Ledger, the popular hardware wallet provider, has clarified the doubts that the community had about the new service provided by the company called Ledger Recover. The community was worried about the possibility of Ledger and other third-party apps accessing users’ private keys stored on the device. However, Ledger confirmed that it is not possible for third parties to access your private keys without your consent.
Ledger Clarifies Community Doubts
It has been a difficult week for Ledger. The company released a new solution called Ledger Recover, which allows users in Europe, the United States and Canada to share information about their private keys with third-party entities in case they lose them and would like to regain access to them.
The issue started when in November 2022, Ledger confirmed that firmware updates can’t extract the private keys from the Secure Element. However, Ledger wrote a few days ago that “it is and always has been possible to write firmware that facilitates key extraction.”
Due to this issue, there has been some confusion among the crypto community. Charles Guillemet, the CEO and founder of Ledger, explained in a long Twitter thread that the private keys are generated and safeguarded on the Ledger device. Every single time that an application needs your private keys, there will be a request that users will have to consent to (or not).
On that matter, the CEO of Ledger explained:
“A hardware wallet is mostly used as a signing device. It generates and safeguards your private keys. Your private keys never leave the hardware wallet. Whenever they are used, your consent is requested.”
A hardware wallet is mostly used as a signing device
It generates and safeguards your private keys.
Your private keys never leave the hardware wallet. Whenever they are used, your consent is requested.
— Charles Guillemet (@P3b7_) May 18, 2023
It might take time for Ledger to build trust again among the crypto community. Another thing that has raised concerns is linked to the fact that Ledger is not open source, which means that the community can’t audit the software and the code running behind Ledger devices and solutions. It remains to be seen how the community will react to the latest comments from Ledger.