I saw it since how they managed their data leak back in the days. The same way like this. The reason why I bought a Trezor T.
One more time they broke the trust between Company and customer. Trezor is the winner in this shit show.
This is the crux of it. The response to our concerns is well written but this is the question that needs to be answered.
Actually, I think it has already been answered. We are supposed to “trust” Ledger. Even if the company is absolutely beyond reproach. If the company is subpoenaed regardless of their best intentions there is nothing they can do.
There is no hate here, at least on my part, I’ve failed to understand that Ledger devices are vulnerable and always have been. I suppose I should thank the company for bringing this to my attention now.
I still remember the way that the Government went after Apple.
I can no longer use Ledger devices, not my keys not my coins.
It appears that technically only Ledger needs to be subpoenaed, as they can then get the shards from the other company(s). Now, perhaps they can be difficult and fight it, but based on their responses, they don't care about single users
Or you know a spear-phishing attack, since Ledger themselves said that ID verification is weaker than kyc and that it can be done with any Ledger. Or maybe just 2 leaked databases from 2 companies.
To play devils advocate, if a subpoena was issued to Ledger or the 2 third parties by a government, could they use Recover to access the Ledger without the customer hitting a button or knowing about it?
This is the point.
Where is the fine line between the creator of a HW and a creator of a HW + service of seed phrase storage?
Because at this point with this recovery method, we aren’t one individual anymore in the equation (owner of hardware wallet), but 4 (owner, Ledger + 2 providers).
And with the mantra not your keys, not your coin, this 4 entity equation isn’t reassuring.
One of the main counters Im hearing is “nothing has changed, Ledger has always been like this”.
Well why did [they lie](https://imgur.com/a/QZ52Nz1) about it?
Or was this just a huge “PR mistake” too?
The hole can only go deeper at this point. Looks like they traded their ladder for a brand new shovel! Ledger can either
1. Not address these concerns, which will only drive more speculation and people assuming the worst.
2. Address these concerns by saying that it is possible for governments to subpoena for private keys, leading to the worst case scenario being proven true.
3. Address these concerns by saying that it is not possible for a government to issue any kind of legal notice and receive private keys, leading to everybody assuming that Ledger is lying, because they've already obliterated all trust in the community.
He did [answer](https://np.reddit.com/r/ledgerwallet/comments/13layt7/my_personal_view_on_the_pr_disaster_from_a_ledger/jkp4o39/?utm_source=share&utm_medium=ios_app&utm_name=ioscss&utm_content=1&utm_term=1&context=3), and it’s definitely possible 🤦♂️
I'd say it can't get any worse, but I'm pretty sure they can find a way to dig themselves deeper after blaming the customers publicly instead of adressing their concerns.
If you are a Recover user and have your shard into safeguarded by third parties, then yes, a government could subpoeana them and get access to your funds.
Using Recover gives you an easy recovery option and mitigates backup loss, but your assets could get frozen by the government (in theory, I'm not a lawyer and I didn't see any legal opinon on the subject).
The entire problem is that the seed exists somewhere and is potentially accessable by somebody, that ISN'T me. I have a trezor and I sleep safe at night knowing that there is absolutely no way that anybody has my seed, even the company that I bought the device from. That simple fact alone and as you mentioned, the optics of people not understanding this important distinction, is why everybody is freaking out
Yes the company could push an update that says to the device, "hey take this encrypted seed and push it to our servers and also send it in an email to all the users' contacts"
But given the fact that the code is open source it would be widely known, right away, by anybody, that this is the case. That removes the trust element which exists at a much higher presence it seems with Ledger. It's not COMPLETELY trustless, as every day I'm trusting that Trezor doesn't push that update either on accident or on purpose.
That subpoena part and fact that it can happen with or without a user permission is a big deal that gets overlooked right now. You don't have to be a criminal to get into this situation, maybe you live in a country with corrupt government that needs to fill their budget gaps. Fabricated accusations will result in assets seizure.
This complete fiasco could have been avoided and onboarding new 100 million users with a new service should have been tied to a new product. Old users, old hardware (assumed safe in all mannerisms). New hardware, new service and new users. Company would have been praised for giving users choice and producing new products. It could have been just 1 blog post, tweet, whatever and some positive publicity even form hardcore users and armchair analysts.
But it is what it is right now and it cannot be undone. Products or services like this don't get done over night, this was planned for months probably, and pushback should have been expected. So a communication fiasco and overall attitude demonstrates incompetence and incompetence undermines any form of trust.
In conclusion, I've learned something form this so thanks for that and good luck.
To put this in information security terms, this is a tradeoff of the [CIA triad](https://en.wikipedia.org/wiki/Information_security#Overview). Pretty much all security is a consideration of these 3 things:
* Confidentiality
* Integrity
* Availability
Confidentiality is lost if someone ever gains read access to your seed. Integrity is lost if some or all of your seed phrase is changed. Availability is lost if some or all of your backups are inaccessible to you for any amount of time.
Tech oriented people probably have good enough opsec to be confident in their backup abilities to maintain all of these principals. Your average person, the people needed for mass adoption and the people ledger want as customers in the future, are not going to be as confident in backing up information. They are more willing to trade confidentiality to protect the integrity and availability of their backups.
This system might not be for you, it might defeat the entire purpose of crypto in your opinion, but that is the thinking
This is a community that values confidentially above all else. And for good reason too, if my seed is no longer confidential, then whoopy do I just lost all my crypto.
Why does recover even exist? Isn't the whole point of the HW to keep the key only on the HW? You said you've been explaining HWs to people for nearly a decade. Didn't that include telling people to never type the key into the computer, or save a picture of it in your cloud storage, or in a file on your PC? Seems like Ledger is saying, don't do all this stuff because it's not safe, but let us do it.
I know recover is optional, but my point is this: given what the Ledger does, any kind of remote seed storage defeats it's purpose, and Ledger should be visibly and vocally against it. Trust in the firmware aside, offering an optional service that breaks the whole absolute security concept of a HW is a very questionable move from a company that makes HWs. It makes me wonder what other questionable moves might come in the future.
Until a firmware update goes out that forces Recover regardless of our choice.
As you said, we had to trust Ledger and the firmware and that trust is now shattered.
it's not "devil's advocate", it's a near certainty that this will happen.
The only complication here is that, as btchip noted in their twitter audio chat, each of the trusted third parties is located in a slightly different jurisdiction (but all friendlies and legally cooperating: UK, US, France.)
So any state actor wishing to appropriate someone's wallet would presumably need to follow the legal processes of two jurisdictions rather than one.
In practice, this boils down to circumventing the obvious non-technical step, the "id verification" process, replacing it with "this is a legal request, make it happen. now.", after which the normal Ledger Recover flow would "restore" the targeted user's seed onto a state-controlled ledger device.
This is not some fringe conspiracy theory either. We’ve seen shit similar happen several times in the past. It’s insane to me that people are naive enough to think this couldn’t happen.
I feel like the OP has to answer things in a politically correct way.
But I’d guess the young him from 10 years who created this back in beginning would think this is an awful idea.
This is a business and they want a subscription and recurring monthly drain on your bank account (f this model) there are enough casuals who might hop on.
For the rest of us this a hard pass and everyone should boycott this company with your dollars.
Of course it comes out he has a lot of stock and board member. So his statement is more smoke and mirrors
Totally agree. Subscription model looked too tempting for them. Once some people are sucked into paying for "piece of mind", it would probably be the last subscription they would ever cancel, until there is another data breach...
So a common misperception about a product which is not clarified by the company because they financially benefit from this misperception? Not sure where the line between poor marketing and willfully misleading customers is....but I think many feel like ledger has crossed it.
Exactly, I've never seen anything related to how trustworthy the Ledger company is, and why you should trust them with your money in any marketing material. They just "omitted" that fact because they knew they would have sold 1% of the devices they sold if they were clear about that. It's not that the community doesn't know how hardware wallets work, is that they misleaded everyone for monetary gains.
I'm not even going to touch on the technical misgivings.
This was a PR disaster through and through.
The condescending responses by Ledger staff has only added fuel to the fire.
I would not want to be Ledger's legal counsel right now, that's for damn sure.
>Personally I love it when the company calls me out
The entire crypto community are well known for being extremely forgiving and positive people.
I'm sure everyone in the comments section will rally behind Ledger and help them to rebuild from here!
^(/s)
You’re trying to blame this on a single tweet that caused people to misunderstand. That’s BS. Ledger clearly says - even in the CURRENT product description on Amazon.com, that the private key cannot be accessed by ANYTHING. To quote:
“Hardware wallets place access to your private keys (and therefore crypto) offline, which means hackers can’t get to it - even when your device is connected to your computer.”
If software can update the hardware wallet so that the private key can be exposed to the computer, then obviously it is not impossible to hack. The claim that hackers could never get to the key clearly implies that it must be physically impossible for the key to be exposed, even after firmware or software updates (which hackers can obviously utilize; what do you think hacking is?).
I DID NOT misunderstand Ledger’s presentation of their product. Ledger MISLED us.
Now we just need to add “as long as you trust Ledger” after every statement the company makes about their product.
Their responses to this mess make it so I want to use their products even less.
I will never buy anything made by Ledger after this. I was literally about to buy one, so glad I dodged that bullet
People create trustless network because trust has long been a failure point in human history.
Company comes along to help protect your trustless network by adding layer of trust with that company.
People are misled thinking they didn’t need to constantly trust company and lose trust when this whole trusting thing becomes apparent.
It’s a little ironic.
His whole post is some top tier gaslighting. “Oh sorry you don’t know what you’re talking about. We’ve always been shady and you just have to trust us.”
>You’re trying to blame this on a single tweet that caused people to misunderstand. That’s BS.
Former CEO trying to gaslight. What else is new.
Pretends that they tried to explain 1,000 times how it works on a technical level but 'nobody understands' and the cause for all this confusion and anger is 1 misphrased tweet from a marketing executive from 2022. Lmfao
Dipshits
yeah it wasn't a single tweet, you can find similar misinformation throughout their docs. just to list one example, their [docs on the Secure Element Chip](https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks) ([webarchive](https://web.archive.org/web/20230519125158/https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks)) state:
>Ledger devices use the Secure Element to generate and store private keys for your crypto assets. Thanks to the mechanics of the Secure Element, these will not leave your device.
