- Governments can seize Ledger Recover users’ seed phrases according to Ledger co-founder Éric Larchevêque
- Larchevêque was addressing the criticism of Ledger Recover on Reddit when he admitted that the key custodians could be subpoenaed
- Larchevêque called the rollout a “horrible mess”
If things weren’t looking bad enough for Ledger over its botched Ledger Recover unveiling, the weekend saw a further twist: governments can subpoena the custodians holding your keys and seize them. The revelation came from Éric Larchevêque, Ledger co-founder and CEO of the company from 2014 to 2019, who took to Reddit to bemoan the way the rollout of Ledger Recover was handled, and also to answer questions about it, despite no longer working for the company. Larchevêque revealed that governments would almost certainly be able to seize a user’s keys from one of the trusted key custodians used by Ledger Recover, news that only adds to the negativity surrounding the service.
Larchevêque Brought “To the Verge of Tears”
The launch of the Ledger Recover service last week could have been a success had it been handled correctly, but the company completely misread the crypto community and allowed anger and criticism to foment and misinformation to run rife. Many were left with beliefs that Ledger is forcing its Recover service through a firmware update and that the seed key would be easily exploitable by bad actors. Both of these are untrue, but Ledger’s attempts to make it clear were too little, too late.
Larchevêque, still a Ledger shareholder, noted this on Reddit, calling it a “horrible mess”, saying it brought him “to the verge of tears” to see the company be launched and built being talked about in such a way. He then summarized what had gone wrong with the launch:
My first step is to apologize as a co-founder about how this launch have been handled. I can’t help but to wish this had been done differently. I don’t have all details, but for sure something went wrong and the Ledger Recover service was put in your face in the worst way possible. This is obviously a sensitive subject and would have needed a much more prepared communication. To me, all this meltdown is a total PR failure, but absolutely not a technical one.
Had the PR nightmare not come just as the company was enjoying a reprieve from the way it handled the data breaches of 2020 it might not have been as bad, but this is the unfortunate truth, and Ledger has paid the price once again.
Government Seizure Causes Consternation
The most upvoted question asked of a clearly devastated Larchevêque centered around the security of the keys, primarily with regard to a potential government seizure. After all, part of the point of all hardware wallets is to ensure that only the holder has custody of their keys, so that their funds cannot be seized by a third party. Larchevêque’s response was mightily concerning:
This fact will almost certainly kill Ledger Recover dead for those already holding a Ledger wallet, which probably wasn’t Ledger’s target market anyway. But, as Larchevêque noted, the damage done to Ledger’s reputation (again) has led to people destroying their devices and swapping them for those of their competitors due to a perceived lapse in security.
However, as Larchevêque also noted, nothing has actually changed with how Ledger devices themselves work:
Some amount of trust must be placed into Ledger to use their product. If you don’t trust Ledger, meaning you treat your HW manufacturer as an adversary, that can’t work at all. When Recover was abruptly launched, this false sense of trustlessness went into pieces and people started to actually understand how a HW works.
The mistake of some of the “power user” community (reddit, twitter…) is to become batshit crazy and start writing stuff like “there is a backdoor from day one” or “the governement has taken over Ledger”. The hard truth, which has been confirmed by many experts who took the time to actually deep dive on the subject, is that nothing changed. Absolutely nothing happened. The security model is the same than before you knew Ledger Recover existed.
Setting aside the exaggerations and mistruths put about by fearmongers and the genuinely misinformed, the fact is that there is a core weakness with Ledger Recover, in that governments can seize your wallet’s seed key behind your back for whatever reason they like.
This reason alone will almost ensure that no existing Ledger users sign up for it, and will almost certainly put off other potential users once they investigate. In short, Ledger has created another PR nightmare for itself and it will probably be reminded of it every time it tweets about Ledger Recover.