What Is Ledger Recover?
|— Ledger Recover is a paid optional subscription service that creates an encrypted backup for your Secret Recovery Phrase (seed phrase), allowing more users to access a secure and seamless user experience in Web3.
— This service offers crypto users and NFT collectors an option to back up their SRP securely and practically.
— With Ledger Recover, you can recover access to your wallet using an ID on a new or existing Ledger Device.
The crypto space can be daunting, especially when it comes to securing your assets. One of the biggest hurdles blockchain technology faces is its accessibility. For many, onboarding into the web3 space is no easy feat. Firstly, blockchain addresses are hexadecimal addresses, i.e long and complicated. This is just one barrier to understanding such technology. However, one of the most confusing aspects for any newcomer is the concept of private keys and seed phrases and how they can keep that information safe.
Not all crypto users have the luxury of having a safe place to store their seed phrase, and some others might not be willing to accept the burden of protecting their seed phrase, also called a Secret Recovery Phrase, alone. Unfortunately, there are many horror stories of people losing their seed phrase and therefore access to their wallets. To help these users, Ledger developed Ledger Recover: a way to create an encrypted backup for your seed phrase that only you can access, anytime, anywhere to keep your keys offline, and still recover them later.
What Is Ledger Recover?
Self-custody is the golden standard of crypto security and Ledger’s goal is to bring ease-of-use to it. In short, this service is all about making self-custody more convenient and less frightening.
Put simply, it is a backup for the scenario when you don’t have access to your seed phrase but might need it. Hopefully, you won’t need to use it, but Ledger Recover brings you peace of mind should you ever find yourself in an unfortunate situation.
Ledger Recover allows you to enjoy all the benefits of self-custody when it comes to interacting with web3, allowing complete control over your assets on the go. But it also gives you the freedom to retrieve access to your crypto wallet with your ID, just in case your Ledger device is lost or stolen and you no longer have your seed phrase.
But before we get into the specifics, let’s explore who Ledger Recover is for.
Who Is Ledger Recover For?
Put simply, Ledger Recover is for those who want to have a backup for their seed phrase. But why would you want a backup?
To understand the thought behind it, you must first understand who it was made for. Ledger Recover was developed for users who want to securely restore their private keys regardless of wherever they are in the world or whatever they’re doing. It’s a completely paid optional service, designed to help users take custody of their assets, no matter their situation.
Previously, onboarding non-crypto native people into web3 was difficult. Protecting 12-24 special words is not a familiar way of protecting everyday assets. To combat this confusing layer of blockchain technology, Ledger Recover allows you to retrieve your funds using a familiar method: Identification.
But it’s not just for new users. Ledger Recover can also help those without a safe place to store their seed phrase. Do you have housemates who you can’t trust around your valuables? Or do you live in a place prone to natural disasters? In these situations, looking after your seed phrase may be more of a burden than not.
So now you know who it’s for, what about who it’s not for?
Well, if you believe third parties can not be trusted, Ledger Recover is probably not for you. If you fall into that category — don’t worry. You don’t need to opt in and you don’t need to subscribe–you can continue managing your seed phrase yourself. No changes were made to the security of Ledger products.
But for those who do want a backup of their seed phrase, Ledger Recover is the perfect solution.
How Does Ledger Recover Work?
For security, the fragmentation, encryption, and decryption of your seed phrase happens on your Ledger device. Specifically, these functions occur within the Secure Element chip. To explain, inside each Ledger device, is a “small computer” chip called the Secure Element. This is one of the most secure computer chips in existence, also used in official passports and bank cards. So how does this process work?
There are three integral steps in the Ledger Recover process: Encryption, Identity Verification and Decryption.
When you subscribe to Ledger Recover, the secure element duplicates, encrypts, and splits an encrypted version of the seed phrase, the entropy, into three fragments. You will need to physically consent through your device before it does that. These encrypted fragments will be sent through 3 independent secure channels to these fragments’ backup providers. The secure channel allows mutual authentication and avoids man-in-the-middle attacks. During the process, the secure channel uses an ephemeral symmetric key to securely transport the fragments. Each fragment is then secured by a separate and independent company in different countries: Coincover, Ledger, and Escrowtech.
No single company has access to the entire backup, and each single fragment is completely useless by itself. This ensures the highest level of security and removes a single point of failure. Additionally, each fragment backup provider uses a hardened, tamper-resistant server called a Hardware Security Module (HSM) to securely store these encrypted fragments.
Ledger Recover uses your ID and a selfie to verify who you are, via its Identity Verification provider, Onfido. Then, it links your identity to encrypted fragments of your seed phrase. The identity providers store this ID data in an encrypted form. This way, the service can verify who you are in the event of a Recovery request, but your private information stays private. This ensures you alone can Recover your private keys.