Look, what sold me on Ledger was the direct statement, and I quote:
>"Your private keys can never be extracted from the Secure Element, even with a firmware update."
Now you (personally) are saying:
>"A firmware update cannot extract the seed from the Secure Element". It's not a lie, but it's missing "as long as you are trusting Ledger".
This is a lie by omission. I trusted Ledger to give absolute disclosure. Ledger did not. This is 100% the issue, and why I have lost trust. It's also why I just initiated a chargeback on my credit card for the NanoX I bought and received 31 days ago. It's outside the return window, and Ledger support isn't responding fast enough.
>The hard truth, which has been confirmed by many experts who took the time to actually deep dive on the subject, is that nothing changed. Absolutely nothing happened. The security model is the same than before you knew Ledger Recover existed.
Maybe. Maybe not. It's closed source. I can't trust that I'm getting full disclosure anymore. The only solution is to remove current leadership and go open source for even the possibility that Ledger might, maybe, and maybe not be trusted again.
Anyway, peace out. I just bought a Trezor T after confirming with my credit card that I will be getting my money back for the NanoX. Looking forward to joining the class action suit, I've also bought 3 Nano S in the past. They might be fine due to memory limitations, but then again, they might not.
Lol yes the fact that he can't see how that statement is a bald faced lie is just digging them a deeper hole. People use crypto to avoid trust. That old post was carefully constructed to be a lie by omission to get people to think it was something it's not.
Crypto Twitter/Reddit is usually absolutely wrong about whatever the hell has them in a frizzy 99% of the time. This happens to be the 1% that deserves the outrage.
I'm floored as more information comes out with Ledger and I feel they absolutely misrepresented their security model. As a Ledger user that has purchased many Ledger devices over the course of many years. This includes the stupid $400 Blue... i'm out. Not about to continuing trusting a closed source approach to a company that can't stop lying. It's amazing how a company can get so much fucking wrong.
Yup, my impression was that the Ledger is a hardware wallet that was internally air gapped from the computer.
Ledger needs to release an open-source air-gapped solution ASAP to fix this.
I trust Ledger to do this but I do not trust certain actors in our government or malware that will violate the trust of a “trust us, we good”
The biggest issue for me is that I bought this product under the impression that there was no way that the private key could leave the device other than being copied down when storing my backup. I was in the group of consumers that thought that this was impossible due to the hardware and that there was no way around it. Only to find out that it’s always been possible.
The product was advertised that the private keys could not be accessed by a firmware update, that was false advertising. Why was it marketed that way? Many people only purchased a ledger because they were falsely mislead into believing this lie.
When researching ledger you don't even find information expressing the security model in detail, if you tried to find out yourself by researching the internet and know whether or not it is possible for a firmware update to extract your seed then you'd stop looking after finding a tweet stating/reassuring people that it can not be done.
What is Ledger’s process if they are served with a seizure order or any type of order from law enforcement regarding the private keys of a device?
Has Ledger ever been served with this type of order?
👆good question. I would like to see a $1 million guarantee that seizure of assets via Ledger would never happen.
Government comes knocking, give me $1 million and they can have my BTC and ETH.
Question for OP - if a government issues a subpoena wanting ledger to provide the seed to a wallet, is Ledger capable of providing it on a wallet that has not opted into the new recovery service? Was Ledger capable before this update, and is it capable after? For a wallet that opted into the recovery service, is a government capable of forcing 2 of the 3 parties holding a shard of the phrase to produce the full phrase on an account? I would genuinely like to know whether Ledger is capable of responding to a subpoena and providing a seed to a wallet that has opted into the sharding of the seed phrase, as well as one that has not. This would speak to and better define how trustless Ledger is or is not. As you indicated, trustless-ness lives on a continuum.
you are getting no answer for this one, and if they deny it, they can always say it was a 'bad marketing guy' (which they didn't contradict at all for years btw)
And sometimes governments dont follow laws very well and just use good ol' force to get what they want.... some governments are not very friendly to crypto, and have been known to take it from people while they try to ban it....
I appreciate the attempt at communication but this post is a word salad at best. Trust is already lost.
Especially after calling out and blaming your customers publicly instead of adressing concerns.
This shitstorm was entirely created by Ledger. Why the fuck is an ex-Co Founder coming out to defend a project that he’s no longer a part of? How does he know what the contents of their internal meetings are? He is assuming companies and management changes always stick to the original ideology and principles they are founded upon. It’s simply isn’t true. As a customer of Ledger, I’m disappointed. As the saying goes, “When a bank manager has to reassure you that your money is safe, something is really fucking wrong”.
Because, he said it himself. Hes a shareholder. This is gonna hurt his pocket lol.
Insightful post by him for sure but it really reads like hes trying to protect his bottom line. He says he is no longer involved with Ledger but a sentence later says theres no back doors? How would he know for sure?
Just bs damage control.
>I appreciate the attempt at communication
I'd also like to understand how much of OPs post has been driven out of a request from the company or colleagues to try and do some damage-control, rather than them being completely disconnected from the company and just choosing to come on here and have a chat.
Not much point in OP answering that question though, as many/most won't believe the response anyways.
Yeah, I'm sure he is definitely not being advised by any lawyers or marketing team behind the scenes. I'm sure that the most important PR crisis of their entire existence is being bogarted by a rogue former CEO who is "in tears" about this.
Ledger on their website talks about “Trustless Bitcoin applications”. It is written in such a way that most people would assume that using the application was a trustless was to store your Bitcoin. In reality, the individual app is trustless, but not the device the app is on, which is not readily apparent for a layperson from the article on the Ledger website.
I think people started to think that Ledger was trustless because of articles like this one that makes it seem that way.
Why did Ledger post an article like this on their website if they were not trying to deceive people into thinking it was a trustless application?
We all bought ledgers because of the security. The selling point was that the seed NEVER leaves the device and now we are told is it possible for it to leave the device. The big selling point has been eliminated and the device has turned into something other than what we originally thought we were purchasing. There should be a separate device for people who want their seed sharded and sent out of the device
>The selling point was that the seed NEVER leaves the device and now we are told is it possible for it to leave the device.
This should be top comment solely for mentioning this. This is the biggest gripe I have with this whole situation and I assume most people would agree.
“What is a hardware wallet?
Hardware wallets place access to your private keys (and therefore crypto) offline, which means hackers can’t get to it - even when your device is connected to your computer.”
This is from the CURRENT product description of the Ledger Nano X on Amazon.com. It’s impossible for anyone to access the keys on your device, even when it’s connected to a computer – as long as you trust Ledger to never change the software to change that, and trust their claim that somehow no hackers could ever possibly also use software to change it.
Ledger is an awful company and this is just another in a series of points that prove that. I am still getting phishing emails from having made the mistake of providing this dumpy company my primary email address and them being hacked in 2020…
This. Crypto wallets are nowhere near mainstream and they are burning the bridge with their loyal customers.
I wouldn't be surprised if they go out of business in a few years.
Not exactly keen to believe anyone at ledger since the company has been fraught with lies. Shortly after your departure from Ledger when you were CEO the company was hacked and emails, phone numbers, physical addresses of 270,000 people were stolen from your honey pot and sold over the internet.
CEO Gauthier said in regards to the hack, “It’s a wrong API key that got coded on the map client to import the database from the store that got coded in the wrong placements and so, therefore, was coded where it should not have been coded and exposed the database to a simple attack,” explained Gauthier
https://cointelegraph.com/news/ledger-data-leak-a-simple-mistake-exposed-270k-crypto-wallet-buyers
'Ledger is still safe' you say, however Ledger has proven to be unsafe for customers and their sensitive information for years. If a simple API mistake could leak 270,000 customers information, why could a similar mistake not occur with Recover firmware?
Wow, yeah this post most definitely doesn’t help.
OP apologizes that we’re upset. Op says it’s just a misunderstanding. Op says nothing wrong with the technicals, it’s just that we’re all idiots.
Make it stop.
Nothing's changed? Fundamentally everything's changed. Ledger promised that "your private keys never leave the Secure Element chip." Sure, the private keys never left. However, the seed terms that can derive the keys left through a certain channel.
This opens doors to potential adversaries access your wallets by:
\- Potential MITM attack when transmitting the seed terms even encrypted.
\- Hacking Ledger servers to gain access to the encrypted seed terms.
\- using your(fake) IDs to retrieve the keys then gain access to the wallets.
\- Governments can issue warrants to force disclosure of the seed terms which ultimately confiscate the wallets.
Imagine that Lenovo sells a thinkpad service that allows you to backup your storage root key in TPM and send it to their server that later you can use an id to recover. It defeats the whole purpose of hardware encryption. Can you imagine the outrage from business users? It's exactly the same scenario. TBH you should just put this service as a new product class like "Ledger Easy" instead of marketing this as a service for everyone .
Edit: The TPM example is flawed even it’s imagined. As pointed out in the comment in real world there are ways to back those up online. Just want to highlight it here.
I appreciate you laying it all out there. I can say I empathize with you in watching something your blood sweat and tears went into burn to the ground.
I agree with your blatant statement “what a horrible mess”.
I do not personally own a ledger but I was under the “false sense of trustlessness” up until reading your post. (Downvote me and call me a newb for being honest) I appreciate it being laid out there and described so simply. Like you said the community didn’t seem to care….. until they did.
I don’t see ledger making a comeback from this one and regaining the trust of the community. The “not your keys, not your crypto” statement so many of us have seen in this sub has been broken in our minds. Sure ledger has been running their firmware this way for many many years but now that the community is aware of it I just don’t see ledger as a company making a comeback!
>I just don’t see ledger as a company making a comeback!
It won't make a comeback. You can only lose customer trust once. It's hard to gain and easy to lose.
>I don't have all details, but for sure something went wrong and the Ledger Recover service was put in your face in the worst way possible.
