Following harsh criticism from the crypto community, hardware wallet provider Ledger will delay releasing a key recovery feature.
In a letter to users, Ledger CEO Pascal Gauthier wrote that the firm won’t introduce the new feature before releasing the code for it. The company also scheduled a Twitter Spaces session for 12:30 p.m. EST on Tuesday to discuss the issue.
Last week, Ledger announced the service, called Ledger Recover, which will allow users to store encrypted backups of their seed phrases with a set of three custodians. Ledger owners will then be able to restore their private keys even if they lose or forget their seed phrases. The opt-in feature will require a know-your-customer (KYC) verification.
Ledger came under fire almost immediately from members of the cryptocurrency community, which criticized the idea of sharing seed phrases with anyone other than wallet owners. Multiple commentators wrote angry posts on Twitter, Reddit and other platforms, saying they felt betrayed by Ledger, which has previously said that Ledger wallet private keys would never leave a device.
Some critics also highlighted potential threats such as hacks of the custodians, data leaks from KYC providers and law enforcement taking control of Ledger users’ data. Others noted that the code for the Recover feature is not open-source, so there is no way to audit the safety of the proposed custody mechanism.
Unlike some competitors, Ledger does not publish all its code, but instead has its product tested by a team of selected security researchers.
The company learned a hard lesson, Gauthier said in his letter to users. Parts of the Ledger code have been open-sourced before, and more will follow soon, Gauthier said.
“We have made the decision to accelerate the open sourcing roadmap! We will include as much of the Ledger operating system as possible, starting with core components of the OS, and Ledger Recover, which won’t be released until this work is complete,” he wrote.
Gauthier also reiterated the idea that offering key recovery services is essential to onboard a new wave of crypto users, for which self-custody might feel too difficult.
“The majority of users in crypto today either don’t own their private keys and/or are putting their private keys at risk using less secure forms of self-custody, and hard-to-use forms of storing and securing their seed phrase,” the letter reads.