This article compiles answers to the most common questions about Ledger Recover.
Exciting update, Ledger has a new product, Ledger Recover, that’s launching soon: https://t.co/nT1VHnnSYz— Ledger (@Ledger) May 16, 2023
🧵Here’s what Ledger Recover is and what it isn’t, explained by @P3b7_ & in the thread below. pic.twitter.com/RW1w07H6pK
Ledger Recover FAQ
Ledger Recover is an ID-based key recovery service that provides a backup for your Secret Recovery Phrase. If you lose or don't have access to your Secret Recovery Phrase, the service allows you to securely restore your private keys using a Ledger device.
You’re responsible for storing your Secret Recovery Phrase. While this setup makes you enjoy all the benefits of self-custody and complete control over your assets, it also makes you solely responsible for their protection. Ledger Recover is designed for users who want to add an enhanced layer of security in case their Secret Recovery Phrase is lost or when they can't access it.
In short, only you can access your wallet. When you subscribe to Ledger Recover, a pre-BIP39 version of your private key is encrypted, duplicated and divided into three fragments, with each fragment secured by a separate company—Coincover, Ledger and EscrowTech. Each of these encrypted fragments is useless on its own. When you want to get access to your wallet, 2 of the 3 parties will send fragments back to your Ledger device, reassembling them to build your private key.
No, it doesn’t. Ledger Recover service follows the same principle as signing the transaction on a blockchain—securely and only with your permission. No access to your private key was made to enable Ledger Recover to work.
To better understand this, let's go back to the basics and see how hardware wallets—which can be described as signing devices—work.
Hardware wallets have two primary purposes: to safeguard your private key and sign transactions on the blockchain. To sign the transactions, wallets need to access your private key. They can't sign transactions otherwise.
Ledger devices protect your private key with a Secure Element, a technology that has been battle-tested and used in the finance industry for 30 years, from storing passwords and fingerprints to processing contactless payments.
Ledger's Operating System allows access to the private key stored within the Secure Element, but only after you manually approve and confirm it. To learn more about how the process works behind the scenes, read this explanation from Ledger's CTO Charles Guillemet and check out his interview about wallet security. For a technical explanation of how Ledger Recover operates, see Charles Guillemet's tweet.
In terms of security, there is no difference in having this part of the code in the operating system or not. In reality, it is up to the user to choose if they want to activate the feature or not. We have no doubt that implementing this feature in our firmware does not increase the threat model or the attack surface area.
Our OS implements plenty of cryptographic primitives. These primitives manipulate secrets. They all must be properly implemented and this is Ledger’s job. Finally, our contract with users is that whenever the OS touches any secret, the user is prompted to give his consent.
Running two operating systems is costly, and since there is no technical advantage to having a second operating system we would prefer to spend our funds developing and improving security and ease of use for our products for our current and future customers.
As we have also committed to make the code open source, meaning that people will soon be able to verify this code themselves.
To restore your keys, you need two out of three fragments that are securely kept by the three independent and trusted companies. If one of the companies holding a fragment shuts down, you will still be able to restore your keys until another trusted company replaces it.
Ledger Recover can restore your private keys to your device, but it can't provide you with your Secret Recovery Phrase. If you have any other physical/digital copies of your recovery sheet or Secret Recovery Phrase, it's your responsibility to secure them. Keep in mind that anyone who obtains your Secret Recovery Phrase can access your wallet.
Coincover provides the gold standard in digital asset security, addressing the most significant barrier to mainstream adoption: trust. If wallet access is lost, Coincover offers encrypted and military-grade storage for retrieving the key.
Secret Recovery Phrase (SRP) is a unique list of 24 words that backs up the private keys and gives you access to your crypto assets. Learn more → What is a Secret Recovery Phrase?
Soft launch restrictions
Currently, Ledger Recover is compatible with Ledger Nano X. In the near future, it will be compatible with Ledger Nano S Plus and Ledger Stax as well.
⚠️ Ledger Recover isn't compatible with Ledger Nano S.
Ledger Recover availability depends on the country in which your passport or national identity card was issued. During the soft launch, a passport/national identity card issued by the European Union, the United Kingdom, Canada, or the United States is required to subscribe to the service. We will be covering more countries and adding support for more documents in the coming months. Stay tuned.
Currently, you can only set up a backup for one Secret Recovery Phrase per subscription.
Ledger Recover is currently available on Android and iOS running the latest version of the Ledger Live app.
Managing Ledger Recover subscription
You can cancel your subscription anytime. Connect to the Ledger Live app and navigate to My Ledger. You will need to go through reasonable checks to verify your identity. Once your identity is verified, your subscription will be canceled. Please ensure that you have your Secret Recovery Phrase before canceling your subscription.
