Original author:Original author:

Head of Content at Foundation, a bitcoin tools development company @Sethforprivacy

Original compilation: PANews

On May 16, Ledger released the Nano X cold wallet 2.2.1 firmware update, which will introduce a key mnemonic recovery function called "Ledger Recover", as an ID-based key recovery service. The user's private key will be backed up to restore the seed phrase, and a subscription ($9.99 per month) is required to enable it. Currently an EU, UK, Canadian or US issued passport/ID document is required to subscribe to the service, but in the coming months more countries will be covered and support for more documents will be added.

However, the release of this function has caused many Web3 users to worry about privacy and security, especially when it involves storing private key mnemonic words and associating them with passports or ID documents, which obviously violates the privacy values ​​​​of the encryption community. The head of content at Foundation, a bitcoin tools development company, has posted a post calling out the "dangerousness" of Ledger's latest cryptocurrency custody solution.

It is said that the core of Ledger's new product is to fragment the user's mnemonic and divide the mnemonic into three parts before encrypting it. At the same time, users are required to provide their own ID + selfie record, and then trust the three custodians Humans protect these pieces of information for you.

However, there is a problem with Ledger doing this.

First of all, in order to use this "mnemonic phrase recovery" system, you must associate your ID identity information with your Ledger account, which will cause a KYC pain point, causing data leakage, hacking, and censorship and monitoring issues .

Second, you also need to trust a third party and hand over your ID information and information related to cryptocurrencies to a third party. Data leaks or hacks are very likely in this case, after all Ledger user data is very valuable (both now and in the future), and any "authorized third party" may at any time decide to use your data as a source of revenue.

What's more, the Ledger Recover service also compromises user privacy. At present, most Ledger users choose to use the Ledger Live software service, which will use the Ledger node to synchronize all wallets, which contains all the details of cryptocurrency activities in the wallet, compared to binding their own ID to the Ledger account , users using Ledger Live are at a higher risk.

According to the disclosed information, all KYC data is collected by a company called "Onfido", which will handle matters such as KYC information verification. When Ledger users upload/verify their identities, they will retain user ID, selfie video Picture/video/sound, and an overall picture of the user's device and current activity.

This means that Onfido will have full control over your ID and the fact that you are a Ledger user. Of course, they know for sure that you hold cryptocurrencies. Onfido will also have full knowledge of the devices you use to authenticate, so now you not only trust Ledger and “authorized third parties” with your identity data, but you also trust Onfido with your devices and more.

All of these operations can easily lead to new threats. Next, let us further analyze from a technical point of view.

From a technical perspective, users must trust Ledger "100%" because the code for the entire process is closed and unverifiable. While Ledger co-founder Nicolas Bacca said his team plans to open up its code in the future to allow users to see how Ledger's recovery service securely encrypts user data and operates securely under the hood, Ledger is also making its recovery service fully accessible. Choose and be transparent about partnerships with 3rd party custodians, but at least as of this writing, Ledger has not open-sourced the relevant code, i.e. no one but Ledger themselves can verify what is actually happening/security .

If all goes as described, the user's seed phrase should theoretically never leave the device in an unencrypted state. However, we have no way of verifying this and ensuring that these seed phrases are securely completed or properly encrypted. But one thing is for sure: now the code is running on your Ledger and you can send your mnemonic via USB/BT. From another perspective, at this time your wallet will no longer be a so-called "cold wallet", but "turn from cold to hot". Not only that, but being able to "hot" your wallet with a few keystrokes opens up a ton of new attack vectors for phishing and malware where hackers could unknowingly get hold of your seed phrase .

At this stage, we are unable to determine whether Ledger has built-in security measures to prevent someone from sending the encrypted shard mnemonic to one person, or to 3 different custodians, or whether the shard mnemonic can only be sent by The user will decrypt it by himself.

There is another problem here, you can't know how the mnemonic recovery process, or the decryption process works. Users have to log into the Ledger and verify their identity, but if decryption can only be done on their own device, how does the new device get the decryption key?

In end-to-end encryption (E2EE) schemes, there is usually a way to approve new devices and send them the decryption key, but in the case of a lost Ledger, the user cannot actually do this, so someone else must have them A copy of the Ledger decryption key sent to you is required for mnemonic recovery.

In this case, who owns these decryption keys? Is it Ledger? Or is it encrypted and put somewhere after logging into Ledger Recover and ID verification? If so, how is the decryption key stored, encrypted with what technique, and how is it authenticated?

first level title

Summarize

Summarize