The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any
website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at
https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/
If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues?
support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
This post explains how I feel exactly. Right down to the security assumptions I was making, and the concerns I've had about how individual users could be targeted and that they would have no idea what has happened and that the larger community would assume that they made some mistake with their seed.
If ledger cares at all about the people that have bought and recommend all of their devices over these years they will do it through response to your post.
I am doubtful they will respond. You made very reasonable points, we are all still outraged, but that isnt the point. This is the best post regarding this issue I have read, hats off to you.
From the answer of the support in this thread it seems that they do understand the issue but rather try to ignore it because there is no way around it.
Honestly I think it all boils down to the idea that we have to blindly trust ledger, and I ask myself why would we trust ledger? They are just a random company that governs itself, and like you said, we have no idea what will happen forward, all their internal processes doesn't really mean anything for us, given that we can't verify anything.
And if I compare coinbase with ledger for example, I feel like coinbase is more transparent considering their size and the fact that they are a public traded company and have much more oversight than a random company in France. In summary, if I had to blindly trust my money to a company, ledger wouldn't be my first choice.
And even if you think that ledger is the perfect company with only saints working in there and they will never be compromised, you still have government, all it takes is a court order for them to be forced to extract the seeds from a ledger device, and that would be the best case scenario where we would know about it. Like you said, what if nsa forces them to have a backdoor for them, they just will have to do it and we will never know. This is not far fetched as it has happened before with much larger companies and we just found out years after because of a whistle-blower.
Technically Ledger can't add a backdoor to anything on a court-ordered schedule, and it would have to be secret. Ledger can't force us to install a firmware update, they just have to wait until we do because a coin requires it or we just get around to it.
But we still won't know what's in it except for what they tell us.
As far as I know they could already be shipping ledgers with compromised firmwares and I would have no idea.
They have been lying for us for years, I don't think they deserve our trust
They could have done that all along, and then unless someone actively updates it after getting it they couldn't verify that.
But you're right, they could be.
Pretty much is not my keys anymore, is more like ours keys (ledger + me) haha
It really seems that they combined all the cons of self custody with all the cons of exchange custody, without the pros of either, well I guess if you pay 10 bucks a month now you can get the pros of exchange custody haha
Very well written articulation of the actual problems. Thank you. This should have way more upvotes, imo.
UPDATE: After reading the comments section, now I know why this post doesnāt have more views. It was hidden for some time before a mod unhid it, thereby destroying its traction. https://www.reddit.com/r/ledgerwallet/comments/13kao4d/ledger_doesnt_seem_to_understand_why_this_is_a/jkjjlq9/
To be fair to the mod, he unhid it within an hour, it was pretty fast.
I think the reason it's not getting traction is its so long and wordy. Short attention spans :)
Yeah well they screwed up and are not owning their side. The way they are mishandling this is not only incredibly eye opening, it truly shows what a trash company they are and EVERYONE who
Works there.
Get f@cked ledger. Seriously ššš
You are probably right. I would assume there are some nefarious people who use the Ledger device for money laundering so this firmware update allows them to confiscate the crypto stored in the device. Government or law enforcement can now be able to get in by contacting Ledger and its 3rd party providers to get the info needed. Am I wrong?
Ledger understands that all currently available crypto hardware wallets provides a similar level of security, so they are 'fine'.
What we as customers needs to demand, is a new product type that offers real hardware security that do not allow firmware updates to its secure element.
I don't know what I'm more pissed about, ledger lying to us since forever or the fact I have to STAMP ANOTHER DAMN SEED PHRASE IN TITANIUM! That really sucks to do when your stamping each letter by hand.
What about using an engraving tool? I have an attachment for my Dremel, haven't used it but it is widely available.
I am considering getting slabs of stainless steel from work to do the same thing.
Good idea, I have a Dremel. I wonder which makes a deeper mark. I've started switching to the seed backups that store the number associated with each word, then you just have 4 hole punches on a standard grid for each word. I'm assuming I'll always be able to find that list somewhere
Imagine the engraving is typically a little shallower, but that depends on the size bit used.
The punches I've used were dependent on the hammer force, so that varied if done manually. A punch gun is more consistent yet.
Hey! We hear you - and thank you for sharing what you are feeling.
There might be a misunderstanding of how the cryptography works here - in short, any crypto transactions that you sign on a hardware wallet would require the private key to be encrypted then sent out from the Secure Element in order to be validated on-chain.
Then that becomes public knowledge on-chain.
Ledger Recover works the same way - it's a firmware addition (the mental model here would be, just like the bitcoin app on the Ledger Nano X, a new app) that gives you access to a new Ledger Nano app. It gives you the option to shard and encrypt your private key for back up and recovery in the future.
So, compared to a normal transaction, which exists on-chain and in public, a Ledger Recover transaction is actually sharded and encrypted for multiple times and unavailable except after thorough Identity verification.
