Is Ledger Stealing Your Crypto?

Unmasking the truth regarding Ledger Recover.

GM DOers!

Ever lost your private keys in a tragic boat accident? Yeah, us neither. šŸ›„

But many seem to have lost their (not so) precious crypto that way. šŸ˜

Well, Ledger seems to have come up with a solution called Ledger Recover: an optional subscription for users who want a backup of their Secret Recovery Phrase.

Note: optional! šŸ‘€

However, Crypto Twitter thinks that Ledger will just nab your crypto before you get the chance to drop them overboard. šŸ¤”

So it seems like everyoneā€™s teamed up against Ledger, whose intent is to anchor the losses from poorly stored crypto.āš“

As you can see from the chart in the tweet above, poor custody has resulted in a whopping $120B of lost crypto. This includes losses that occurred due to hacks, fraud or misplacement of the seed phrase.šŸ’øšŸ’”

However, these all happened due to 1 reason: poor custody. If you were a victim of any of the above, you couldā€™ve simply avoided any losses by storing your cryptocurrencies offline and by keeping your seed phrase securely stored, not under your bed. šŸ¤¦ā€ā™‚

With all of that said, the crypto community seems to be reading between different lines. And they seem to prefer the piggy bank over potentially game-changing tech. šŸ·

Shoutout h0nza.eth for sharing this in our Discord

So letā€™s dive into the arguments against and for Ledger Recover and establish how this all actually works.

P.S - The information below based on our current knowledge and understanding. Ledgerā€™s code is closed source so we canā€™t confirm and have to go by what they share (not ideal).

We are also going to explain this in a simple manner to help you better understand the situation.

This is still a developing story and we will update you as we learn more. šŸ™Œ


šŸ‘‰ Lens Protocol: The Future of Social Media

Decentralized social media finally allows creators to own their content, data and followers. Thatā€™s why we choose to build part of our media platform on Lens Protocol.

Find Out More


Red Flags: Arguments Against Ledger Recover šŸš©

Some in the community have raised red flags, cautioning that Ledger Recover might be heading in the wrong direction. šŸ‘Ž

The main concern? The fact that your private keys can leave your device and be exposed on the internet if you opt-in and subscribe to Ledger Recover.

The second concern is that if thereā€™s a way to access the private keys when users accept it, whatā€™s to stop Ledger from accessing ALL usersā€™ private keys? Or the US government from forcing Ledger to do it. šŸ¤·

The third concern is about your private keys being sent across the internet. šŸŒ

However, all of the arguments above are actually untrue. The main thing weā€™ve noticed is that the community has gotten this whole thing backwards.

Everyone seems to think that Ledger all of sudden has access to your private keys.

Thatā€™s not accurate, so let us explain how Ledger Recover actually works šŸ‘‡

Decrypting the Treasure Map: The Intricacies of Ledger Recover šŸ”

Here's the scoop: Ledger Recover works a bit like a band of secretive pirates. šŸ“ā€ā˜ 

If you choose to subscribe ($9.99/month), your Ledger turns into a cryptographer, encrypting your private key and splitting it into three pieces using Shamir Secret Sharing (think splitting a treasure map into three parts). šŸ—ŗ

This all happens on Ledgerā€™s Secure Element chip, so your Secret Recovery Phrase remains as secure as a locked treasure chest. (Ledger is never getting your private key.)

These encrypted fragments are then stored by three different parties on cryptographically-secure Hardware Security Modules. 

Think of it as entrusting pieces of your map to three trusty pirates. šŸ—

Each of these encrypted fragments is as useless as a one-legged pirate in a kickboxing match. šŸ„Š

When you want to restore your keys, two of these third-party pirates send back their fragments to your Ledger device (not Ledger the organization), which can then piece together your Secret Recovery Phrase.

Through this whole process, Ledger and their trusted providers are as clueless about your Secret Recovery Phrase as a pirate on a vegan diet. šŸ’€

Still scratching your head around what Ledger Recover is? Watch this video to gain some clarity around how this tool works:


We hate that we cannot šŸ‘€šŸ”›ā›“ to verify all of the above. For now, we need to trust (and not verify) what Ledgerā€™s saying, which isnā€™t great.

However, at Web3 Academy PRO, we make sure to deliver only verifiable information that you can track & verify onchain!

To get weekly onchain reports combined with industry insights, make sure youā€¦


So, Will Ledger Rug You? šŸ¤Ø

Well, probably not! From the explanation above, you hopefully understand that Ledger doesnā€™t have the ability to access your private keys, even if you subscribe.

But that didnā€™t stop Trezor, Ledgerā€™s main competitor from taking advantage of the situation.

If youā€™re a social media manager, take note! This is how you capitalize on an opportunity, even though they know that Ledger did nothing wrong here...

