Ledger Recover Controversy Explained: A Comparison with MPC Wallet Private Key Management Approaches
TechFlow Selected TechFlow Selected
Ledger Recover Controversy Explained: A Comparison with MPC Wallet Private Key Management Approaches
The Ledger Recover incident has prompted many users to reevaluate their private key management strategies.
Navigating Web3 tides with focused insightsAuthor: Lucas Yang, Cobo Global
Recently, Ledger, a hardware wallet provider, launched a new feature called "Ledger Recover," sparking widespread controversy. This article explores the reasons behind the backlash against Ledger's seed phrase backup service and compares it with MPC wallet approaches to private key management.
On the evening of May 16, Ledger released firmware update 2.2.1 for its Nano X cold wallet, announcing the upcoming introduction of the "Ledger Recover" feature. The feature splits a user’s recovery phrase (Secret Recovery Phrase) into three fragments using a sharding approach and requires users to provide personal identification information for binding. Unexpectedly, this rollout triggered strong backlash from its user community, with many expressing concerns about privacy and security implications.
According to Ledger, Ledger Recover is essentially an identity-based private key recovery service that offers customers backup for their recovery phrases. If a customer loses or cannot access their recovery phrase, they can securely restore their private key through this service using their Ledger device. The recovery phrase is encrypted, duplicated, and divided into three parts, each protected by one of three independent entities: Coincover, Ledger, and a separate backup service provider. When a user wishes to recover their private key, two of these parties send their fragments back to the Ledger device, where the private key is reassembled. Additionally, Ledger Recover requires users to submit personal information to Onfido, Ledger’s identity verification service provider.
While Ledger designed this backup method to increase fault tolerance against data loss, it has raised concerns among users regarding data security and trust in Ledger. Some users worry that storing personal information across multiple third-party systems could increase exposure to hacking, potentially leading to asset loss. Others point out that Ledger has long emphasized that private keys never leave the device—one of the core reasons for its popularity—and argue that this new feature appears to contradict that principle and conflicts with the privacy values held by the broader crypto community.
Do Ledger Private Keys Never Touch the Internet?
Compared to other hardware wallets, Ledger has long distinguished itself through its Secure Element chip. Ledger claims this chip fully isolates and protects private keys, leading many to view Ledger hardware wallets as analogous to iPhone’s Secure Enclave—ensuring private keys are completely inaccessible. However, the launch of the Recover feature seems to challenge this perception, suggesting that private keys can indeed leave the Secure Element in encrypted form. Although Recover is an optional service, the Nano X firmware update still embeds the functionality within the operating system.
From a technical standpoint, Ledger effectively demands “100%” trust from users, as the entire process of encryption and transmission of the recovery phrase is closed-source and unverifiable. Currently, Ledger has not provided transparency on how the recovery service securely encrypts user data or operates at the underlying level. Beyond Ledger itself, no one else can verify the security of the entire process.
Although Ledger Recover does not transmit the recovery phrase in plaintext outside the device, users remain concerned that Ledger has now introduced code capable of sending recovery phrase data via USB/BT. This creates potential attack vectors where malicious actors could exploit vulnerabilities to turn a cold wallet into a hot wallet and extract the user’s recovery phrase. Furthermore, users cannot verify whether Ledger can prevent hackers from consolidating all encrypted fragments to a single party, nor can they confirm whether only the user themselves can decrypt the fragments.
Privacy Concerns Around KYC Processes
Beyond the Recover feature itself, some users have expressed concerns about privacy. Hardware wallets are typically seen as tools for anonymously storing cryptocurrency, yet users opting for Ledger Recover must submit identity documents for verification—a process similar to the KYC (Know Your Customer) procedures used by centralized exchanges. This raises concerns about data leaks, hacking risks, and government surveillance.
With over 4 million users, Ledger manages a significant volume of digital assets. As such, user personal information holds high value for attackers—whether for phishing attacks or resale. In 2020, data from 272,000 Ledger users was stolen, after which many were bombarded with phishing attempts. Users therefore have legitimate concerns that enrolling in the Recover service may create another potential avenue for personal data leakage.
Is MPC More Secure?
Following intense criticism, on May 23, Ledger announced the postponement of the Recover feature’s release and stated it would soon publish a whitepaper detailing the Recover protocol in an effort to address user concerns. Regardless of the final outcome, this incident has prompted important reflections within the cryptocurrency security, custody, and safety communities. More broadly, it raises critical questions institutions must consider when choosing between different digital asset custody technologies and solutions—hardware versus software wallets, self-custody versus managed services.
Splitting a private key into multiple parts and backing them up separately to avoid exposure—just as Ledger Recover divides the recovery phrase into three fragments—is conceptually sound. However, the greatest technical risk with Ledger Recover lies in the fact that the recovery phrase, originally stored entirely within the hardware wallet, is now being encrypted, split, and transmitted to third parties—an opaque process vulnerable to interception. Any flaw along this chain could directly result in asset loss.
Many people assume custodial wallets are less trustworthy because they’re not under direct control, whereas hardware wallets feel more reliable since they’re physically held. In reality, custodial wallet technology has advanced significantly, offering highly secure and flexible options—one of which is MPC (Multi-Party Computation) wallets.
Multi-Party Computation (MPC) refers to a method where multiple parties collaboratively perform computations based on their own private data without revealing that data to others, and without relying on a central authority. During computation, no participant can infer the original data of others from shared intermediate results. Thus, MPC offers inherent advantages in both security and usability. With MPC, the full private key never exists during setup; instead, key shares are independently generated across multiple parties, eliminating single points of failure. Moreover, MPC algorithms are open-source, peer-reviewed, and battle-tested, making them transparent and trustworthy.
Cobo MPC
Take Cobo MPC WaaS (Wallet-as-a-Service) as an example. Cobo MPC WaaS leverages MPC-TSS (Threshold Signature Scheme), delivering digital asset co-custody and blockchain infrastructure services through a Wallet-as-a-Service model.
MPC-TSS is a threshold signature technique built on multi-party secure computation. Using MPC-TSS, multiple parties each manage a private key share (MPC Key Share) and jointly perform operations such as key generation, signing, and recovery via distributed computing. Throughout this process, no party exposes their key share during collaboration, and the complete private key never exists in any form anywhere. MPC-TSS ensures individuals and enterprises can use cryptographic keys more conveniently, securely, and in alignment with business logic.
Cobo employs a three-party co-management model combined with a 2-of-3 multi-signature scheme. Three-party co-management means each participant holds one key share. The 2-of-3 signing requirement ensures that every transaction needs cooperation from at least two parties to be signed. This design guarantees Cobo cannot unilaterally move customer assets, and even if one party’s key share is compromised, it cannot be used alone to conduct transactions. Additionally, customers can recover lost shares with help from Cobo and a third-party custodian. The choice of the third party rests entirely with the customer, ensuring full asset control through both technical and procedural safeguards.
The Ledger Recover incident has prompted many users to reevaluate their private key management strategies. While MPC wallets may appear similar to Ledger Recover on the surface, they differ fundamentally in their security architecture. Readers interested in learning more about MPC wallet technology and products are welcome to visit the Cobo website (https://www.cobo.com/mpc) for further details.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
Cobo
