Ledger recently faced criticism after its support team made a now-deleted tweet implying that it could develop firmware enabling key extraction. The tweet fueled concerns about the company potentially compromising users’ assets, even though it claimed not to have done so thus far.
During discussions about their new wallet recovery service, Ledger Support responded to inquiries with tweets suggesting that the company could compromise customers’ assets. The tweet stated, “From a technical standpoint, it has always been possible to develop firmware that enables key extraction.”
1/
I’ve read several misconceptions about how a wallet works. It seems some people thought there is some magic, let me explain how it works.A thread 👇
— Charles Guillemet (@P3b7_) May 18, 2023
After deleting the tweets, CTO Charles Guillemet attempted to clarify, and a Ledger spokesperson affirmed that the company cannot and will not extract users’ keys, requiring customers’ approval for any key-related action.
Ledger introduced its “Recover” service, allowing users to back up their seed recovery phrase by encrypting it with third parties. Users expressed concern that splitting the key between third parties could compromise security, contradicting the primary purpose of a hardware wallet.
Ledger argued that this backup option is popular because it addresses the risk of assets becoming irretrievable due to the loss of a recovery phrase. CEO Pascal Gauthier defended the service, stating it’s what future customers want for onboarding to crypto.
Justin Sun, founder of Tron and a stakeholder in the Huobi crypto exchange, stood by Ledger, describing the company as a “trusted partner” with a commitment to security and customer service.