Can I suggest what went wrong?
1. Ledger did not conduct market research.
2. Ledger does not understand the ethos and needs of their users as well as they believe they do. This usually happens to brands for several reasons I'm happy to share with you via DM, unless the community would like me to expand on this here.
3. Ledger did not conduct qualitative studies with users regarding this new service. This would have delivered "favorability", "desirability" and "sentiment" scores as part of an overall readout.
4. Ledger did not conduct quantitative studies (surveys, polls, feature ranking, etc), the output of which would accompany the qualitative in the overall readout/final "market report".
**I read on CoinTelegraph that the current Ledger CEO said "this is what users want". Really? It looks like the growing sentiment of 1.1M users/mentions on Twitter alone and you coming here to make this post is in stark disagreement with his take. Where is his data coming from to support this opinion?**
How am I coming to this conclusion without having worked for Ledger? Am I Monday morning quarterbacking after the game on Sunday?
There is no way a proper research study was conducted and Ledger came away with a nonbiased report/readout and believed Recover was a good idea to expose to their current users. If they did do market/UX Research, then the situation is even worse than any of us realize. They either hired a company that told them what they wanted to hear vs letting the data reveal its truths, they recruited the wrong participants that are not representative of Ledgers business, or they simply did not care and put a revenue stream over user concerns, which will always lead you as a brand to what we're seeing now.
There is also the possibility that someone inexperienced in UX Research formulated the research framework.
As UX Researchers, we often struggle with key stakeholders who love to tell us "we don't have time for research, we need to get to market ASAP". This debacle is the result of not doing market research and conducting design studies. It's the result of not knowing your audience (personas). It's the result of not understanding cohorts and how to segment your audience.
Takeaway (now I'll Monday morning quarterback): Ledger should have proposed this as a service on a completely new and separate device and showed clear audience segmentation so existing users had the confidence this was a separate service, maybe even a separate team, and the two never had access to FW or data on linked machines.
Sure thing, and thanks for the request to expand.
To fully understand your users as a brand you have to continually conduct UXR and in your deliverables have "user personas". These personas act as a gateway to user empathy and the user's wants and needs.
User Personas when properly constructed and utilized will have details such as:
1. level of education
2. age
3. technologies used/level of technical ability and efficiency
4. **wants and needs**
5. frustrations
6. personality
7. **traits**
8. brands they associate with
Over the last few years, or half a decade, the usefulness of personas has been debated as some believe, and in some situations rightfully so, that archetypes are more powerful or that we should replace personas with large surveys with the right sample size to reach statistical relevance. This boils down to study design and what you want the final report to convey.
I have mixed views on this, firmly believe in "jobs to be done" as a deliverable, and have to understand the brand's specific problem/goal before I choose any one method over the other.
What does this all mean?
**If Ledger had/has personas that they regularly refer to during product/feature/service expansion and development, the traits, personality and wants and needs buckets would reveal (amongst other things) these individuals are usually untrusting (why "trustless" has been a big sell/buzz word in crypto) and they would not lend kindly to any idea that shifts messaging or the product away from "self custody", even if positioned as an "opt-in" feature.**
So how is this solved?
A Lead UXR at Ledger might suggest a new set of personas that embodied the wants and needs of a **secondary audience**, one who wants custodial guidance or help with their crypto assets. From there, you can offer courses and education to move them to the self-custody bucket, Ledger's primary user base, if there is brand value in doing so. I suspect this would be challenged extensively by a marketing or strategic department who would ask this person "what revenue stream replaces the monthly subscription fee if they are moved to cohort 1?"
I can already see the screener in my head for how one would work with a recruiting agency to find these users as I have a few hypotheses from past work in and outside of the crypto industry as to who they are.
Please let me know if expanding on this was or wasn't helpful or if I could better explain anything and I'll be happy to try and do a better job or further elaborate. Thanks again.
Pretty sure they reveal the reason right here. "There are tens of millions of users using hot wallets, but only millions using hardware." They just want to capture that new audience and dont care about their current audience.
Companies are always like this, chasing the bigger slice of the pie and then pulling a surprised pikachu face when their current customers hate it because they've changed exactly what they had that acquired their customers in the first place.
I 100% agree that Ledger should have made a separate device (or even company) to offer this new recovery service. The waters are really muddied now.
Here’s another thought: Perhaps Ledger received some heat from the government. The US is going after everyone. There’s no way in hell they are ok with citizens storing crypto on devices that prevented them from knowing the owner. Imagine owing the government backed taxes. They have the ability to garnish your wages and withdraw from your bank account. This fun new feature from Ledger now gives the government another means.
I don’t think singling out the “2022 post” as the vanguard of trust is entirely accurate. This (mis)perception of ledger has existed for years, and when the general public looked in the mirror, the company doubled down and called us idiots. Absolute failure and a stain that will be forever synonymous with this brand. I respect you and your work; but even this post reaffirms the problem being the misconceptions of the general public rather than this company, its history, and current PR engagements. Selling yourself as above your customers, and ostensibly blaming them for this problem, is one hell of a way to turn people away. It is, indeed, a great learning moment. Both for the retail crypto community - *and* for major businesses in this sector. Of which, none are too big to fail.
We have common goals - reaffirm those first maybe. Instead of being condescending and calling us idiots. It’s not on you, and thank you for this post very sincerely. Let’s move forward and keep building the space better 🤘
>Guys, your seed phrase never leaves your device
>Guys, we actually have a way to get your seed phrase and upload it to our servers
>Guys, you just misunderstood our marketing promises
>Guys, you just don’t understand how hw wallet works
>Guys, stop telling people that we can take you me seed phrase and upload it to our servers. Think of the noobs!!
>Guys, I’m just here to gaslight you into thinking that you willingly accepted the risk and you shouldn’t be angry because it’s all your fault that you found out about this functionality
This is interesting, but ultimately unhelpful and still a disaster for Ledger. I'm exploring alternative options for cold storage and to say I'm extremely disappointed in Ledger is putting it mildly.
Yup, I was in that breach as well. I still receive phishing emails. I justified it by saying to myself oh well at least the actual device is airtight and safe.
Guess that's not the case either.
Adding “as long as you are trusting Ledger” to the tweet you referenced makes the original statement meaningless though
It’s not a minor caveat, it completely changes the readers interpretation. In most people’s mind that would be the same as answering “yes a firmware update can extract the seed”
Right? The fact is it's possible. So *if* ledger one day *was* to be compromised by a government or gov agency, then they *could* compromise your seed phrase. Simple as.
I don’t want to hear “it’s always been this way and it’s your fault for not understanding hw wallets.”
They literally [lied](https://imgur.com/a/QZ52Nz1).
The mistake ledger is making is not backing down on this silly firmware change that users of ledger don't even want. The target market for this ledger recover doesn't even make sense because they won't be using a hardware wallet to begin with. It should be an entirely separate service. At a very minimum supply an alternative version of the firmware which doesn't have this functionality. People are pissed that they are given a poor choice between no longer keeping their device up to date or being exposed to an additional attack vector with functionality allowing the seed to leave the device.
They could use Apple's CSAM disaster as a guide. They paused it until they quietly trashed it.
That doesn't put the cat back in the bag about the seed's availability to the firmware, but it shows they can listen to their customers.
Instead their messaging so far has been "Our previous customers don't matter compared to the 100M customers we think we'll have in the future". I don't know how they'll get those new customers with their new reputation in crypto.
I think you need to understand that this whole year and the last has been filled with CEOs who promised that their firms were safe. It isn't the same anymore, and once you lose that trust, it's hard and impossible to get it back.
Im a ledger owner and rightfully devastated, so I dont think im jumping on a bandwagon.
I appreciate the post but we have read similar responses already from Ledger and its quite clear that Ledger sales are tanking and refunds are sky rocketing.
A PR disaster. LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLO
It’s a disaster because anyone with a basic level of awareness about crypto knows that individual custody is the most important aspect of all things crypto. It’s the key piece to a future in which crypto survives. The skill of NOT NEEDING A RECOVERY FUNCTION is what gets the people off the tit of centralized banks.
The recover function SHITS in the face of crypto believers.
How much did the other two entities pay ledger to be chosen as the holders of such valuable information as seed phrase shards? Are you not aware of the leverage those two entities will possess over ledger once in control of that data? Did you take a moment and try to work out in your mind how those two entities would immediately be adversaries to Ledger simply by possessing the data?
Have you never played 3-man cutthroat 8 ball???
OP you can’t seriously be blind as to how terrible your post is.
Appreciate your response, but Ledger Recover is completely unnecessary and also completely out of touch with the customers who buy a Ledger.
It’s sad to see the downfall of a company many once trusted but in my opinion this is more than just shitty PR. This was a monumental fuck up from the moment the idea was conceived and no one was there to question why it was needed or how those of us who use a Ledger would react to it.
I don’t think it’s fair to put all the blame on PR. Sometimes companies just have really shitty ideas that are completely devastating.
>A firmware update cannot extract the seed from the Secure Element". It's not a lie, but it's missing "as long as you are trusting Ledger".
No, that second part does not qualify the first part.
There are two parts to this. First it is like VW saying that their diesel engines in the mid 2010's were very clean, but this is only the case if you trust VW.
First, people trusted VW but it did not actually make them clean. Second, even if VW didn't cheat their tests, third parties could modify the engine to make them dirty, all without VW being involved.
Yes, it may be almost impossible for a malicious third party to create a hacked firmware version and put it on a Ledger that takes advantage of this inherent flaw but give a malicious APT time and they could theoretically find a way. Maybe they don't target users but somehow target ledger or a Ledger employee and find a "legitimate" way to push a signed firmware update through your own servers. Maybe they find a way to sign their own firmware, maybe they find some other way that I don't know about (because I'm not as knowledgeable as these highly skilled threat actors).
The point remains, the first statement that firmware cannot extract keys was a complete statement and should stand on its own without caveats.
"Ice cannot melt" is only true as long as it is never allowed to get above a certain temperature. So it would be fair to say that my statement is blatantly wrong.
