Ledger Doubles Down On Open Source Amid Recover Scandal
Ledger CEO Pascal Gauthier has issued an open letter addressing the recent announcement of Ledger Recover and how it was communicated to customers. In the letter, Gauthier acknowledged that the company’s communication mistake had caused concern among the crypto community and affected customers’ ability to understand the product’s role in the future of Ledger’s offerings.
The hardware wallet provider firm recently announced the launch of its new service, called Ledger Recover, which aims to provide users an additional layer of security by allowing them to store encrypted backups of their seed phrases with three custodians.
The opt-in feature will require a know-your-customer (KYC) verification. However, this move has been criticized by some crypto community members concerned about sharing seed phrases with anyone other than the wallet owner.
These concerns have raised questions about the safety of this new feature and have prompted Ledger to apologize for any confusion caused by the launch.
While this service is not new, how the company announced it caused some confusion. In its open letter, Gauthier acknowledged this and apologized for how it was communicated, stating that they never intended to surprise customers.
Gauthier emphasized that their mission is to make crypto secure and easy to use. He reiterated that the main pain point for crypto self-custody adoption is seed phrase recovery and that Ledger Recover is a necessary service to address this issue. He also stressed the importance of self-sovereignty and self-custody over digital assets, which is the ethos of crypto.
Furthermore, Gauthier stated that Ledger never compromises on security and that their Donjon security team is committed to reviewing not only Ledger’s firmware and hardware updates but also the entire ecosystem.
Ledger Puts Launch Of Recover Service On Hold
In addition to security, Ledger is also committed to increasing transparency. Most of Ledger’s codebase is already open source, and the firm plans to accelerate its open-sourcing roadmap. They will include as much of the company operating system as possible, starting with core components of the open source and Ledger Recover, which won’t be released until this work is complete, according to Gauthier.
Moreover, the company’s CTO, Charles Guillemet, stated that open sourcing has always been a core part of the firm’s roadmap and that recent events have only emphasized the importance of accelerating this initiative. By making the cryptographic protocols auditable, the company hopes to address concerns about the safety and security of its products, which some cryptocurrency community members have raised.
We’ll gradually open source most of our Operating System, starting with Ledger Recover, to make it fully auditable.We’ll release Ledger Recover Product as soon as this firmware part of the code will be published.
— Charles Guillemet (@P3b7_) May 23, 2023
The first step in this process will be the release of the whitepaper for Ledger Recover, which will allow for auditing the cryptographic protocols used in the firmware. This will be followed by the release of the Recover product as soon as the firmware is published.
Furthermore, according to Guillemet, The delay in the launch of the Recover program is a necessary step to prioritize transparency and security. The company will release the product as soon as the firmware part of the code is published. In contrast, the other parts will take longer since they must be refactored to abstract the chip-specific characteristics under Non-Disclosure Agreement (NDA) from the company’s open-source.
Featured image from iStock, chart from TradingView.com