Ledger just released a new update supporting social recovery of seed phrase for Nano X
The latest update from Ledger will make it possible for users of the Ledger Nano X hardware wallet to restore their seed phrase by social means. Mudit Gupta revealed this in a Twitter post on Tuesday, May 16. The post said,
“It encrypts your seed in 3 shards and sends it to different entities that can then reconstruct the seed for you post ID verification.”
The blockchain security researcher and Polkadot co-founder described the update supporting social recovery of seed phrases as a “horrendous idea” and asked users not to enable it in their devices.
Anything secured by ID verification is inherently insecure
Even though the social recovery system is backed by ID verification, Gupta said that it is not a reason to consider it as being reliable. In the Twitter thread, he wrote,
“You know what else is secured by ID verification? Mobile number porting. Do you know how many high profile sim jacking cases happen every day? Too many.
Too easy to fake
Anything secured by “ID verification” is inherently insecure. Too easy to fake, he maintains.
He said that splitting the key in three parts is not a problem, but the security of the system is weakened by the fact that the keys are sent to three different corporations who may reconstruct the key. Gupta highlighted that the use of identity to verify a key is inherently flawed because of the rampant nature of identity theft.
The motive behind the feature
“I wonder if the motivation behind this feature is to make money from the subscription model or if it was forced onto them by regulators so the regulators can get their hands on KYC data and potentially seize assets.”
The blockchain expert said that he would recommend Ledger as a good hardware wallet for users. However, he wouldn’t recommend that users enable this feature.