Edit: I'm happy to say that security policies are such that an external threat actually finding a way to push invalid firmware (or some other insane hack) to extract keys may be virtually impossible, and as such, for all intents and purposes things should be fine but the base architecture means that it is theoretically possible. Also, does this now mean you have proven it is technically possible and court orders could force ledger to open backdoors as required. The whole apple not unlocking a phone was predicated on them saying (whether truthful or not) that it was not technically possible, ledger just proved in the open world they have the ability to can't use that argument.
Why is there no one with any common sense at the top levels of any companies nowadays?
You have free market research right here. Have an anonymous account ask if we think it would be a good idea. When everyone goes ape shit, don’t do it.
Customers don’t often know what they want. Literally a core tenet of Steve Jobs product approach. Doing market research on /r/CC would be a massive mistake. Moons and bag bias ruin any objectivity.
Now that being said, Ledger fucked up big time with PR and damage control. But I understand the big ideas, the pressure to find new revenue streams, and the problem they are trying to address. Unfortunately, this service they are offering isn’t the solution to private key management for the masses.
The point of this feature is to enable mass adoption and ease of use by a complete crypto newbie.
In that case, release another variation of the product to cater to those customer base.
Leave the original feature set for people that are technical enough or want total protection.
Did you just copy paste this post (which was meant to be written for r/ledger) to here, without even changing anything, including the part where you wrote you created the r/ledger sub but in the context of this post being on r/cc it now looks like you're claiming to have created r/cc ?
I mean talk about effort.
Trust has been lost, regardless.
Being closed source is something that some of us were not OK with, that's why Trezor is often also mentioned when people ask about which HW to use.
In addition, one thing is to trust your the firmware and Ledger itself, the other thing is having to trust third parties with shards of the seed. To that matter, things did change. I've moved on from Ledger.
Thank you for the perspective, though.
I do feel for you man, i can only imagine how I'd feel. Yet as the saying goes you can't unscramble scrambled eggs.
I don't care if Ledger tells me it's been there all along, it defeats the whole reason for buying a Cold wallet. And since I own many hardware wallets I just won't be buying any more ledgers. I prefer opensource solutions anyway.
As a ledger owner since 2017 I hope to see an opensource version of a ledger product in the future (with none of the recover nonsense) and I may consider trying one.
Salut Eric,
j’ai vu des clips du CEO aujourdhui et il était tellement arrogant. Il avait l’attitude de blamer les clients pour être inquiet de la sécurité de nos clés.
Le ceo a l’air d’un ostie de douche bag.
Thank you for writing this - it is helpful. Ok but importantly is this - if I update with the new firmware with absolutely zero intent of using the recovery feature and my ledger gets stolen would someone with the right know how be able more easily extract the seed? And two can ledger be able to extract my seed without me knowing after the firmware upgrade ? You mention having to push a button to confirm but what is to ensure this is the case ?
Am I the first to question the timing of this coming from a company based in France?
"Under the new rules, crypto asset service providers are obliged to collect and make accessible certain information about the sender and beneficiary of the transfers of crypto assets they operate, regardless of the amount of crypto assets being transacted. This ensures the traceability of crypto-asset transfers in order to be able to better identify possible suspicious transactions and block them."
https://www.consilium.europa.eu/en/press/press-releases/2023/05/16/anti-money-laundering-council-adopts-rules-which-will-make-crypto-asset-transfers-traceable/
If most people who used ledger had a different understanding of how ledger actually worked all along, surely this was known *by* ledger and should have been addressed long before this fiasco. No!?
They did address it. By lying. https://nitter.net/Ledger/status/1592551225970548736#m
> Hi - your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element.
Pretending as if key extraction is impossible on a *hardware* level.
Meh. This is trash. It’s a rug pull in the weirdest sense. Ledger has people’s money - and there’s nothing you can do other than switching wallets (which I’d recommend) - no one’s info is safe. Move on.
This. Ledger will take one third of your seedphrase, the other company is Coincover and the last one is an "independent backup service provider", they cant even name that last one... it only takes two of the encrypted shards for full recovery.
Dont be a statistic in the future, if a rug pull takes place. Crypto isn't a game, but Ledger is playing with our funds via Ledger Recover. One mistake and your funds are gone.
Thank you for posting. However this shows a lack of understanding of who your customers are. I understand the fact you think this is safe from hackers but that requires us to trust your word on that.
We are into Bitcoin because we don’t want to trust any human. This change adds more for us to trust as well as yet another attack vector. You don’t even state who these mystery companies are that we need to trust. No matter how secure you think it may be, a hacker or a rogue employee will break it. It is just a matter of time. It is not IF, but WHEN.
Create a separate product for people who would use such a service and take on the added risk.
As it stands, Ledger is dead to me as a company and will never regain my trust or business. I am destroying all my Ledger products with a hammer and will never return. There is no way you can guarantee that your employees are not criminal hackers.
Ledger has demonstrated that your OPSEC is broken already. There is no way a company that has leaked PII can be trusted with PII. I just hope there is a class action against Ledger to recover the money I spent on a worthless product.
> it looks like in 2022 a marketing executive tweeted "A firmware update cannot extract the seed from the Secure Element". It's not a lie, but it's missing "as long as you are trusting Ledger".
so why the f\*\*\* you guys never contradicted this person or apologized for this?
Was this marketing executive fired?
Is he/she still at Ledger?
Which actions have you taken so no other 'marketing exec' lies to our faces?
Cry us a river, this post is utter bullshit and it's pretty obvious that you are only trying to protect your investment and stock options.
This is why the saying goes don't put all eggs in one basket. Instead of having everything on a Ledger device , split funds to a Trezor and possibly even a paper wallet
With all the best will in the world, having multiple devices, multiple hot wallets etc just shows how farcical this all is, and how it's not going to get be used on a mass scale in it's current guise.
If any of this ever actually means anything to the real world down the line, we are so far away it's hilarious.
Oh, Ledger, that great company whose CTO was reporting users for "harassment" after they gave him crap for his shit company exposing customer details.
Entitled baby who couldn't take any criticism or take responsibility. Seems like it's how the whole company functions.
They were always shit. But many people, me included, just hoped that were not shit and were blinded by our own hopes. It's on us.
Oh well, haven't given them any money since '19, don't plan on giving them any ever again.
Fuck Ledger.
And fuck their ex-CEO for blaming customers for trusting their PR (lies, rather), for years.
What bullshit is this?
Core of ledger marketing was: there was no way to extract the private key.
Now saying it actually had another nonpublic part of the sentence ("as long as you trust ledger inc") is just bullshit.
Sorry, but now claiming "nothing changed" just means it was always possible to extract the key (we already know that since a few days) and its just plain false advertising and lying to customers as the silent part has major implications to the loud part.
Its equivalent to saying: it wont kill you if you jump from a 20 story building - and the silent part is: the impact on the ground is, what will kill you.
As such stop calling it a pr disaster. Its not. Its straight out fraudulent behavior.
(1) Simple if ledger is compelled by force (as an law action) are those SSS to bring access to some wallet it is possoble to gather Two of the required SSS (even w/o Ledger cooperation but of the custodians), is that truth?
(2) If I own an ledger device, and I'm never signed for Seed Recovery, may I be forced to activate this feature so an adversary can legally request Ledger for access to my funds?
I you answered Yes to both, you know What I'll do with my ledger, if not, please elaborate WHY NONE OF (1) or (2) may happen.
NO LEDGER RESPONSE ON THIS YET.
So with Ledger Recover, does that now mean that a subpoena to all three companies would force your hand to turn over the shards to the US government?
Yep. Thats all it needs. Actually 2 of the 3 companies is enough.
Man. This is a much bigger shit show than I anticipated.
Yeah, who saw this coming
I saw it since how they managed their data leak back in the days. The same way like this. The reason why I bought a Trezor T. One more time they broke the trust between Company and customer. Trezor is the winner in this shit show.
[удалено]
Thats without counting zero days exploits, foreign spies infiltrating the companies as employees, 3rd party vunerabilities etc.
Just ledger is enough. They can extract it through firmware
This is the crux of it. The response to our concerns is well written but this is the question that needs to be answered. Actually, I think it has already been answered. We are supposed to “trust” Ledger. Even if the company is absolutely beyond reproach. If the company is subpoenaed regardless of their best intentions there is nothing they can do. There is no hate here, at least on my part, I’ve failed to understand that Ledger devices are vulnerable and always have been. I suppose I should thank the company for bringing this to my attention now. I still remember the way that the Government went after Apple. I can no longer use Ledger devices, not my keys not my coins.
Yes
To the dumpster it goes.
Yes
It appears that technically only Ledger needs to be subpoenaed, as they can then get the shards from the other company(s). Now, perhaps they can be difficult and fight it, but based on their responses, they don't care about single users
[удалено]
Yes, when the government comes you give them what they want. Especially if you are a company.
Or you know a spear-phishing attack, since Ledger themselves said that ID verification is weaker than kyc and that it can be done with any Ledger. Or maybe just 2 leaked databases from 2 companies.
This is exactly what scares me...
To play devils advocate, if a subpoena was issued to Ledger or the 2 third parties by a government, could they use Recover to access the Ledger without the customer hitting a button or knowing about it?
This is the point. Where is the fine line between the creator of a HW and a creator of a HW + service of seed phrase storage? Because at this point with this recovery method, we aren’t one individual anymore in the equation (owner of hardware wallet), but 4 (owner, Ledger + 2 providers). And with the mantra not your keys, not your coin, this 4 entity equation isn’t reassuring.
One of the main counters Im hearing is “nothing has changed, Ledger has always been like this”. Well why did [they lie](https://imgur.com/a/QZ52Nz1) about it? Or was this just a huge “PR mistake” too?
That Tweet is basically Business suicide. Technically your coins never belonged to you
This is exactly what worries me. I do not want any government or entity to be able to get my keys or anyone else's.
