Turns out Ledger can hold some of your crypto wallet’s keys, if you agree to it

Follow me on Twitter @Jacqmelinek for breaking crypto news, memes and more.

Welcome back to Chain Reaction.

Ledger, one of the biggest crypto wallet providers, has launched a new feature called Ledger Recover, and not everyone is happy about it.

Earlier this week, Ledger launched a subscription service that lets users recover their private keys (AKA what helps them access their hard wallets) if they lose them.

The $9-per-month subscription service requires users who opt-in to the service to provide their identification per KYC guidelines. The tool would then encrypt their private keys into three pieces and send them to three different companies: Ledger, Coincover and EscrowTech. The three companies would then use that KYC information to verify wallet holders when they want to use the recovery tool.

That sounds nice and helpful, right?

Yesterday I freaked out about the revelation that @Ledger could spit out your private key with a firmware update.

Yet I noticed the smartest people were not freaking out. Was I missing something?

I spent the evening educating myself, and now I'm in the "nvm it's fine" camp.

— Haseeb ＞|＜ (@hosseeb) May 17, 2023

Well, not to everyone.

Crypto twitter is downright incensed by this. Cold wallets are also supposed to be offline and fully self-custodied, compared to hot wallets, which are connected to the internet. And a lot of people don’t want anyone, including the company that sold them their cold crypto wallet, to know their private keys.

Why? Well, a lot of people believe this service lets Ledger access customers’ private keys, which the company previously said it would never do.

A Ledger spokesperson refuted that, saying, “Customers can create an encrypted backup of their private keys which is then sharded and encrypted further […] The private key can only be decrypted and reconstituted on a Ledger’s secure element chip, just as it is initially encrypted and fragmented there. Ledger cannot and does not access users’ private keys.”

Moreover, people are not happy that the service requires users who may otherwise want to be anonymous to share their identities through a KYC process.

Not to mention some customers are wary of trusting the company (or any crypto company) with their information. And they have reason to: Ledger leaked customers’ contact information in 2020.

After all the backlash, Ledger tried to defend its position, but somehow managed to enrage its users further in a now-deleted tweet, “Technically speaking it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.”

On Thursday, the firm’s chief technical officer Charles Guillemet put out a tweet thread in an attempt to diffuse the fire. “If you want to use Ledger Recover, you’ll have to consent on your device for the backup or the recovery process.”

¯\_(ツ)_/¯

This week in web3

Coinbase launches subscription service with focus on European expansion (TC+)

Coinbase, the world’s second-largest crypto exchange, is launching its subscription service, Coinbase One, in 35 countries in a bid to retain users and grow its recurring revenue streams as the crypto economy struggles through a bearish market. Coinbase One was originally introduced in fall 2021 in beta, and will be available publicly today onwards in the U.S., United Kingdom, Germany and Ireland, the company exclusively told TechCrunch+.

Your first look at Alliance DAO’s latest cohort of web3 startups

Alliance DAO, a web3 accelerator and builder community, had its most recent cohort, also known as ALL10, present their ideas on Wednesday during a demo day, exclusively covered by TechCrunch. The latest cohort makes for a good snapshot of what’s happening in the industry at large, Qiao Wang, a core contributor to Alliance DAO, said. Many of the teams are looking at improving popular crypto sub-sectors, like the Bitcoin network, appchains, rollups-as-a-service, zero-knowledge proofs, proof-of-physical-work and real-time blockchain data, to name a few.

LayerZero and Immunefi launch largest crypto bug bounty program with up to $15M in rewards

LayerZero Labs, the team behind cross-chain messaging protocol LayerZero, has partnered with bug bounty and security services platform Immunefi to launch a $15 million bug bounty for its protocol, Bryan Pellegrino, co-founder and CEO of LayerZero, exclusively told TechCrunch. “We have enough money to pay out plenty of bounties. The security of the protocol comes before anything else,” Pellegrino said. The reward money will come from the equity entity of the company, Pellegrino added.

Even as crypto exchanges exit Canada, Coinbase intends to play the ‘long game’ (TC+)

The world’s largest crypto exchange, Binance, said last week that it would stop servicing Canadian customers due to “new guidance related to stablecoins and investor limits provided to crypto exchanges.” But while the exchange said it will return to the country “someday,” its exit leaves behind a huge gap that its competitors are aiming to fill. Coinbase, Kraken, Gemini and Crypto.com are a few big players in the space planning to do just that.

Binance is banking big on M&A and VC deals (TC+)

The world’s largest crypto exchange by volume, Binance, is making big bets on M&A this year, paying particular attention to geographical gaps and customer base. And to help the exchange get there is the company’s chief business officer, Yibo Ling. I sat down with Ling at Consensus 2023 to learn more about Binance’s focus for investments, layer-1 blockchains, and geographical and product growth for the business, among a ton of other things.

Pudgy Penguins wants to use its NFT-inspired toys to bring IP to the real world (TC+)

Pudgy Penguins, an (admittedly adorable) NFT collection that also doubles as a web3 IP company, is releasing a line of toys dubbed Pudgy Toys, Luca Netz, CEO of the company exclusively told TechCrunch+. The initial launch will include about 100,000 toys, priced at $5 to $35, that will be sold online and through retailers internationally. Each toy comes with a birth certificate and QR code that unlocks a series of NFTs, or a trait box, on its online platform, Pudgy World, Netz said.

The latest pod

For this week’s episode, Jacquelyn interviewed Sergey Nazarov, co-founder of Chainlink, a protocol that provides an oracle network to power smart contracts.

Chainlink is also known as a web3 services platform that connects people, businesses and data with the world of web3. And for good reason — it has enabled over $7 trillion in transaction volume across DeFi, gaming, NFTs and other major industries.

Prior to co-founding Chainlink, Nazarov co-founded four other businesses, most recently SmartContract, which focused on smart contracts.

We discussed a number of things surrounding smart contracts, oracle networks, cross-chain interoperability and Nazarov’s long-term vision for Chainlink.

We also dove into:

Unexpected smart contract use cases
Cryptographic guarantees
How traditional companies can tokenize assets
AI and blockchain technology
CCIP updates

Subscribe to Chain Reaction on Apple Podcasts, Spotify or your favorite pod platform to keep up with the latest episodes, and please leave us a review if you like what you hear!

Follow the money

Jia, a blockchain-based lender of small businesses in emerging markets, raised $4.3 million
Success with Rihanna’s music rights helps web3 marketplace Royal raise $71 million
Bitcoin brokerage River Financial raised $35 million in a Series B
Cormint raised $30 million to scale bitcoin mining operations
Web3 music company anotherblock raised $4.3 million

This list was compiled with information from Messari as well as TechCrunch’s own reporting.

To get a roundup of TechCrunch’s biggest and most important crypto stories delivered to your inbox every Thursday at 12 p.m. PT, subscribe here.

Editors note: This article was updated after publication to add a comment from Ledger.