I run a Ledger competitor, but I support them blowing keys

It’s counterintuitive for a CEO to defend a competitor, especially when that competitor is rolling out a feature similar to the one we pioneered years ago. But given the debacle surrounding Ledger’s new “Ledger Recover” feature, it’s time to offer a balanced perspective.

The company is under fire for releasing a wallet firmware update that allows it to send a version of the wallet seed phrase to third parties. But the outrage feels out of proportion. The perception that Ledger carelessly “sends seed sentences to a server” is fundamentally misinformed. Let’s be clear: the new system is opt-in only. There is no forced participation or hidden back door. The seed is split locally into three encrypted shards using Shamir Secret Sharing, a respected cryptographic process, and sent encrypted, a practice familiar to the industry for many years.

One of the companies hosting the shards is EscrowTech, a company we brought into the crypto sector four years ago. I am confident that, despite our rivalry, Ledger can successfully implement a system that meets his requirements. They have shown dedication and seriousness in the past and there is no reason to expect otherwise now.

WTF is this really @Ledger ? this is unreal, I am literally getting sick

do you have any idea how much money secure your devices???

have you lied all this time and said that the seed on the device is not accessible anyway? pic.twitter.com/34txno7koR

— Clouted (@CloutedMind) May 16, 2023

Despite the backlash, it’s essential to remember: if you don’t like it, don’t use it. Period of time.

We’ve always strived to upgrade such systems, but for those who choose to stick with seed phrases, Ledger Recover is undeniably a step forward. I’ll give Ledger credit where it’s due: To really get billions on board and move assets into our self-custodial universe, Ledger Recover is one possible solution. Securely encrypted secrets stored in the cloud are the future, not scraps of paper or steel plates kept under your mattress or even worse in a bank vault (the irony…)!

Related: Elizabeth Warren urges Senate to ban your crypto wallet

That said, there are a few things Ledger got wrong. Their proposed solution identifies a fundamental problem that cannot be solved by Ledger Recover: seed sentences. I dislike them and consider them obsolete and unfit for personal safety. An estimated $100 billion worth of Bitcoin (BTC) (alone) has been lost or stolen over the past decade due to mismanagement of seed terms. And it doesn’t get any better: Every day new stories of key misplacement and loss pop up on forums like Reddit and Twitter.

Seed phrases represent a single point of failure, which overburdens the user and is prone to human error, phishing attacks, account takeovers, and many more disasters. Multiparty computation (MPC) wallets and other proven cryptographic techniques offer vastly superior compromises where seed-based approaches seem archaic in today’s rapidly advancing digital landscape.

Ledger’s current users, mostly hardcore crypto enthusiasts, feel betrayed, but the existing seed model simply doesn’t work for everyone. Even Ledger acknowledged it on his own website.

Besides ignoring the basic seed phrase vulnerability, Ledger Recover itself has its own share of problems: the one-way firmware update, the closed-source sharding, the Know Your Customer (KYC) porting, the pay -to-recover scheme and, most of all, the “trust me, this is opt-in only” with no ways to verify the source code. The closed code, reliance on third-party custodians, and seven-day closure if payment ceases will definitely (and already has) raise more questions.

The introduction of Ledger Recover could also lead to new attack vectors on and off systems: from local malware to government coercion, social engineering (already widely deployed in their latest e-commerce breach) and fake KYC recovery that need to be addressed . Finally, Ledger’s communication and timing could have been better articulated and prevented the current turmoil.

Related: Cryptocurrency miners are leading the next phase of AI

However, this does not prevent them from trying to innovate and improve user security, albeit in a different way than we do.

To Ledger, I suggest providing a comprehensive end-to-end demo video, a documented white paper with possible third-party audit reports, and a thorough explanation of how Ledger Recover works. The FAQ leaves questions unanswered and customers are left guessing or misinterpreting the service. The community thought they could trust you blindly, but you have to earn that back after this episode.

This is not a clear case of right or wrong. Ledger is making strides in the right direction and has built a remarkable track record in an incredibly hostile environment – we know that firsthand. But they also have room to learn and improve.

Imposing a new safety path, even optional, is like asking to believe in a second religion that you didn’t choose in the first place. It’s certainly a divisive issue, but it’s vital for the crypto community to focus on facts rather than interpretations. Ultimately, our words here (or on social media) won’t matter, and people will vote with their dollars (I mean their crypto). As competitors we may not agree on every detail, but we can all agree on the need for innovation, safety and transparency.

This article is for general information purposes and is not intended to and should not be construed as legal or investment advice. The views, thoughts and opinions expressed here are those of the author alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.