Ledger is Proving the Perils of Sacrificing Security on the Altar of User Experience
06/06/2023
Last updated
06/06/2023
Last updated
By Kane Wang
Just days after Ledger, a leading hardware wallet provider, had first announced an optional yet controversial firmware update on its Nano X product, the company had already backtracked on the decision. Responding to Web3 community uproar, Ledger quickly pledged to open-source more of its codebase, starting with its core operating system and Ledger Recover, the contentious update at the center of the furor.
Ledger had set out with the intention to make self-custody easier for users to manage. The idea was to allow users to recover their private keys more easily by backing up their private seed phrases in three shards across three platforms. But the move blindsided the pro-privacy and pro-autonomy Web3 community and it backfired spectacularly. Ledger’s CEO at first stood by the decision on the grounds that non-Web3-native users need such features. But he was roundly shouted down by the court of public opinion.
The whole fiasco has shown that, for the Web3 community at least, security cannot be sacrificed on the altar of user experience. Maybe we can consider it a lesson learned, albeit a very public and painful lesson for Ledger.
The tradeoff between user experience and security must always be carefully managed. Ledger’s experience has shown that for blockchain companies, positioning themselves on the wrong side of that balance will drive Web3 users away, regardless of how easy a product is to use.
Why was the crypto community up in arms over Ledger’s proposal? Hardware (or cold) wallets are generally seen as among the most secure ways to store one’s crypto assets. Yet Ledger’s proposed Recovery feature went against the very basics of what’s required of a security hardware provider — safety — in several key ways.
First, the opt-in recovery service would be ID-based. It would require users to go through “know your customer” (KYC) procedures. Identity theft is more common than one might imagine. Bad actors could potentially gain access to users’ ID info and thereby gain access to their funds, creating a new attack vector against Ledger’s hardware wallets.
Second, Ledger’s Recovery firmware update proposed to split users’ seed phrases into three encrypted fragments. Each would be stored and trusted with one of three platforms, not all of which were named by Ledger. Not only would users have to bear the potential risk of relying on a third-party service, but as per the original announcement, which only named two of the three platforms, users would also not even know which third-party provider Ledger has delegated to. Users would thus also give up control of which guardians to trust.
I believe it’s still the case that Ledger enjoys a high level of trust with the Web3 community, built on its long track record. But having originally introduced unnamed third parties — even though all are now named — and not to mention that the technology currently remains a black box, undermines that trust. Ledger has promised to open-source the technology, which is undeniably a step in the right direction. But until that time, suspicions will abound.
And last but not least, the Ledger Recovery feature fails to address the longstanding single-point-of-failure issue in using private keys that is inherent to hardware wallets. Although Ledger’s proposed feature offers a new option for users who want to back up their phrases, it continues to require the generation of private keys that end up as one single unit, accessible by one person.
This is how the whole recovery process would look. First, users have one private key for their Ledger wallet; note, once there is a single key generated, there is a single point of failure. Then, Ledger ‘shards’ the recovery phrase for this key into three parts, which will then be distributed to three platforms. Later, when the user wants to recover their phrase, only two phrase parts will be utilized to recover the one, single private key. As such, sharding the recovery information doesn’t solve the single point of failure issue inherent to hardware wallets, because the key will still exist as a single entity when used.
Couldn’t Ledger have side-stepped this fiasco? Striking a balance between user experience and security is a challenge, but not impossible. And on this front, I want to make the case for Multi-party Computation (MPC) wallets as a better alternative.
Simplicity is one key factor to consider. The MPC method is becoming increasingly popular for wallet security, as it effectively enhances security and is simple to implement and use. Instead of generating whole private keys, an MPC protocol generates encrypted key shards for multiple parties; one shard for each party. All signers must approve a transaction. This eliminates the single point of failure risk, as the private key never exists as one single unit. Crucially, this key shard generation process doesn’t require any user activity or operation. This allows users to have the same experience as using regular wallets, but with an extra layer of security.
Compatibility is another consideration to factor into this question of user experience vs. security balance. It's not uncommon for the average Web3 user to hold multiple wallets. Therefore, compatibility between these different wallet solutions makes a world of difference to users’ blockchain experience. MPC wallets are universally compatible with other kinds of wallets. Users can always take key shards as input to recover their private keys on tools such as open-sourced offline recovery tools, without any other permission needed when using a well-designed MPC solution. At the same time, they can also import their recovered private keys into other popular non-MPC wallets.
It's also worth mentioning that software wallets and mobile apps are doing a great job at streamlining key shard generation and transaction signing with the help of the MPC method. And on the enterprise side, Web3 builders are continuing to make improvements, releasing features for businesses to control internal access and authorizations easily.
Of course, any innovation also has its own bottlenecks. If wallet service providers have MPC nodes hosted on the cloud, then there’s a high cost for them. Then also take into account that there are higher performance requirements for the networks and devices used for MPC, compared to what’s required for a single private key wallet. Using networks or devices that don’t meet the technical requirements would lead to the efficiency of the entire transaction process being impacted, creating a higher bar for using these solutions.
The takeaway from Ledger’s situation is that, when companies focus on user experience at the detriment to security, it will not have the intended effect of attracting users. Quite the opposite in fact. Clearly, security and protecting users' assets must always be the top priority.
The major lesson from all this may also be the continued power of the decentralization narrative. Through the Ledger brouhaha, the Web3 community is saying loudly and clearly that it still prizes openness, collaboration and community over all else.
(Published on Forkast)