Crypto hardware wallet manufacturer Ledger has been the center of controversy after announcing “Ledger Recover,” an optional security feature that would allow users to recover their assets after losing their private keys.

A tweet on May 17 from a Ledger customer support agent further fueled negative public opinion of the firm.

“Technically speaking it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not,” read the tweet, which has since been deleted.

The crypto community was naturally alarmed by the message, which seemingly implied that the firm always had the option to work this firmware into their product without users knowing any better.

Ledger addressed the deleted tweet in an update a few hours later, explaining that a customer support agent had used “confusing wording” in an attempt to clarify how the firm’s hardware wallets work.

Ledger CTO Charles Guillemet also penned an extensive Twitter thread to address misconceptions and explain how the firmware works in effect.

“Using a wallet requires a minimal amount of trust. If your hypothesis is that your wallet provider is the attacker, you’re doomed,” said Guillemet.

“If the wallet wants to implement a backdoor, there are many ways to do it, in the random number generation, in the cryptographic library, in the hardware itself. It’s even possible to create signatures so that the private key can be retrieved only by monitoring the blockchain,” he added.

In his view, an open source codebase doesn’t solve the issue and it is impossible to have a guarantee that the electronic device or the firmware that runs it is not backdoored.

He concluded by telling users that a hardware wallet is mostly used as a signing device, which safeguards private keys.

“Your private keys never leave the hardware wallet. Whenever they are used, your consent is requested,” he said.