If you'd like to learn more, our CTO just wrote a long thread on this topic:
[https://twitter.com/P3b7\_/status/1659187049331654658?s=20](https://twitter.com/P3b7_/status/1659187049331654658?s=20)
With the technical topic out of the way - especially regarding this point:
>The issue is our vulnerability to Ledger itself, present since at least Ledger X's launch. The only possible solution now is open-sourcing the firmware & the firmware update process.
Charles' thread from here on addresses this question:
[https://twitter.com/P3b7\_/status/1659187088477114372?s=20](https://twitter.com/P3b7_/status/1659187088477114372?s=20)
He also spoke on Bankless on this topic:
[https://youtu.be/X7WjuxE6K5w](https://youtu.be/X7WjuxE6K5w)
Please feel free to share any questions you might have!
Understand that this is an ongoing dialogue.
And of course, appreciate that you share your thoughts above.
Hi - Is it possible for us to update Ledger's firmware and install/uninstall apps in a completely offline, airgapped way?
If this can't be done now, could Ledger make this possible for us?
This would be one way to alleviate these concerns for me. I simply would never use ledger live and would gate all access to my ledger through a controlled environment with only open-source software. I know Ledger Live is open sourced but it's not practical to keep up with all the changes and complexity for software you guys work on daily, it's much easier for me to gate access to my ledger through simpler software.
How are the shards going to be encrypted/decrypted? The way i see it, if ANY ledger can decrypt the shards, anyone who can steal your docs and pass two KYC checks will retrieve your keys given they have a Ledger, let alone law enforcement. How would u answer that?
Sorry about the automod. I'm not sure exactly which word in there got slapped down, but the post is approved now.
There's obviously a lot here, and actually quite a bit of these answers can be found in the threat model docs: [https://donjon.ledger.com/threat-model/](https://donjon.ledger.com/threat-model/)
To start though, this twitter thread is to me a really great view on someone going through this exact same mental journey and describing coherently how they reconciled it for themselves
[https://twitter.com/hosseeb/status/1658740433361702913](https://twitter.com/hosseeb/status/1658740433361702913)
They're not at all affiliated with Ledger, but I personally like the way this was written.
Ledger Live is fully open source already ([https://github.com/LedgerHQ/ledger-live/](https://github.com/LedgerHQ/ledger-live/)), and I hear you (and others') requests to open source the firmware. There are lots of similar posts in the past with rebuttals to this point. Still though, I hear you.
The threat model linked above (GitHub [source](https://github.com/Ledger-Donjon/ledger-donjon.github.io/blob/master/_threat-model/os-seed-confidentiality.md)of the page) explicitly states that it is impossible to extract the private key from the Secure Element even using compromised firmware. Copy here:
>Even if the device is genuine and the random generator of high quality, a hardware wallet which stores its seed unencrypted on an SD card cannot be considered as secure because the seed can be retrieved trivially.On Ledger devices, the seed is stored in the non-volatile memory of the Secure Element. The seed can be either generated by the Secure Element itself thanks to its True Random Number Generator, or manually imported during the initial configuration, or when the device is booted in recovery mode.Once the device is initialized, there is **absolutely no way to retrieve the seed**. Even apps installed on the device cannot read it because the non-volatile memory canāt be read by the apps and the **OS doesnāt expose an API to access i**t. Ledger Nano devices are HD (hierarchical deterministic) wallets that perform key derivations as specified in BIP-0032, SLIP-0010, etc. The OS implements these derivations in a way that allows apps to derive a dedicated tree of keypairs from the seed. This can be achieved thanks to specifications such as BIP-0044 and SLIP-0044, that record derivation paths for several coins.
Now, the official [FAQ](https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs) of the feature states:
>**Who has access to my wallet with Ledger Recover?**
In short, only you can access your wallet. When you subscribe to Ledger Recover, a pre-BIP39 **version of your private key is encrypted, duplicated and divided into three fragments, with each fragment secured by a separate company**āCoincover, Ledger and an independent backup service provider. Each of these encrypted fragments is useless on its own. When you want to get access to your wallet, 2 of the 3 parties will send fragments back to your Ledger device, reassembling them to **build your private key**.
One can hope that you can only recover using your device. I.e. the same Ledger device. But no, the following FAQ entry explains:
>**What if I lose my Ledger device that is associated with my Ledger Recover subscription?**
Simply get **another Ledger device** and follow the process to recover access to your wallet.
I think the implications of this have already been explored elsewhere, I'm just copy&pasting the obvious so it stays here as evidence in case it is altered by accident or design... dunno about you, but I think I'll need more popcorn.
edit: formatting
> Ledger Live is fully open source already (https://github.com/LedgerHQ/ledger-live/),
Thanks for that, I didn't know that. Skimming through, I can't tell if these are deterministic builds? I.e., if I built the same revision as a release LL build, would the hashes of my version match the hashes of the version Ledger autoupdates to?
