Ledger, a manufacturer of cold wallets, is facing criticism for its latest firmware upgrade. The upgrade includes a subscription-based feature called “Recover,” which has drawn criticism for allowing the company to access users’ seed phrases, which goes against the purpose of a hardware wallet. The feature is included in the 2.2.1 firmware update.
The KYC has become a major point of criticism
Criticism is being directed at the feature for mandating KYC registration, which is contrary to the privacy values held by many in the crypto community. As part of the registration process, users must provide a government-issued ID photograph. The requirement for identity verification is only applicable to users in the EU, the U.K., Canada, and the U.S. and is currently limited to Ledger Nano X devices.
Community backlash
Numerous users have expressed their dissatisfaction and annoyance with the update on online forums such as Reddit. In response Ledger clarified that the device only sends encrypted fragments of users’ seed phrases to other companies if they opt to use the recovery service. Users are still free to backup their seed phrases themselves. Despite this explanation, many remain concerned that the device has the potential to leak data to the internet and are not appeased.
Data breaching in 2020
The most notable critique aimed at the wallet manufacturer pertains to data breaches. In December 2020, 270,000 Ledger owners’ physical addresses were stolen following another security breach in July 2020. The information was shared on a forum by the hacker, who used it to target victims in an extortion campaign. The company’s CEO expressed regret over the incident and assured users that there was no link between the data and the funds in their wallets.
