of hardware wallets, is valued at over $1 billion and generates an estimated annual revenue exceeding $53 million. These hardware wallets, commonly known as “cold storage” devices, offer a highly secure method for storing cryptos. Compared to “hot wallets” like MetaMask and WalletConnect, which store private keys online and are easier to use, Ledger wallets are considered superior due to their offline storage, minimizing the risk of exposure.

To set up a Ledger wallet, users need to create a unique seed phrase consisting of randomly generated words that serve as the private keys for their crypto wallets. Although this system is secure, it has its drawbacks in terms of usability. Losing the seed phrase results in the loss of access to funds, and if it falls into the wrong hands, it can jeopardize the security of the wallet.

Ledger has long marketed its wallets based on the assurance that users’ assets remain safe because their private keys never leave the devices. Hence, it came as a surprise to many members of the Web3 community when the company announced its plans for an optional paid subscription service. The confirmation was made on Tuesday, May 16, through a Twitter video featuring Ledger’s CTO, Charles Guillemet.

The essence of Ledger Recover lies in encrypting a user’s seed phrase and dividing it into three parts, each entrusted to a different custodian. Ledger itself acts as one of the custodians, while the remaining two are Coincover and EscrowTech, respectively, a crypto custody company and a code escrow company.

What about Ledger’s reputation now?

The vehement criticism from the community regarding the new feature is partly driven by Ledger’s past issues with data security. The company has faced multiple security breaches in the past, and the memory of these incidents continues to foster mistrust.

Notably, in December 2020, another significant security lapse resulted in the theft of 270,000 Ledger owners’ physical addresses. This stolen data was subsequently freely shared on a forum, leading to a targeted extortion campaign against the affected individuals.

Although Ledger expressed deep regret for the situation and reassured users that the compromised data was not linked to the funds in their wallets, the incident significantly impacted the community’s confidence in the company.