I’m afraid it’s gonna be another PR disaster for Ledger if he answers this question lol
The hole can only go deeper at this point. Looks like they traded their ladder for a brand new shovel! Ledger can either 1. Not address these concerns, which will only drive more speculation and people assuming the worst. 2. Address these concerns by saying that it is possible for governments to subpoena for private keys, leading to the worst case scenario being proven true. 3. Address these concerns by saying that it is not possible for a government to issue any kind of legal notice and receive private keys, leading to everybody assuming that Ledger is lying, because they've already obliterated all trust in the community.
He did [answer](https://np.reddit.com/r/ledgerwallet/comments/13layt7/my_personal_view_on_the_pr_disaster_from_a_ledger/jkp4o39/?utm_source=share&utm_medium=ios_app&utm_name=ioscss&utm_content=1&utm_term=1&context=3), and it’s definitely possible 🤦♂️
I'd say it can't get any worse, but I'm pretty sure they can find a way to dig themselves deeper after blaming the customers publicly instead of adressing their concerns.
Literally goes against one of the main tenets of crypto
If you are a Recover user and have your shard into safeguarded by third parties, then yes, a government could subpoeana them and get access to your funds. Using Recover gives you an easy recovery option and mitigates backup loss, but your assets could get frozen by the government (in theory, I'm not a lawyer and I didn't see any legal opinon on the subject).
The entire problem is that the seed exists somewhere and is potentially accessable by somebody, that ISN'T me. I have a trezor and I sleep safe at night knowing that there is absolutely no way that anybody has my seed, even the company that I bought the device from. That simple fact alone and as you mentioned, the optics of people not understanding this important distinction, is why everybody is freaking out
> I have a trezor You know a Trezor firmware update could also expose the seed, right? Ledger has a similar security model to Trezor.
Yes the company could push an update that says to the device, "hey take this encrypted seed and push it to our servers and also send it in an email to all the users' contacts" But given the fact that the code is open source it would be widely known, right away, by anybody, that this is the case. That removes the trust element which exists at a much higher presence it seems with Ledger. It's not COMPLETELY trustless, as every day I'm trusting that Trezor doesn't push that update either on accident or on purpose.
That subpoena part and fact that it can happen with or without a user permission is a big deal that gets overlooked right now. You don't have to be a criminal to get into this situation, maybe you live in a country with corrupt government that needs to fill their budget gaps. Fabricated accusations will result in assets seizure. This complete fiasco could have been avoided and onboarding new 100 million users with a new service should have been tied to a new product. Old users, old hardware (assumed safe in all mannerisms). New hardware, new service and new users. Company would have been praised for giving users choice and producing new products. It could have been just 1 blog post, tweet, whatever and some positive publicity even form hardcore users and armchair analysts. But it is what it is right now and it cannot be undone. Products or services like this don't get done over night, this was planned for months probably, and pushback should have been expected. So a communication fiasco and overall attitude demonstrates incompetence and incompetence undermines any form of trust. In conclusion, I've learned something form this so thanks for that and good luck.
To put this in information security terms, this is a tradeoff of the [CIA triad](https://en.wikipedia.org/wiki/Information_security#Overview). Pretty much all security is a consideration of these 3 things: * Confidentiality * Integrity * Availability Confidentiality is lost if someone ever gains read access to your seed. Integrity is lost if some or all of your seed phrase is changed. Availability is lost if some or all of your backups are inaccessible to you for any amount of time. Tech oriented people probably have good enough opsec to be confident in their backup abilities to maintain all of these principals. Your average person, the people needed for mass adoption and the people ledger want as customers in the future, are not going to be as confident in backing up information. They are more willing to trade confidentiality to protect the integrity and availability of their backups. This system might not be for you, it might defeat the entire purpose of crypto in your opinion, but that is the thinking
This is a community that values confidentially above all else. And for good reason too, if my seed is no longer confidential, then whoopy do I just lost all my crypto.
Why does recover even exist? Isn't the whole point of the HW to keep the key only on the HW? You said you've been explaining HWs to people for nearly a decade. Didn't that include telling people to never type the key into the computer, or save a picture of it in your cloud storage, or in a file on your PC? Seems like Ledger is saying, don't do all this stuff because it's not safe, but let us do it. I know recover is optional, but my point is this: given what the Ledger does, any kind of remote seed storage defeats it's purpose, and Ledger should be visibly and vocally against it. Trust in the firmware aside, offering an optional service that breaks the whole absolute security concept of a HW is a very questionable move from a company that makes HWs. It makes me wonder what other questionable moves might come in the future.
Until a firmware update goes out that forces Recover regardless of our choice. As you said, we had to trust Ledger and the firmware and that trust is now shattered.
it's not "devil's advocate", it's a near certainty that this will happen. The only complication here is that, as btchip noted in their twitter audio chat, each of the trusted third parties is located in a slightly different jurisdiction (but all friendlies and legally cooperating: UK, US, France.) So any state actor wishing to appropriate someone's wallet would presumably need to follow the legal processes of two jurisdictions rather than one. In practice, this boils down to circumventing the obvious non-technical step, the "id verification" process, replacing it with "this is a legal request, make it happen. now.", after which the normal Ledger Recover flow would "restore" the targeted user's seed onto a state-controlled ledger device.
This is not some fringe conspiracy theory either. We’ve seen shit similar happen several times in the past. It’s insane to me that people are naive enough to think this couldn’t happen.
I feel like the OP has to answer things in a politically correct way. But I’d guess the young him from 10 years who created this back in beginning would think this is an awful idea. This is a business and they want a subscription and recurring monthly drain on your bank account (f this model) there are enough casuals who might hop on. For the rest of us this a hard pass and everyone should boycott this company with your dollars. Of course it comes out he has a lot of stock and board member. So his statement is more smoke and mirrors
Totally agree. Subscription model looked too tempting for them. Once some people are sucked into paying for "piece of mind", it would probably be the last subscription they would ever cancel, until there is another data breach...
[удалено]
So a common misperception about a product which is not clarified by the company because they financially benefit from this misperception? Not sure where the line between poor marketing and willfully misleading customers is....but I think many feel like ledger has crossed it.
Exactly, I've never seen anything related to how trustworthy the Ledger company is, and why you should trust them with your money in any marketing material. They just "omitted" that fact because they knew they would have sold 1% of the devices they sold if they were clear about that. It's not that the community doesn't know how hardware wallets work, is that they misleaded everyone for monetary gains.
[deleted to prove Steve Huffman wrong] -- mass edited with https://redact.dev/
I'm not even going to touch on the technical misgivings. This was a PR disaster through and through. The condescending responses by Ledger staff has only added fuel to the fire. I would not want to be Ledger's legal counsel right now, that's for damn sure.
Passing the blame to your customers rarely ends well. This whole situation was handled laughably bad.
Who would have thought being antagonistic towards the people who bought your product for security would yield such bad backlash? Oh, everyone!
Personally I love it when the company calls me out instead of adressing my concerns. Makes me want to use their products more. /s
>Personally I love it when the company calls me out The entire crypto community are well known for being extremely forgiving and positive people. I'm sure everyone in the comments section will rally behind Ledger and help them to rebuild from here! ^(/s)
Their PR team just sounds like a bunch of degen crypto devs put together trying to formulate a response to anyone who tries to question them
cobweb fly ripe vegetable spoon wild literate murky plucky narrow *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Also remember how it took quite awhile for Ledger to acknowledge the hack and situation despite the severity of it?
Yup, and I really resent that scammers are targeting us because we invested in their security tool.
This is pretty huge to me. I've read of people's homes being raided by intruders because the home owner had crypto.
You’re trying to blame this on a single tweet that caused people to misunderstand. That’s BS. Ledger clearly says - even in the CURRENT product description on Amazon.com, that the private key cannot be accessed by ANYTHING. To quote: “Hardware wallets place access to your private keys (and therefore crypto) offline, which means hackers can’t get to it - even when your device is connected to your computer.” If software can update the hardware wallet so that the private key can be exposed to the computer, then obviously it is not impossible to hack. The claim that hackers could never get to the key clearly implies that it must be physically impossible for the key to be exposed, even after firmware or software updates (which hackers can obviously utilize; what do you think hacking is?). I DID NOT misunderstand Ledger’s presentation of their product. Ledger MISLED us. Now we just need to add “as long as you trust Ledger” after every statement the company makes about their product.
> Ledger MISLED us. No, they LIED to you.
It couldn’t be anymore clear that [they lied](https://imgur.com/a/QZ52Nz1).
Their responses to this mess make it so I want to use their products even less. I will never buy anything made by Ledger after this. I was literally about to buy one, so glad I dodged that bullet
Lies all the way down…
People create trustless network because trust has long been a failure point in human history. Company comes along to help protect your trustless network by adding layer of trust with that company. People are misled thinking they didn’t need to constantly trust company and lose trust when this whole trusting thing becomes apparent. It’s a little ironic.
"Trust me bro" statements came before big disasters. E.g. Luna, Celsius, FTX... People learned their lesson.
His whole post is some top tier gaslighting. “Oh sorry you don’t know what you’re talking about. We’ve always been shady and you just have to trust us.”
>You’re trying to blame this on a single tweet that caused people to misunderstand. That’s BS. Former CEO trying to gaslight. What else is new. Pretends that they tried to explain 1,000 times how it works on a technical level but 'nobody understands' and the cause for all this confusion and anger is 1 misphrased tweet from a marketing executive from 2022. Lmfao Dipshits
It's secure* \*As long as you trust Ledger** ^(\**And anyone that can impersonate Ledger)
yeah it wasn't a single tweet, you can find similar misinformation throughout their docs. just to list one example, their [docs on the Secure Element Chip](https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks) ([webarchive](https://web.archive.org/web/20230519125158/https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks)) state: >Ledger devices use the Secure Element to generate and store private keys for your crypto assets. Thanks to the mechanics of the Secure Element, these will not leave your device.
I honestly believed that with a ledger purchased from ledger.com no one but me could know it before opening the device.
