Amid the backlash and controversies surrounding Ledger’s announcement of its new Ledger Recover feature, Ledger CEO and co-founder Eric Larcheveque has taken to Reddit to comment on the entire situation.
In the Reddit post, he described the entire situation as a horrible mess, blaming the backlash on a “total PR failure.” However, he maintained the Ledger Recover feature is not a technical failure, admitting he probably wasn’t relentless enough (as CEO) in explaining how the security of users’ hardware wallets works.
Admits governments can subpoena third parties, access your funds
In a response to the long-winded Reddit post, an enthusiast asked if a government can issue a subpoena to the third parties holding different shards of the seed phrase to access a user’s Ledger wallet, and Eric Larcheveque answered in the affirmative.
“If you are a Recover user and have your shard safeguarded by third parties, then yes, a government could subpoena them and get access to your funds,” the Ledger co-founder wrote in the response.
The possibility of that happening is one of the primary drivers of a widespread backlash against the Recover feature, and the former CEO has all but confirmed users’ fears. Eric’s response, in conjunction with most press releases from the company, shows that most Ledger users have always been misinformed about the company’s security architecture.
The security architecture didn’t change – Eric
According to Eric, the new Ledger Recover feature did nothing to change the existing Ledger security architecture, claiming users have always had to trust Ledger not to push rogue firmware to their wallets.
In the posts, he addressed a Ledger executive’s 2022 tweet claiming Ledger can’t extract your hardware wallet’s seed phrase from the secure element. According to him, the tweet is a half-truth missing a crucial part: “as long as you’re trusting Ledger.”
Unlike what most users think, Ledger is not a trustless solution after all, and the company has always been able to extract users’ keys through a firmware update. For a non-custodian hardware wallet, it’s simply not acceptable, as Ledger being able to extract the keys means it’s technically a custodian wallet.
Ledger users against the idea of a Recover feature still have a choice, at least for now; the feature is currently opt-in only, so you can keep using your wallet without worrying about third parties leaking your seed phrases to a government.