But why is Ledger using Identity verification? Isn’t that a KYC? To explain the ethos behind it, Ledger Recover uses ID verification due to Ledger’s belief in self-custody and individual autonomy. Your identity is under your control, as opposed to social Recovery which relies on another party. Then, a government ID is also accessible — most people in the world have one. Finally, ID verifications are less cumbersome than a full KYC process, allowing customers to only reveal the necessary personal information and no more than that.
The next step in the process is decryption. So you may be wondering “Do I have to enter my seed phrase into a new device?”
The answer is no! Your device will take care of that for you following the verified identification. When you want to restore your wallet, you initiate the Recovery from Ledger Live. You’ll have to log in to your account and then go through 2 independent Identity verification processes. At this point, two of the three parties will send back their fragments to your Ledger device using the same Secure Channel mechanism. Once contained in the secure element, they are decrypted and reconstitute your seed phrase. This allows you to access your funds. If you sign up for Ledger Recover, it is possible to restore your account on any new Ledger device too. This means you stay protected, even if your device and the seed phrase go up in flames.
How Does Ledger Recover Stay Secure?
Ledger Recover is completely secure as you are the only person who owns your seed phrase, and the only person who has your complete seed phrase. Plus, Ledger Recover’s whole user flow is designed to prevent fraud.
So how does it ensure users’ security?
Are These “Trusted Parties” Trustworthy?
There are several measures in place to assure the trustworthiness of Ledger Recover’s trusted parties. You’ll need to identify yourself twice to both Coincover and Ledger’s identity verification providers before you’ll be able to use the service. Furthermore, Recovery requests will systematically go through multiple manual identity verifications by independent agents in addition to automatic AI-assisted recognition. All of these aspects are designed to keep users safe from Recover’s trusted parties becoming compromised.
And How Do These Parties Store My Information: Is That Secure?
“Ledger is uncompromising on security, and that will never change” – Charles Guillemet Ledger CTO
Security is paramount to both Coincover and Ledger. As a result, all of Ledger Recover’s identity verification providers use multiple encryption layers, with each party storing the encrypted fragments of your private key on Hardware Security Modules (HSMs). In short, these Hardware Security Modules use similar technology to the computer chips in Ledger devices, but they use servers installed in data centers with more computation power.
Finally, Ledger Recover has undergone independent security audits to check and test its processes. That means you can rest assured that the encrypted fragments of your seed phrase are in safe hands.
Can Ledger Recover Be Exploited To Steal My Seed Phrase?
Firstly, your seed phrase will never leave the Secure Element chip. Only encrypted fragments of it leave the device only if you choose to subscribe to Ledger Recover, and these fragments are useless alone. Even if a bad actor got hold of an encrypted fragment of your seed phrase, they wouldn’t be able to do anything with it. Even the most sophisticated hacker couldn’t reconstitute it!
Plus, your Ledger will only allow your seed phrase to leave the wallet as encrypted fragments when you permit it. Setting up Ledger Recover requires you to enter a PIN and consent to start the process on the device. Without your permission, the device will not (and cannot) fragment or send the encrypted fragments anywhere. That means if someone wants to exploit Ledger Recover to steal your seed phrase, they would need to have your PIN in the first place, which would already give them access to your wallet.
However, should someone steal your funds using Ledger Recover, Coincover offers users $50,000 in compensation. That just goes to show confidence in the product’s security.
How Can I Start Using Ledger Recover?
When it launches, you can start using Ledger Recover via your Ledger Live app. From there, in the “My Ledger” section, you’ll need to create a Ledger Recover account, add a credit or debit card, verify your identity with our verification partner Onfido, and then proceed to back up your seed phrase. Following that, you can rest assured that your seed phrase is safe to retrieve whenever you request it.
It’s important to note that Ledger Recover is a paid optional service that protects your seed phrase for $9.99 a month. However, you can also decide to unsubscribe any time you like to and decide to manage your seed phrase yourself.
For the time being, Ledger Recover is available to Ledger customers in EU countries, the UK, Canada, and the USA with a Ledger Nano X or Ledger Nano S Plus. However, it will become available to all Ledger customers in an increasing number of regions soon.
Does Ledger Recover Affect Me?
Maybe you’re not sure about Ledger Recover, don’t want to subscribe, and are wondering how it affects you. If you already have a Ledger device with the new firmware update — fear not! Ledger Recover is a completely optional feature. If you already use a Ledger device and would rather look after your seed phrase yourself — you can. Managing safely your own seed phrase is still completely necessary and recommended, by Ledger.
For future Ledger Recover subscribers, if you ever want to unsubscribe, your seed phrase will become again your only way to access your wallet and your funds. Although Ledger Recover is available on all existing Ledger Nano X and Ledger Nano S Plus devices, it must be activated via explicit user consent on the hardware device. To learn more, make sure you check out the Ledger Recover FAQs. Only you have the choice as to how your keys are managed, and that is what true crypto self-custody is all about.