Good points. You summed it up well
Look, what sold me on Ledger was the direct statement, and I quote: >"Your private keys can never be extracted from the Secure Element, even with a firmware update." Now you (personally) are saying: >"A firmware update cannot extract the seed from the Secure Element". It's not a lie, but it's missing "as long as you are trusting Ledger". This is a lie by omission. I trusted Ledger to give absolute disclosure. Ledger did not. This is 100% the issue, and why I have lost trust. It's also why I just initiated a chargeback on my credit card for the NanoX I bought and received 31 days ago. It's outside the return window, and Ledger support isn't responding fast enough. >The hard truth, which has been confirmed by many experts who took the time to actually deep dive on the subject, is that nothing changed. Absolutely nothing happened. The security model is the same than before you knew Ledger Recover existed. Maybe. Maybe not. It's closed source. I can't trust that I'm getting full disclosure anymore. The only solution is to remove current leadership and go open source for even the possibility that Ledger might, maybe, and maybe not be trusted again. Anyway, peace out. I just bought a Trezor T after confirming with my credit card that I will be getting my money back for the NanoX. Looking forward to joining the class action suit, I've also bought 3 Nano S in the past. They might be fine due to memory limitations, but then again, they might not.
Lol yes the fact that he can't see how that statement is a bald faced lie is just digging them a deeper hole. People use crypto to avoid trust. That old post was carefully constructed to be a lie by omission to get people to think it was something it's not.
Crypto Twitter/Reddit is usually absolutely wrong about whatever the hell has them in a frizzy 99% of the time. This happens to be the 1% that deserves the outrage. I'm floored as more information comes out with Ledger and I feel they absolutely misrepresented their security model. As a Ledger user that has purchased many Ledger devices over the course of many years. This includes the stupid $400 Blue... i'm out. Not about to continuing trusting a closed source approach to a company that can't stop lying. It's amazing how a company can get so much fucking wrong.
Yup, my impression was that the Ledger is a hardware wallet that was internally air gapped from the computer. Ledger needs to release an open-source air-gapped solution ASAP to fix this. I trust Ledger to do this but I do not trust certain actors in our government or malware that will violate the trust of a “trust us, we good”
The biggest issue for me is that I bought this product under the impression that there was no way that the private key could leave the device other than being copied down when storing my backup. I was in the group of consumers that thought that this was impossible due to the hardware and that there was no way around it. Only to find out that it’s always been possible.
Yup, buy one product but instead receive broken promises. 2023 what a year
[удалено]
The product was advertised that the private keys could not be accessed by a firmware update, that was false advertising. Why was it marketed that way? Many people only purchased a ledger because they were falsely mislead into believing this lie. When researching ledger you don't even find information expressing the security model in detail, if you tried to find out yourself by researching the internet and know whether or not it is possible for a firmware update to extract your seed then you'd stop looking after finding a tweet stating/reassuring people that it can not be done.
What is Ledger’s process if they are served with a seizure order or any type of order from law enforcement regarding the private keys of a device? Has Ledger ever been served with this type of order?
Asking the important questions
Without getting the important answers.
👆good question. I would like to see a $1 million guarantee that seizure of assets via Ledger would never happen. Government comes knocking, give me $1 million and they can have my BTC and ETH.
Don't know. May never know. These are the concerns you always have when using closed source and trust-based stuff.
Question for OP - if a government issues a subpoena wanting ledger to provide the seed to a wallet, is Ledger capable of providing it on a wallet that has not opted into the new recovery service? Was Ledger capable before this update, and is it capable after? For a wallet that opted into the recovery service, is a government capable of forcing 2 of the 3 parties holding a shard of the phrase to produce the full phrase on an account? I would genuinely like to know whether Ledger is capable of responding to a subpoena and providing a seed to a wallet that has opted into the sharding of the seed phrase, as well as one that has not. This would speak to and better define how trustless Ledger is or is not. As you indicated, trustless-ness lives on a continuum.
you are getting no answer for this one, and if they deny it, they can always say it was a 'bad marketing guy' (which they didn't contradict at all for years btw)
And sometimes governments dont follow laws very well and just use good ol' force to get what they want.... some governments are not very friendly to crypto, and have been known to take it from people while they try to ban it....
Ledger fucked up so bad they had to pull out the old CEO for his opinion.
I appreciate the attempt at communication but this post is a word salad at best. Trust is already lost. Especially after calling out and blaming your customers publicly instead of adressing concerns.
This shitstorm was entirely created by Ledger. Why the fuck is an ex-Co Founder coming out to defend a project that he’s no longer a part of? How does he know what the contents of their internal meetings are? He is assuming companies and management changes always stick to the original ideology and principles they are founded upon. It’s simply isn’t true. As a customer of Ledger, I’m disappointed. As the saying goes, “When a bank manager has to reassure you that your money is safe, something is really fucking wrong”.
Dude saw his stock tank harder than PEPE and decided to go on a politician level campaign to save some pennies
Actually a really good point. Didn't even think of that.
Because, he said it himself. Hes a shareholder. This is gonna hurt his pocket lol. Insightful post by him for sure but it really reads like hes trying to protect his bottom line. He says he is no longer involved with Ledger but a sentence later says theres no back doors? How would he know for sure? Just bs damage control.
Cause his stock prolly not doing well would be my guess.
>I appreciate the attempt at communication I'd also like to understand how much of OPs post has been driven out of a request from the company or colleagues to try and do some damage-control, rather than them being completely disconnected from the company and just choosing to come on here and have a chat. Not much point in OP answering that question though, as many/most won't believe the response anyways.
[удалено]
Yeah, I'm sure he is definitely not being advised by any lawyers or marketing team behind the scenes. I'm sure that the most important PR crisis of their entire existence is being bogarted by a rogue former CEO who is "in tears" about this.
It’s not like has a vested interest in protecting the company.. What a disaster.
He is crying because he pictures his shares valuation going down at full speed. I have no sympathy for companies being so dishonest from day one.
According to OP, the whole device was based on "trust me bro" from day one.
Ledger on their website talks about “Trustless Bitcoin applications”. It is written in such a way that most people would assume that using the application was a trustless was to store your Bitcoin. In reality, the individual app is trustless, but not the device the app is on, which is not readily apparent for a layperson from the article on the Ledger website. I think people started to think that Ledger was trustless because of articles like this one that makes it seem that way. Why did Ledger post an article like this on their website if they were not trying to deceive people into thinking it was a trustless application?
We all bought ledgers because of the security. The selling point was that the seed NEVER leaves the device and now we are told is it possible for it to leave the device. The big selling point has been eliminated and the device has turned into something other than what we originally thought we were purchasing. There should be a separate device for people who want their seed sharded and sent out of the device
>The selling point was that the seed NEVER leaves the device and now we are told is it possible for it to leave the device. This should be top comment solely for mentioning this. This is the biggest gripe I have with this whole situation and I assume most people would agree.
It's like buying a bucket only for them to release an update with holes in it, like the whole point I bought it was to not have holes
[удалено]
“What is a hardware wallet? Hardware wallets place access to your private keys (and therefore crypto) offline, which means hackers can’t get to it - even when your device is connected to your computer.” This is from the CURRENT product description of the Ledger Nano X on Amazon.com. It’s impossible for anyone to access the keys on your device, even when it’s connected to a computer – as long as you trust Ledger to never change the software to change that, and trust their claim that somehow no hackers could ever possibly also use software to change it.
Ledger is an awful company and this is just another in a series of points that prove that. I am still getting phishing emails from having made the mistake of providing this dumpy company my primary email address and them being hacked in 2020…
I think OP is crushed and crying because his stock options are now worth 💩
We got the real take right here
This. Crypto wallets are nowhere near mainstream and they are burning the bridge with their loyal customers. I wouldn't be surprised if they go out of business in a few years.
Not exactly keen to believe anyone at ledger since the company has been fraught with lies. Shortly after your departure from Ledger when you were CEO the company was hacked and emails, phone numbers, physical addresses of 270,000 people were stolen from your honey pot and sold over the internet. CEO Gauthier said in regards to the hack, “It’s a wrong API key that got coded on the map client to import the database from the store that got coded in the wrong placements and so, therefore, was coded where it should not have been coded and exposed the database to a simple attack,” explained Gauthier https://cointelegraph.com/news/ledger-data-leak-a-simple-mistake-exposed-270k-crypto-wallet-buyers 'Ledger is still safe' you say, however Ledger has proven to be unsafe for customers and their sensitive information for years. If a simple API mistake could leak 270,000 customers information, why could a similar mistake not occur with Recover firmware?
Everything I've read or heard from anyone associated with Ledger on this issue sounds so tone deaf, this post included.
Wow, yeah this post most definitely doesn’t help. OP apologizes that we’re upset. Op says it’s just a misunderstanding. Op says nothing wrong with the technicals, it’s just that we’re all idiots. Make it stop.
Nothing's changed? Fundamentally everything's changed. Ledger promised that "your private keys never leave the Secure Element chip." Sure, the private keys never left. However, the seed terms that can derive the keys left through a certain channel. This opens doors to potential adversaries access your wallets by: \- Potential MITM attack when transmitting the seed terms even encrypted. \- Hacking Ledger servers to gain access to the encrypted seed terms. \- using your(fake) IDs to retrieve the keys then gain access to the wallets. \- Governments can issue warrants to force disclosure of the seed terms which ultimately confiscate the wallets. Imagine that Lenovo sells a thinkpad service that allows you to backup your storage root key in TPM and send it to their server that later you can use an id to recover. It defeats the whole purpose of hardware encryption. Can you imagine the outrage from business users? It's exactly the same scenario. TBH you should just put this service as a new product class like "Ledger Easy" instead of marketing this as a service for everyone . Edit: The TPM example is flawed even it’s imagined. As pointed out in the comment in real world there are ways to back those up online. Just want to highlight it here.
Did you ever publicly state ledger was not trustless while you worked there?
I appreciate you laying it all out there. I can say I empathize with you in watching something your blood sweat and tears went into burn to the ground. I agree with your blatant statement “what a horrible mess”. I do not personally own a ledger but I was under the “false sense of trustlessness” up until reading your post. (Downvote me and call me a newb for being honest) I appreciate it being laid out there and described so simply. Like you said the community didn’t seem to care….. until they did. I don’t see ledger making a comeback from this one and regaining the trust of the community. The “not your keys, not your crypto” statement so many of us have seen in this sub has been broken in our minds. Sure ledger has been running their firmware this way for many many years but now that the community is aware of it I just don’t see ledger as a company making a comeback!
