Unlock exclusive research & insights you need to navigate the crypto space with confidence

Should you dump your Ledger?

May 17, 2023
17 May 2023 : 13:58
4 min read

Yesterday, Ledger dropped a bombshell that set the crypto world ablaze: the introduction of Ledger Recover.

The once fortified bastion of privacy and security, Ledger, was suddenly offering an option to share your sacred private keys with specific institutions: Ledger, Coincover and another third party. It felt like a seismic shift from the crypto ideals we’ve cherished.

Did things really derail this quickly? Or is this a nothing burger?

Well, let’s dive in and see for ourselves!


  • Ledger’s Recover, a new opt-in feature, stirs up Twitter with its ‘private key sharing’ ability.
  • The feature’s critics worry it could be a chink in the armour, giving bad actors easy access to private keys.
  • Ledger defends its corner in a Twitter Spaces chat, vouching for the feature’s security.
  • We’re not sold on Ledger’s method. The potential for attacks and the necessity for KYC set off alarm bells.
  • We suggest holding off on the latest Ledger firmware upgrade till the fog clears. And while you’re at it, why not broaden your wallet horizons with options like Argent and Trezor?

What is Ledger Recover?

This new feature is designed to make it easy for anyone to own crypto, getting rid of the confusing stuff related to private keys.

To solve the problem, Ledger announced their opt-in Recover feature ⬇️

As soon as this was tweeted, all hell broke loose on Twitter. And, for good reason.

What is the problem?

Here’s the issue: until now, only you, the Ledger owner, could peek at your private keys. But in a flash, Ledger’s planning to roll out a “private key sharing” feature with a fresh firmware upgrade. That’s where the trouble starts.

We took to Twitter, and let’s just say, a certain someone got a bit of a grilling from us for accusing us of spreading FUD – they’ve since deleted their reply (too hot to handle, perhaps? 😂).

We spotlighted a key issue – Ledger’s cryptic communication. We flat-out asked,“There’s a new mechanism that enables seedphrase sharing. Do you trust that mechanism? Maybe it’s trustworthy, maybe it isn’t. Either way Ledger need to explain this better to instil relief in their customers or face an exodus.”

Ledger’s response

Ledger came out a few hours after the outbreak and jumped on a Twitter spaces with multiple executives to address all concerns.

The top two most important questions were: Who is this feature for and is it secure? 👇🏼

So, allegedly, this route is secure and upgrading to the latest Ledger firmware is also recommended (by them, not us – we have a different view).

Cryptonary’s take 🧠

It’s commendable that Ledger is gunning for global adoption, tackling the tricky private key conundrum head-on. But their approach? Not our cup of tea.

This new feature flings open the door to possible attacks. Yes, you need to sign a transaction to share private keys, but what if someone’s tricked into signing while in the thick of a DeFi contract? They’ve promised a “secure channel”, but should we just take their word for it?

And then there’s the whole KYC requirement to access the feature. To us, that looks more like IRS meddling than a Ledger initiative. There are smarter options out there, like socially recoverable wallets (Argent, we’re looking at you) that sidestep the KYC problem. Because what if there’s another data leak, but this time linking names and addresses to wallet addresses? The potential for crime is staggering.

We urge Ledger to hit pause on this feature, and rethink their strategy – smart contracts could be a smarter route.

Action points 📝

  • Do not upgrade your ledger to the latest firmware – for the time being; until they provide more clarity or make changes.
  • Opt in to use a Ledger Nano S for now as only Ledger Nano X will have that feature today.
  • Diversify your wallets, we recommend checking out Argent and Trezor.


Post a Comment