Ledger recently announced a new service called "Recover" which is designed to help you recover your seed phrase in case of emergencies. The problem is, the method for doing this is splitting your seed into three shards and sharing them with third parties over the internet. This breaks the fundamental argument for having a hardware wallet as a cold wallet in the first place and leaves the door open for hackers to potentially use these same channels to extract the private keys from a device.
While this shouldn't be possible, as Ledger is close source, external developers can't verify exactly what the code is doing on the backend. And even if the channel itself isn't expoited, it is entirely possible that Ledger could receive a legal requst that requires them to share the seed with government agencies. While you may think you wouldn't be targeted, you don't have to look to far back to see instances where crypto has been decried as illegal in certain countries and if you look a little further, private citizens were even barred from owning gold for a while.
While Ledger's goal may have been to help those less tech savvy in creating seed backups, the methd has left thousands of security concious customers with devices they can no longer trust. A lot of the fallout could probably have been avoided by doing this with a new dedicated device, but it wasn't and now they are left dealing with mas backlash in the social media age where rage spreads quickly.
Hopefully a compromise can be found as a diverse hardware wallet ecosystem is valuable to the crypto community, as long as the devices are genuinely secure.
For what it is worth, although Ledger is taking flack here, they certainly aren't the only hardware wallet provider that could push out a malicious update which degrades security. That is why it is important to set strong community and consumer expectations and where possible, embrace open source development so the experts in the room can confirm that the device is doing what they actually say it is.
My Personal Take...
I've been a user of Ledger for many years, and will likely continue to be. I won't sign up for the Recover service as I don't want to share my seed phrase shared with third parties. I will monitor the situation as it develops, but I accept risk is part of working in this space. Many use MetaMask on hot devices, sign transactions they barely understand and store keys in "encrypted" clouds. You have to conciously choose your acceptable risk level. While I probably wouldn't opt for Ledger to hold a key under cold storage conditions for years, that was never really their core use case. IMO hardware wallets like ledger are designed to be used and they are simply a more secure location to store keys than on an always connected computer and that still hasn't changed.