Question: Now that you know how Ledger Recover works, will you use it? Reply to this email with Yes/No!

Now, letā€™s talk about how Ledger Recover could be a good thing for web3 šŸ‘‡

Making Crypto User-Friendly : The Upside of Ledger Recover šŸ‘

Navigating the crypto world can sometimes feel like a thrilling roller coaster ride. šŸŽ¢

But letā€™s face it, for many newcomers, managing a secret recovery phrase is like decoding an ancient treasure map: it's daunting and a bit old-school. šŸ˜¬

With Ledger Recover, your secret phrase is stored digitally, only a call away if you lose track, without Ledger or custodians ever seeing the full phrase. 

It's like a safety feature installed in your crypto vehicle, ready to assist when you need it.

As crypto gears up for mainstream adoption, improving user experience is critical, something we ALWAYS insist on. šŸš€

Ledger Recover is a part of that drive, making the crypto journey smoother and more in line with what digital natives expect.

That doesnā€™t mean you shouldnā€™t worry. šŸ‘‡

Wrapping Up: Is There Anything You Should Worry About? šŸ˜Ø

Sure! There always is. Despite writing 700+ words confronting the arguments of CT individuals, we actually like to see that web3 companies are challenged. šŸ’Ŗ

Ledger has rolled out a new feature and the community has investigated. And theyā€™ve got all the rights to ask questions and raise concerns. 

It shows the ethos of the community: Verify, donā€™t trust! šŸ‘€šŸ”›ā›“

And I think weā€™ve all learned not to vouch for any company (FTX vibes) because unforeseen events do happen! āš 

However, an important note is that Ledger has included a $50,000 recovery insurance. It's a safety net, but like all nets, it's not unbreakable. 

And in their Twitter Space, they did mention that this is a game-changer, especially for newcomers (who we think are the target audience here).

But, itā€™s probably not a service you want to use if you are storing a large sum of money, like $5M. šŸ’°šŸ’°šŸ’°

As we look towards the horizon of the next big phase of the internet, we need to acknowledge that easy-to-use apps will take us mainstream.

Thatā€™s not to say Ledger Recover is for YOU! 

You have the power to protect your assets. Ledger Recover is just a tool in your arsenal. Use it wisely. āš’

Web3 Academy is here to help you navigate these choppy waters, to onboard confidently into web3, and to provide actionable web3 solutions. šŸŒŠ

We encourage you to always self-custody your own private keys. However, if youā€™re going to store it next to your bed, youā€™re probably better off using Ledger Recover.

Nowā€¦ Enough with the generic advice. Letā€™s get specific.

Itā€™s time for our usual Advice For Builders and Investors, exclusive to PRO members!

Letā€™s get into it šŸ‘‡

PRO Advice For Builders and Investors

The name of the game is not losing your crypto!

10, 100 and 1000x's are great, but what's really great is simply never losing your hard earned crypto.

Yet, most people I know have lost at least parts of their crypto from bad wallet security (or uniformed investing).

My recommendation is the following:

  1. You should be accumulating a sum of crypto that you plan to never sell. This is your "retirement fund" or the fund you one day give to your children.

    Put this on a hardware wallet (ledger or otherwise) and never interact with it in ANY dApp.

    Don't opt in to share the seed phrase with Ledger Recover, don't trade on Uniswap...

    Do NOTHING. Only send crypto into the wallet and do nothing more (save the seed phrase on paper in a vault if you can).

  2. Have another hardware wallet like Ledger (can also be a browser extension wallet like MetaMask or Exodus) that you use to interact with dApps for ongoing legit activities.

    This one is fine to opt in if you feel like you need to (many of us early into this space probably don't need to, but many newcomers will... and that's ok).

  3. Have another browser extension wallet that you use as a dummy test wallet.

    Use this to mint NFTs, to interact with new dapps, test protocols, etc.

    Leave no assets on this wallet except enough ETH to pay for gas.

    When you get an NFT or receive an airdrop, send to wallet #2, unless you want to store it in the vault. In that case, send to wallet #1.

I realize these are extra steps that many people don't want to do.

But as Nike says - Just Do It!

Don't take the chance. You now have the right to self custody your own digital things, take full advantage of that and learn to do it properly.

There's too many stories of people losing money to not do this!

Thatā€™s it for today frens! We hope this advice will help you stay safe & away from hype cycles!

Until next time, keep DOing! šŸ˜Ž


Thanks for reading and weā€™ll see you tomorrow with our PRO Report ā¤


Disclaimer: This article is for informational purposes only and not financial advice. Conduct your own research and consult a financial advisor before making investment decisions or taking any action based on the content.

Loading...
highlight
Collect this post to permanently own it.
Web3 Academy logo
Subscribe to Web3 Academy and never miss a post.