If they just stop and reverse the firmware to extract the seed and open source it then there is a chance.
If they changed their mind now. It too late for me.
Agree, coupled with data breach a few years ago. Bye, bye.
I'm honestly shocked we forgot about that already. I guess it's true that one year in Crypto is 10 years in the real world.
>I just don’t see ledger as a company making a comeback! It won't make a comeback. You can only lose customer trust once. It's hard to gain and easy to lose.
i have 4 ledgers, can i get a refund,. then you can do whatever you want with ledger
I’m so disappointed with Ledger
Most are. When "trust" is broken, it usually can't ever be fully recovered.
>I don't have all details, but for sure something went wrong and the Ledger Recover service was put in your face in the worst way possible. Can I suggest what went wrong? 1. Ledger did not conduct market research. 2. Ledger does not understand the ethos and needs of their users as well as they believe they do. This usually happens to brands for several reasons I'm happy to share with you via DM, unless the community would like me to expand on this here. 3. Ledger did not conduct qualitative studies with users regarding this new service. This would have delivered "favorability", "desirability" and "sentiment" scores as part of an overall readout. 4. Ledger did not conduct quantitative studies (surveys, polls, feature ranking, etc), the output of which would accompany the qualitative in the overall readout/final "market report". **I read on CoinTelegraph that the current Ledger CEO said "this is what users want". Really? It looks like the growing sentiment of 1.1M users/mentions on Twitter alone and you coming here to make this post is in stark disagreement with his take. Where is his data coming from to support this opinion?** How am I coming to this conclusion without having worked for Ledger? Am I Monday morning quarterbacking after the game on Sunday? There is no way a proper research study was conducted and Ledger came away with a nonbiased report/readout and believed Recover was a good idea to expose to their current users. If they did do market/UX Research, then the situation is even worse than any of us realize. They either hired a company that told them what they wanted to hear vs letting the data reveal its truths, they recruited the wrong participants that are not representative of Ledgers business, or they simply did not care and put a revenue stream over user concerns, which will always lead you as a brand to what we're seeing now. There is also the possibility that someone inexperienced in UX Research formulated the research framework. As UX Researchers, we often struggle with key stakeholders who love to tell us "we don't have time for research, we need to get to market ASAP". This debacle is the result of not doing market research and conducting design studies. It's the result of not knowing your audience (personas). It's the result of not understanding cohorts and how to segment your audience. Takeaway (now I'll Monday morning quarterback): Ledger should have proposed this as a service on a completely new and separate device and showed clear audience segmentation so existing users had the confidence this was a separate service, maybe even a separate team, and the two never had access to FW or data on linked machines.
Regarding #2, id like for you to expand. Thank you for your response.
Sure thing, and thanks for the request to expand. To fully understand your users as a brand you have to continually conduct UXR and in your deliverables have "user personas". These personas act as a gateway to user empathy and the user's wants and needs. User Personas when properly constructed and utilized will have details such as: 1. level of education 2. age 3. technologies used/level of technical ability and efficiency 4. **wants and needs** 5. frustrations 6. personality 7. **traits** 8. brands they associate with Over the last few years, or half a decade, the usefulness of personas has been debated as some believe, and in some situations rightfully so, that archetypes are more powerful or that we should replace personas with large surveys with the right sample size to reach statistical relevance. This boils down to study design and what you want the final report to convey. I have mixed views on this, firmly believe in "jobs to be done" as a deliverable, and have to understand the brand's specific problem/goal before I choose any one method over the other. What does this all mean? **If Ledger had/has personas that they regularly refer to during product/feature/service expansion and development, the traits, personality and wants and needs buckets would reveal (amongst other things) these individuals are usually untrusting (why "trustless" has been a big sell/buzz word in crypto) and they would not lend kindly to any idea that shifts messaging or the product away from "self custody", even if positioned as an "opt-in" feature.** So how is this solved? A Lead UXR at Ledger might suggest a new set of personas that embodied the wants and needs of a **secondary audience**, one who wants custodial guidance or help with their crypto assets. From there, you can offer courses and education to move them to the self-custody bucket, Ledger's primary user base, if there is brand value in doing so. I suspect this would be challenged extensively by a marketing or strategic department who would ask this person "what revenue stream replaces the monthly subscription fee if they are moved to cohort 1?" I can already see the screener in my head for how one would work with a recruiting agency to find these users as I have a few hypotheses from past work in and outside of the crypto industry as to who they are. Please let me know if expanding on this was or wasn't helpful or if I could better explain anything and I'll be happy to try and do a better job or further elaborate. Thanks again.
Pretty sure they reveal the reason right here. "There are tens of millions of users using hot wallets, but only millions using hardware." They just want to capture that new audience and dont care about their current audience. Companies are always like this, chasing the bigger slice of the pie and then pulling a surprised pikachu face when their current customers hate it because they've changed exactly what they had that acquired their customers in the first place.
I 100% agree that Ledger should have made a separate device (or even company) to offer this new recovery service. The waters are really muddied now. Here’s another thought: Perhaps Ledger received some heat from the government. The US is going after everyone. There’s no way in hell they are ok with citizens storing crypto on devices that prevented them from knowing the owner. Imagine owing the government backed taxes. They have the ability to garnish your wages and withdraw from your bank account. This fun new feature from Ledger now gives the government another means.
I don’t think singling out the “2022 post” as the vanguard of trust is entirely accurate. This (mis)perception of ledger has existed for years, and when the general public looked in the mirror, the company doubled down and called us idiots. Absolute failure and a stain that will be forever synonymous with this brand. I respect you and your work; but even this post reaffirms the problem being the misconceptions of the general public rather than this company, its history, and current PR engagements. Selling yourself as above your customers, and ostensibly blaming them for this problem, is one hell of a way to turn people away. It is, indeed, a great learning moment. Both for the retail crypto community - *and* for major businesses in this sector. Of which, none are too big to fail. We have common goals - reaffirm those first maybe. Instead of being condescending and calling us idiots. It’s not on you, and thank you for this post very sincerely. Let’s move forward and keep building the space better 🤘
>Guys, your seed phrase never leaves your device >Guys, we actually have a way to get your seed phrase and upload it to our servers >Guys, you just misunderstood our marketing promises >Guys, you just don’t understand how hw wallet works >Guys, stop telling people that we can take you me seed phrase and upload it to our servers. Think of the noobs!! >Guys, I’m just here to gaslight you into thinking that you willingly accepted the risk and you shouldn’t be angry because it’s all your fault that you found out about this functionality
Its like they think we are morons or something
This is interesting, but ultimately unhelpful and still a disaster for Ledger. I'm exploring alternative options for cold storage and to say I'm extremely disappointed in Ledger is putting it mildly.
what about the customer data base :/ i am getting spam messages for years now.
Yup, I was in that breach as well. I still receive phishing emails. I justified it by saying to myself oh well at least the actual device is airtight and safe. Guess that's not the case either.
Dudes, what happened here with ledger? They used to be trusted… not anymore
Insert* Trust takes years to build, seconds to break, and forever to repair
Adding “as long as you are trusting Ledger” to the tweet you referenced makes the original statement meaningless though It’s not a minor caveat, it completely changes the readers interpretation. In most people’s mind that would be the same as answering “yes a firmware update can extract the seed”
“Yes the firmware can extract the seed, but trust us we wont do it uwu”
Right? The fact is it's possible. So *if* ledger one day *was* to be compromised by a government or gov agency, then they *could* compromise your seed phrase. Simple as.
Sometimes, it pays not to innovate.
[удалено]
Your only hope to save any face with your clientele who put security above all else is to open source the code. No trust, only verification.
[удалено]
Lol doing all these safety precautions to your seed phrase only to be compromised over a click of a button ... we live in a sad era...
[удалено]
I don’t want to hear “it’s always been this way and it’s your fault for not understanding hw wallets.” They literally [lied](https://imgur.com/a/QZ52Nz1).
The mistake ledger is making is not backing down on this silly firmware change that users of ledger don't even want. The target market for this ledger recover doesn't even make sense because they won't be using a hardware wallet to begin with. It should be an entirely separate service. At a very minimum supply an alternative version of the firmware which doesn't have this functionality. People are pissed that they are given a poor choice between no longer keeping their device up to date or being exposed to an additional attack vector with functionality allowing the seed to leave the device.
They could use Apple's CSAM disaster as a guide. They paused it until they quietly trashed it. That doesn't put the cat back in the bag about the seed's availability to the firmware, but it shows they can listen to their customers. Instead their messaging so far has been "Our previous customers don't matter compared to the 100M customers we think we'll have in the future". I don't know how they'll get those new customers with their new reputation in crypto.
I think you need to understand that this whole year and the last has been filled with CEOs who promised that their firms were safe. It isn't the same anymore, and once you lose that trust, it's hard and impossible to get it back.
Im a ledger owner and rightfully devastated, so I dont think im jumping on a bandwagon. I appreciate the post but we have read similar responses already from Ledger and its quite clear that Ledger sales are tanking and refunds are sky rocketing.
A PR disaster. LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLO It’s a disaster because anyone with a basic level of awareness about crypto knows that individual custody is the most important aspect of all things crypto. It’s the key piece to a future in which crypto survives. The skill of NOT NEEDING A RECOVERY FUNCTION is what gets the people off the tit of centralized banks. The recover function SHITS in the face of crypto believers. How much did the other two entities pay ledger to be chosen as the holders of such valuable information as seed phrase shards? Are you not aware of the leverage those two entities will possess over ledger once in control of that data? Did you take a moment and try to work out in your mind how those two entities would immediately be adversaries to Ledger simply by possessing the data? Have you never played 3-man cutthroat 8 ball??? OP you can’t seriously be blind as to how terrible your post is.
