Ledger, the provider of crypto hardware wallets, has decided to postpone the launch of its private key recovery service after facing severe criticism following its announcement last week. As a result of the controversy, which has raised questions about the safety and trustworthiness of Ledger devices in general, the company is accelerating its plan to open-source its software to promote transparency.
Ledger’s Apology
Ledger CEO Pascal Gauthier issued a public apology on Tuesday for the way the company communicated its «Recover» service.
“Our unintentional communication mistake took everyone by surprise and affected our customers’ ability to accurately understand Ledger Recover,” said Gauthier. “We never meant to surprise you.”
Ledger Recover is a paid subscription service that allows Ledger Nano X users to recover their crypto if they lose both their device and paper-backup seed phrase. The system breaks a user’s private key into three encrypted “shards” and stores each of them with Ledger, Coincover, and a third party. However, the service has been criticized and questioned due to exposing Ledger’s potential to take users’ private keys from their devices using malicious firmware updates. Also, concerns were raised when Ledger Support claimed customers had always “trusted” them not to release such malicious code “whether you knew it or not.”
In an episode of “What Bitcoin Did” podcast posted on Monday, Gauthier also said Ledger’s custodians might be required to forfeit a customer’s private key shards if subpoenaed by a government.
Despite the backlash, Ledger plans to release a “clarified version” of Ledger Recover to answer most of the community’s expressed “sticking points.”
The Open-Source Roadmap
Ledger CTO Charles Guillemet has revealed that the company plans to open-source more of its software as a commitment to transparency. It has already open-sourced its cryptography library and will soon publish the Ledger Recover whitepaper to allow third parties to “audit the cryptographic protocols and enable people to build their own shards backup provider.”
Ledger aims to “gradually” open source most of its operating system. However, it can’t fully open-source its firmware because of its intellectual property agreements with the smartcard chip manufacturers. The company will continue to protect devices from physical attackers.
“Open-sourcing has always been at the core of our roadmap, and recent events emphasize the importance of accelerating our initiative to bring greater verifiability to everything we do at Ledger,” concluded the CTO.
