Ledger co-founder clarifies "there is no backdoor" in Recover firmware update

cointelegraph.com:

The launch of Ledger Recover, a service that allows users of the Ledger hardware wallet to back up their secret recovery phrases, met with immense resistance from the crypto community. Ledger co-founder and ex-CEO Éric Larchevêque took the criticism against Ledger as “a total PR failure, but absolutely not a technical one.”

Ledger Recover is an OTA firmware update, which would allow users to back up their seed phrases by third-party entities. If a user chooses to opt-in to the new service, the recovery phrase fragments get encrypted and are stored by 3 different parties, which can be used to recover the phrase in the future. However, the idea of the seed phrase leaving the hardware wallet did not resonate with users that considered Ledger as a trustless service for storing cryptocurrencies.

Addressing the rising concerns of users worldwide, Larchevêque posted on Reddit clarifying that Ledger was never a trustless solution:

He argued that the Ledger Recover update has no impact on the hardware wallet’s security model. He added:

Larchevêque believed that the only thing that changed is the general user’s perspective on trustlessness and that the Recover code in the firmware is not a malicious code:

Trusting Ledger with sharding the seed phrase is just like trusting Ledger with signing a transaction, he added. Addressing a user’s recommendation about having two different firmware to eradicate ‘backdoor’ concerns, Larchevêque said that “it wouldn't change anything” and would be saddening for him personally.

The firmware update in question is not available for Nano S — Ledger’s cheapest hardware wallet offering — as the chipset does not have enough memory to store the new firmware.

Related: Crypto community reacts to Ledger