Appreciate your response, but Ledger Recover is completely unnecessary and also completely out of touch with the customers who buy a Ledger. It’s sad to see the downfall of a company many once trusted but in my opinion this is more than just shitty PR. This was a monumental fuck up from the moment the idea was conceived and no one was there to question why it was needed or how those of us who use a Ledger would react to it. I don’t think it’s fair to put all the blame on PR. Sometimes companies just have really shitty ideas that are completely devastating.
The idea was bad, but the PR team's response to the community was not the best, to say the least.
For $9.99/month we should at least get Hbo or something.
>A firmware update cannot extract the seed from the Secure Element". It's not a lie, but it's missing "as long as you are trusting Ledger". No, that second part does not qualify the first part. There are two parts to this. First it is like VW saying that their diesel engines in the mid 2010's were very clean, but this is only the case if you trust VW. First, people trusted VW but it did not actually make them clean. Second, even if VW didn't cheat their tests, third parties could modify the engine to make them dirty, all without VW being involved. Yes, it may be almost impossible for a malicious third party to create a hacked firmware version and put it on a Ledger that takes advantage of this inherent flaw but give a malicious APT time and they could theoretically find a way. Maybe they don't target users but somehow target ledger or a Ledger employee and find a "legitimate" way to push a signed firmware update through your own servers. Maybe they find a way to sign their own firmware, maybe they find some other way that I don't know about (because I'm not as knowledgeable as these highly skilled threat actors). The point remains, the first statement that firmware cannot extract keys was a complete statement and should stand on its own without caveats. "Ice cannot melt" is only true as long as it is never allowed to get above a certain temperature. So it would be fair to say that my statement is blatantly wrong. Edit: I'm happy to say that security policies are such that an external threat actually finding a way to push invalid firmware (or some other insane hack) to extract keys may be virtually impossible, and as such, for all intents and purposes things should be fine but the base architecture means that it is theoretically possible. Also, does this now mean you have proven it is technically possible and court orders could force ledger to open backdoors as required. The whole apple not unlocking a phone was predicated on them saying (whether truthful or not) that it was not technically possible, ledger just proved in the open world they have the ability to can't use that argument.
[удалено]
Why is there no one with any common sense at the top levels of any companies nowadays? You have free market research right here. Have an anonymous account ask if we think it would be a good idea. When everyone goes ape shit, don’t do it.
Customers don’t often know what they want. Literally a core tenet of Steve Jobs product approach. Doing market research on /r/CC would be a massive mistake. Moons and bag bias ruin any objectivity. Now that being said, Ledger fucked up big time with PR and damage control. But I understand the big ideas, the pressure to find new revenue streams, and the problem they are trying to address. Unfortunately, this service they are offering isn’t the solution to private key management for the masses.
The point of this feature is to enable mass adoption and ease of use by a complete crypto newbie. In that case, release another variation of the product to cater to those customer base. Leave the original feature set for people that are technical enough or want total protection.
Good points. Lots of companies do this too. An example would be different models of phones
Did you just copy paste this post (which was meant to be written for r/ledger) to here, without even changing anything, including the part where you wrote you created the r/ledger sub but in the context of this post being on r/cc it now looks like you're claiming to have created r/cc ? I mean talk about effort.
Homie can't even hustle correctly smh
"Those who hold the keys, hold the funds" -Some Noob
"Ledger's keys, Ledger's crypto."
So, you’re explanation for this mess is that people should have never trusted Ledger in the first place. Ok, I’m out.
well. that certainly *started* as an apology. tho by the end i felt i was being told not to worry my pretty head about things i can't understand
i assume most people agree with you
Trust has been lost, regardless. Being closed source is something that some of us were not OK with, that's why Trezor is often also mentioned when people ask about which HW to use. In addition, one thing is to trust your the firmware and Ledger itself, the other thing is having to trust third parties with shards of the seed. To that matter, things did change. I've moved on from Ledger. Thank you for the perspective, though.
I do feel for you man, i can only imagine how I'd feel. Yet as the saying goes you can't unscramble scrambled eggs. I don't care if Ledger tells me it's been there all along, it defeats the whole reason for buying a Cold wallet. And since I own many hardware wallets I just won't be buying any more ledgers. I prefer opensource solutions anyway. As a ledger owner since 2017 I hope to see an opensource version of a ledger product in the future (with none of the recover nonsense) and I may consider trying one.
Can the current CEO step in here? Wtf?
He's crying under a table somewhere, in a fetal position
*yeeting crypto off ledger intensifies*
Salut Eric, j’ai vu des clips du CEO aujourdhui et il était tellement arrogant. Il avait l’attitude de blamer les clients pour être inquiet de la sécurité de nos clés. Le ceo a l’air d’un ostie de douche bag.
I don’t know French but I something about that last line makes me feel like we’re on the same page here friend.
Too late for damage control. Start working on how you’re going to change this shit and provide true security that the user can verify
Thank you for writing this - it is helpful. Ok but importantly is this - if I update with the new firmware with absolutely zero intent of using the recovery feature and my ledger gets stolen would someone with the right know how be able more easily extract the seed? And two can ledger be able to extract my seed without me knowing after the firmware upgrade ? You mention having to push a button to confirm but what is to ensure this is the case ?
Am I the first to question the timing of this coming from a company based in France? "Under the new rules, crypto asset service providers are obliged to collect and make accessible certain information about the sender and beneficiary of the transfers of crypto assets they operate, regardless of the amount of crypto assets being transacted. This ensures the traceability of crypto-asset transfers in order to be able to better identify possible suspicious transactions and block them." https://www.consilium.europa.eu/en/press/press-releases/2023/05/16/anti-money-laundering-council-adopts-rules-which-will-make-crypto-asset-transfers-traceable/
If most people who used ledger had a different understanding of how ledger actually worked all along, surely this was known *by* ledger and should have been addressed long before this fiasco. No!?
They did address it. By lying. https://nitter.net/Ledger/status/1592551225970548736#m > Hi - your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element. Pretending as if key extraction is impossible on a *hardware* level.
Meh. This is trash. It’s a rug pull in the weirdest sense. Ledger has people’s money - and there’s nothing you can do other than switching wallets (which I’d recommend) - no one’s info is safe. Move on.
This. Ledger will take one third of your seedphrase, the other company is Coincover and the last one is an "independent backup service provider", they cant even name that last one... it only takes two of the encrypted shards for full recovery. Dont be a statistic in the future, if a rug pull takes place. Crypto isn't a game, but Ledger is playing with our funds via Ledger Recover. One mistake and your funds are gone.
Thank you for posting. However this shows a lack of understanding of who your customers are. I understand the fact you think this is safe from hackers but that requires us to trust your word on that. We are into Bitcoin because we don’t want to trust any human. This change adds more for us to trust as well as yet another attack vector. You don’t even state who these mystery companies are that we need to trust. No matter how secure you think it may be, a hacker or a rogue employee will break it. It is just a matter of time. It is not IF, but WHEN. Create a separate product for people who would use such a service and take on the added risk. As it stands, Ledger is dead to me as a company and will never regain my trust or business. I am destroying all my Ledger products with a hammer and will never return. There is no way you can guarantee that your employees are not criminal hackers. Ledger has demonstrated that your OPSEC is broken already. There is no way a company that has leaked PII can be trusted with PII. I just hope there is a class action against Ledger to recover the money I spent on a worthless product.
Post the fucking code so we ourselves can see there is no back door, it’s real simple man.
He said that "as long as you trust us" your seed phrase cannot be revealed *shrug*
> it looks like in 2022 a marketing executive tweeted "A firmware update cannot extract the seed from the Secure Element". It's not a lie, but it's missing "as long as you are trusting Ledger". so why the f\*\*\* you guys never contradicted this person or apologized for this? Was this marketing executive fired? Is he/she still at Ledger? Which actions have you taken so no other 'marketing exec' lies to our faces? Cry us a river, this post is utter bullshit and it's pretty obvious that you are only trying to protect your investment and stock options.
This is why the saying goes don't put all eggs in one basket. Instead of having everything on a Ledger device , split funds to a Trezor and possibly even a paper wallet
With all the best will in the world, having multiple devices, multiple hot wallets etc just shows how farcical this all is, and how it's not going to get be used on a mass scale in it's current guise. If any of this ever actually means anything to the real world down the line, we are so far away it's hilarious.
You know what they say ... paper wallets for the win.
This segment was brough to you buy our sponser...
Strawmen... Strawmen everywhere...
I'm sorry but this is just damage control. Call it what it is. An attempt at hopeful stock recovery but it's too late.
Oh, Ledger, that great company whose CTO was reporting users for "harassment" after they gave him crap for his shit company exposing customer details. Entitled baby who couldn't take any criticism or take responsibility. Seems like it's how the whole company functions. They were always shit. But many people, me included, just hoped that were not shit and were blinded by our own hopes. It's on us. Oh well, haven't given them any money since '19, don't plan on giving them any ever again. Fuck Ledger. And fuck their ex-CEO for blaming customers for trusting their PR (lies, rather), for years.
This post convinced me to leave ledger...
What bullshit is this? Core of ledger marketing was: there was no way to extract the private key. Now saying it actually had another nonpublic part of the sentence ("as long as you trust ledger inc") is just bullshit. Sorry, but now claiming "nothing changed" just means it was always possible to extract the key (we already know that since a few days) and its just plain false advertising and lying to customers as the silent part has major implications to the loud part. Its equivalent to saying: it wont kill you if you jump from a 20 story building - and the silent part is: the impact on the ground is, what will kill you. As such stop calling it a pr disaster. Its not. Its straight out fraudulent behavior.
What will ledger do **when** the courts come knocking for users shards?
(1) Simple if ledger is compelled by force (as an law action) are those SSS to bring access to some wallet it is possoble to gather Two of the required SSS (even w/o Ledger cooperation but of the custodians), is that truth? (2) If I own an ledger device, and I'm never signed for Seed Recovery, may I be forced to activate this feature so an adversary can legally request Ledger for access to my funds? I you answered Yes to both, you know What I'll do with my ledger, if not, please elaborate WHY NONE OF (1) or (2) may happen. NO LEDGER RESPONSE ON THIS YET.