If you don't update your payment info and pay the subscription within 7 days, you won't be able to restore your private keys using Ledger Recover. If you don't regularize your payment within 3 months, your subscription will be suspended. After your subscription is suspended, you have 9 months to contact Ledger Recover Support and reactivate your subscription. You will need to pay an administration fee of 50 EUR along with any outstanding balance.
As long as Ledger Recover is available and you’re subscribed to it. This can be a month or a lifetime. It’s up to you.
Visa and MasterCard. Payments are settled in the currency of your country of residence. For example, if you're based in the United States, you will pay in the US dollar. In the event of a rejected payment, please contact your bank directly. For any other issues related to credit card payments, reach out to Ledger Recover Support.
You may have VAT/GST or other taxes to pay depending on your country of residence.
Setting up Ledger Recover
Currently, Ledger Recover is available on Android and iOS phones running the latest version of the Ledger Live app.
You can subscribe to Ledger Recover without a Ledger device, but you will need it to activate and use the service.
During the soft launch, a passport/national identity card issued by the European Union, the United Kingdom, Canada, or the United States is required to subscribe to the service.
Identity verification is not the same as KYC. Identity verification inherently collects much less information compared to KYC. To go through Ledger Recover identity verification you need a valid, government-issued document and be the rightful owner of that document. KYC involves ID verification but it can also include revenue information, record of criminal activity, citizenship check, etc. Again, Ledger Recover uses identity verification, not KYC.
Ledger Recover is provided by Coincover. When you subscribe to the service, your Ledger device sends 3 encrypted fragments of a pre-BIP version of your private key to 3 separate and independent companies. The companies store these encrypted fragments using Hardware Security Modules.
If this happens, please contact Ledger Recover Support.
Managing Ledger Recover login
Log in to Ledger Recover to update your login information.
You first need to cancel your Ledger Recover subscription, and then your login will be automatically deleted.
You can reset your password by clicking I forgot my password button and following the onscreen instructions.
You will have to go through additional identity checks and provide evidence of your identity change. We are working together with certified legal professionals that will support the investigation if necessary.
Simply get another Ledger device and follow the process to recover access to your wallet.
The passphrase feature is available on all Ledger devices and allows you to create an additional password tied to your Secret Recovery Phrase. For each Secret Recovery Phrase, a different passphrase leads to a new set of private keys and accounts. The Ledger Recover service, if used, does not backup your passphrase. Learn how to set up a passphrase
You can find the Terms and Conditions here: Terms & Conditions
Recovering access to your wallet
Ledger Recover comprises extensive identity verification processes—performed by Coincover within a secure environment built by Ledger. As an added layer of protection, subject to investigation, $50,000 compensation may be available from Coincover in the unlikely event that something were to go wrong.
You can try to recover access to your wallet up to 3 times per month and up to 10 times per year.
No, you don't need to purchase a new device or perform a device reset. The only necessary step is to update your Nano X to the latest firmware version available.
The steps are as follows:
- Get a new Ledger Nano X.
- Open the Ledger Live mobile app and navigate to My Ledger -> Ledger Recover.
- Go through reasonable checks to verify your identity.
- Follow the onscreen instructions.
One-Time Security Code provides an additional level of security to Ledger Recover. The code will be displayed on the Ledger device that you're using to recover access to your wallet. You'll be asked to provide the code during the identity verification process. If you can't provide the code, you'll need to start over.
⚠️ Do not share or use the code in any other way. Only use a code that is displayed on your Ledger device.
Data & Privacy
Ledger Recover uses ID verification because we believe in self-custody and individual autonomy. Unlike the full KYC process, ID verifications are less complicated and reveal only the necessary information.
Coincover will never pass your information to a third-party unless it has a legal obligation to do so. For example, law enforcement agencies often have extensive criminal investigation powers including the ability to obtain production orders requiring information to be produced. It may result in a criminal offense for any entity supporting Ledger Recover to fail to comply with a production order, but Coincover would always take all reasonable steps to verify a production order before complying with it. You should also note that the Recovery Seed Phrase (RSP) is encrypted and split into three fragments – all of which are held by independent companies established in separate legal systems. Since a minimum of two of three fragments would be required to gain access to your wallet, it is likely that an order would need to be obtained in at least two jurisdictions. These individual fragments are not exploitable on their own. Two of them would need to be recombined and decrypted, with separate keys. Any order of this nature would realistically only ever be obtained in the most serious cases of criminality (such as where terrorist financing is suspected). Coincover will never be able to access your seed phrase. Coincover or the other backup providers will only ever manage one encrypted shard. We do not hold nor have access to the other shards that make a complete seed phrase. Learn more: Coincover FAQs