With Ledger’s recent announcement of a key recovery service, more people are taking an interest in crypto hardware wallets and learning more about the importance of crypto self-custody. At Arculus, we believe that each user should always have complete control of their digital assets and digital identities.
What is a seed phrase?
Most non-custodial crypto wallets provide users with what is known as a “recovery phrase” or a “seed phrase,” commonly made up of either 12 or 24 words. Think of the recovery phrase as a simple list of words that allows you to restore your wallet.
These words are taken from a list of 2048 words defined by a standard called BIP39. A 12-word recovery phrase has 2^128 possible combinations. Specifically, that is 340,282,366,920,938,463,463,374,607,431,768,211,456 combinations). A 24-word recovery phrase has 2^256 possible combinations. (That is a mind-boggling 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 combinations.)
It is essential that you keep your recovery phrase safe and secure because if you lose it—or someone else gets a hold of it—you can lose everything in your wallet.
Recently, Ledger, makers of one of a well-known crypto hardware wallet, announced a key-recovery service called Ledger Recover. It is designed to provide a backup solution for your recovery phrase. With Ledger Recover, users can store encrypted backups of their recovery phrases with Ledger and Ledger partners. Users have to provide government identity documents to use the service to get back their recovery phrases. Some crypto investors strongly object to connecting identity information to their crypto holdings. And Ledger’s CEO also confirmed in an interview that if presented with a subpoena, they would be obligated to retrieve a user’s recovery phrase and turn it over to authorities. With Ledger Recover, there are also questions about control of your data. According to the company, if you stop paying the $9.99 monthly fee for the service, the backed-up data remains on the servers for at least a year.
The essential function of a cold storage hardware wallet is to keep your private keys safe and secure. Fundamental to that is ensuring that the private keys cannot be removed from the hardware device. To create the Recover feature, Ledger made a device firmware update that makes it possible to remove the private keys from the Ledger device. Even if you choose not to subscribe to the Recover service, the code to extract your recovery phrase exists in the Ledger firmware. By adding this function to the firmware, Ledger introduced a new attack vector that could present a security risk to users.
Why Firmware Updates Pose a Risk
Firmware updates usually bring the latest fixes and updates, and people have been conditioned to always update their software and devices to the latest firmware. But one of the risks of allowing firmware updates to a crypto hardware wallet is that malware or simply unwanted updates could get introduced.
In the case of Recover, Ledger was introducing new functionality, but it is now apparent that many don't want this new functionality in their devices. Essentially, a new potential vulnerability was introduced to the devices that makes it possible for the private keys to be removed from the devices secure element. Most people find that unacceptable.
At Arculus, we made a decision to irreversibly lock the firmware in our factory using the same standard for locking billions of secure payment cards. With the Arculus firmware on our Arculus metal cards, it is impossible to extract the private keys from the secure element on the metal card. At Arculus, we choose to not allow firmware updates in order to protect our customers.
Arculus Wallet does not retain, store, or share your Recovery Phrase. We never have access to or know your Recovery Phrase or private keys. We couldn’t give your information to anyone because we don’t have it.
We believe in self-sovereignty and put security first. It’s your keys, your crypto.