Ledger Controversy: Can Ledger “Rug” Users?

Ledger, the revered manufacturer of hardware wallets for cryptocurrency, has recently stirred up controversy with a daring update that has left many users abandoning the platform. According to reports, the update - which offers an optional "recovery services" feature - has raised eyebrows due to its alleged tendency to expose the seed phrases of users to the vast expanse of the internet. 

For those in the know, seed phrases are the critical combinations of words that grant access to cryptocurrency wallets. The crypto community has expressed their concern about this update, and many believe that opting in for recovery services could compromise the security of their funds compared to hotter wallets such as MetaMask.

But what does this actually mean, and what could be the real implications for users holding their crypto in a Ledger “cold” wallet? Read on as we delve deeper into this topic!

Reading Time: 4 minutes

ledger controversy

Illustration: Lenka T

What is a Ledger wallet? 

The Ledger wallet emerged as a shining beacon of hope, offering extra layers of security for blockchain enthusiasts everywhere. By enabling users to store their private keys for cryptocurrency offline, Ledger wallets provide unparalleled peace of mind.  

ledger nano s plus

Ledger wallet. Source: ledger.com 

Novice crypto users often rely on “hot wallets” or wallets that are online, such as wallets offered by exchanges (Binance, Coinbase, etc.). On the other hand, Ledger wallets utilize device-based physical hardware, such as a USB drive, to safeguard precious data. The result? Added layers of protection against hackers and cyber threats. 

But security isn’t the only perk of a Ledger wallet. These multicurrency devices allow users to easily send and receive cryptocurrency from blockchains, supporting an impressive range of coins and thousands of tokens. Third-party apps, like two-factor authentication, can also be utilized for maximum protection. 

And let’s not forget about the possibility of recovery. With a simple 24-word recovery phrase, users can breathe easy knowing their crypto is accessible from any device in case of theft.. 

For those who crave complete control over their crypto funds, Ledger wallets are the go-to choice. NFT and DeFi portfolios can be securely stored alongside all other funds, providing a comprehensive crypto experience. 

As you can see, Ledger was long held as the go-to wallet if you want to keep your crypto 100% safe. But what happened with the recent update that’s got the crypto community in such an uproar? 

Controversy surrounding the Firmware update 

The outcry against Ledger’s recent firmware update is rooted in the perceived betrayal of a hardware wallet’s essential purpose. The backbone of cryptocurrency security lies in the safeguarding of seed phrases – the cryptographic keys that unlock the vaults of digital assets. So when Ledger introduced a feature that would grant them access to these sacred phrases, the alarm bells began ringing throughout the crypto community.

firmware update

Ledger update release notes. Source: Reddit 

Namely, as soon as an individual establishes their wallet, a cryptic combination of words, known as a seed phrase, is bestowed upon them – an essential tool in retrieving their precious digital assets in case of an emergency. However, the arduous task of safeguarding this crucial passcode can prove to be a daunting challenge for users. One misplaced paper slip, and all their funds could vanish into thin air. Furthermore, this seed phrase can open the doors of their wallet to malicious entities, leaving them vulnerable to theft and fraud. 

To alleviate these apprehensions, Ledger has introduced a revolutionary service called Ledger Recover with their latest update, an optional service priced at a nominal fee of $9.99 per month, exclusively available to Nano X wallet holders. With this move, they have effectively defeated the purpose of having a secret recovery phrase, at least according to their customers.  

Adding to the controversy, Ledger’s latest update now demands Know Your Customer (KYC) registration, requiring users to fork over a snapshot of a government-issued ID card. This move, considered a breach of privacy within the tight-knit crypto realm, has further inflamed the situation. 

This new subscription service is solely available to Ledger Nano X users, with the ID card requirement affecting those residing in the European Union, United Kingdom, Canada, and the United States. 

The past and the present 

Memories of multiple past security breaches continue to linger, stoking mistrust among users. 

One particularly egregious breach in July 2020 saw the personal information of 270,000 Ledger owners leaked, leading to a wave of targeted extortion attempts. Despite Ledger’s assurances that the compromised data was unrelated to users’ wallets, the incident further eroded community confidence in the company. 

But it’s not just security issues that have drawn ire from users. Ledger’s recent release of a “stylish” cold wallet necklace has been met with widespread derision. The community slammed the accessory as both unnecessary and potentially dangerous, with the suggestion that users wear their wallets around their necks outside, prompting, especially harsh criticism. 

Despite Ledger’s insistence that the necklace poses no risk to users’ wealth, many remain skeptical. As the community continues to voice its concerns, it remains to be seen whether Ledger can regain the trust of its users. 

Can Ledger rug users? 

Despite assurances from the manufacturer, Ledger devices are facing a rising tide of community concerns over their ability to protect users’ private keys from external access. Crypto developer and writer “foobar” took to Twitter to warn followers of the glaring issue with the recent update, which he claims exposes private keys to potential theft through malicious or mistaken firmware updates.  

As users noted the contradiction between Ledger’s claims and its recover service, which distributes private keys to three providers, some in the community are urging the company to launch a separate wallet with a seed-recovery service. The recent spike in Ledger sales after the collapse of FTX in November only underscores the growing demand for secure crypto storage solutions. 

Users are wondering whether Ledger can now “rug” users, i.e., steal their crypto using the recovery solution. While that may seem unlikely, as the company has been in business for some time, the potential for other malicious actors to do so has now increased with the new service offered to Nano X owners.  

Ledger replies 

During a Twitter Space, held yesterday, addressing concerns about Ledger’s security measures, the company’s leaders stood firm in defense of their practices. They made it clear that the new recovery service was not mandatory, debunking any allegations of a “backdoor.” He further disclosed the team’s plan to eventually release the code for scrutiny.  

The Chief Experience Officer, Ian Rogers, addressed the fears some users may have, reiterating the choice Ledger offered and the transparency surrounding partnerships with third-party custodians.  

CEO Pascal Gauthier emphasized the importance of the recovery feature in attracting new users, declaring “Ledger Recover is a thing of the future.” He also quashed any doubts about security compromises. In conclusion, Ledger’s leaders made it clear that their priority was their users’ trust and security. 


There are always two sides to a story, and the same goes for Ledger’s controversial firmware update. While at first, it seems that the company has compromised its promise of keeping users’ crypto secure and giving them full control, time will show if this is actually the case.  

There are experienced crypto users who point out that not much has changed with this new update and that people should continue to enjoy the security their Ledger offers. Regardless, putting all of your eggs into one basket has never been a good idea, even if that basket is a highly secure Ledger. Spreading your crypto holdings across cold, hot, and hybrid wallets can, in the end, give you the peace of mind you deserve. Stay vigilant and stay safe! 

Dino Kurbegović is a project coordinator and an investor and technology enthusiast with years of experience in managing complex projects. His journey into content writing began in 2014, covering finance, investing, crypto, technology and complex technical topics.