Security questions arise with Ledger's new offline key recovery options rollout

Ledger will roll out a new key recovery feature for new wallets, allowing offline access to the private key. The move caused a mix of security concerns, as Ledger’s devices were offered as a way to make private keys inaccessible. 

Ledger will introduce a key recovery feature to new wallets going forward, with a secondary PIN available for some devices. The new service, known as Recovery Key, is optional and can be used entirely offline. Recently, the company published a whitepaper about the features available with its new offline recovery. 

The new Ledger Recovery key is a smart card that stores a copy of the master secret, which is used to generate the Secret Recovery Phrase. The card can share the master secret from the Ledger Hardware Wallet, connecting via Near Field Communication. 

The Secure Element contains a tamper-resistant chip, which stores the master secret with no chance of leaking or being taken out via hardware. The element adds several layers of security, including a dedicated operating system for exclusive communication with Ledger devices, as well as a secure factory environment to avoid tampering or placing compromised devices.

This is the second attempt to offer recovery to Ledger users, an answer to several high-profile cases of locked devices. However, the recovery feature also raises additional security issues for abusing the secondary PIN. 

Ledger Recovery debuts on Flex and Stax models

Ledger Recovery is specifically tailored to the touchscreen products Ledger Flex and Ledger Stax. The new spare key is held in another secure device and can unlock the original Ledger device. A user can opt to create multiple spare keys, which are also generated online and protected. 

“With Ledger Recovery Key we are making secure self-custody easy-to-use for everyone. Too many people are compromising by keeping their assets on exchanges and insecure software wallets. With Ledger Recover and now Ledger Recovery Key, as well as the traditional 24-words, we are proud to offer a recovery solution for every category of user.” 

~ Ian Rogers, Chief experience officer at Ledger

The new service will exist along with Ledger Recover, a paid feature that allows access to the device. However, Ledger Recover is a de-anonymizing service, requiring KYC. Some crypto owners remain skeptical of having their identity linked to crypto ownership, after multiple kidnapping cases.

Ledger wallet owners have also been targeted, mostly to be pressured to unlock the device. The device itself can also be lost or abused in some cases. 

Ledger has already announced over 7.5 million total sales, becoming one of the leading tools for crypto hardware storage. 

Ledger introduces transaction check

As Web3 usage increases, Ledger also boosted its software to intercept potentially harmful transactions. Ledger Transaction Check is the newest feature in Ledger Live, aiming at vetting transactions. The extra security is mostly targeted at Ethereum users. 

Transaction Check just hit Ledger Live: meet real-time threat detection for your Ethereum.

Every time you want to sign a transaction, it scans to flag potential threats.

Powered by the industry's top risk analysis engines: @blockaid_, @CyversAlerts, and @TenderlyApp.

Tracked… pic.twitter.com/wur5EF7rPF

— Ledger (@Ledger) June 23, 2025

While Ledger offers heightened security, signing with the devices may still be compromised. Bybit was reportedly using a Ledger Nano, but the exchange was still compromised via a multisig wallet that led to the loss of $1.4 billion. 

The feature adds more clarity to signing in an environment where malicious smart contracts can hijack the permission of Ethereum wallets, despite the secure hardware protection.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now