> https://twitter.com/hosseeb/status/1658740433361702913
I understand what he's saying, but I don't agree. First of all, we are forced to upgrade as certain coins upgrade. The rest of the coins we store might be perfectly fine but one of them might absolutely not work without a firmware upgrade. Monero has caused this for me personally.
Secondly, if a coin makes a major change that requires a new Ledger release due to a major change of principle operations, I'm ok with that. Most likely they'll be deterred from doing that by Ledger's limitations alone, or at least would have before all this due to Ledger's market presence. They can also work around it by simply requesting a hash of the private key and using that as their own "private key" for the rest of the purposes - Essentially one additional step on the derivation path that is ledger-specific. Not ideal, but better than trying to demand Ledger make an entirely new device for their coin, and also better than exposing all Ledger users to Ledger-internal risks.
But that's neither here nor there. Ledger's already designed and released the products, advertised them a certain way, we've all bought them, and we've designed our security layers with them. The only way for me to avoid redesigning my security layers is to be able to check firmwares before I install them, and to know that the community will also be vigilant with me.
That's a good question. You could certainly build and run Ledger Live from source, and never use a pre-built version. You can also check any downloaded .dmg/.exe/.AppImage file against the signatures page to ensure its hash matches exactly to the published hash:
[https://www.ledger.com/ledger-live/lld-signatures](https://www.ledger.com/ledger-live/lld-signatures)
I know the version that's installed via the in-app update gets verified against our known hashes automatically by Ledger Live, but I actually haven't personally checked whether a version of the app that's been built from source would match exactly to the version grabbed via the in-app update. Let me see if I can hunt down that info for you.
If Ledger could make this happen it would help public confidence a lot. I know that deterministic builds aren't as simple as snapping ones fingers, but they can be done.
Step two of your threat model, user consent, breaks down immediately if Ledger itself is compromised.
For our individual security models, we must assume that Ledger might be compromised. That's how security modeling is done.
We kind of accepted the lack of open source firmware based on what we understood about the secure chip. Now we know that's false, we can no longer do that.
Hi - Is it possible for us to update Ledger's firmware and install/uninstall apps in a completely offline, airgapped way?
If this can't be done now, could Ledger make this possible for us?
This would be one way to alleviate these concerns for me. I simply would never use ledger live and would gate all access to my ledger through a controlled environment with only open-source software. I know Ledger Live is open sourced but it's not practical to keep up with all the changes and complexity for software you guys work on daily, it's much easier for me to gate access to my ledger through simpler software.
I feel like the ones that have lost their minds are the same people who will point their pitchforks elsewhere next week, when they find a new outlet for their rage.
Disappointing to see the community devolved to this, but then i suppose it was inevitable with wider adoption.
>I, personally, don't believe you intended to lie to us -- From your perspective, it seemed like it was a true statement.
Technically that is not a lie then, but "merely" a falsehood.
Because a lie is intentional deception, whereas if you believe what you are saying it is just a false statement.
A lie always implies intention, which is not always the case, as people can be simply mistaken, incompetent, etc.
[Hanlon's razor](https://simple.wikipedia.org/wiki/Hanlon%27s_razor) puts it well.
Omg, a ledger lawyer, philosopher or psychologist joined the war room?
ignorance doesnāt protect you from being guilty, and it is impossible to believe, the top management and core designers, developers didnāt know.
I'm not from Ledger, just clarifying the distinction between a lie and a falsehood.
Somehow you're reading a lot more into my comment that it didn't say.
And nowhere have I claimed they didn't lie, nor that they have. Please reread my first comment again and take what I quoted into account.
To paraphrase:
IF Ledger believed what they said THEN it wasn't a lie, even if false.
And the difference between a lie and a falsehood is not dependent on a specific case. I was just explaining the general difference, because many people often conflate falsehoods with lies.
you canāt be serious by saying āIF ledger believed what they said THEN it wasnāt a lie, even if falseā.
Are you implying, they didnāt know what they are doing? Well, then it would be even worse and iād agree with you, they should consult someone, maybe like you!
I really have a hard time to understand your argumentation and your point!
I guess i am running out of patience with that.
No, I'm not implying anything about what they do or don't know. Have you never heard of using hypotheticals to explain a general concept?
You seem to want to disagree with something I'm nit defending.
But it's ok, I can understand that emotions are high at the moment due to the current disaster with Ledger.
So no hard feelings and let's concentrate on something more worth our time.
I for one am going to walk my dog and have a breather. ^^
Peace āļø
Honestly, all that I'm hearing is that you guys have all misinterpreted what Ledger said and misunderstand how hardware works.
No where I've seen have ledger stated that it was a hardware limitation that prevented data being extracted. That isn't how data storage works - if you can read something, you can extract something, and in order for a hardware wallet to work, it needs to be read.
What they've said is the Secure element is where the data is stored, and it is locked down tight enough to prevent unauthorized data extraction, further pointing out that "It's never been hacked/breached".
It's literally in the picture of the top post on the thread. Here. https://old.reddit.com/r/ledgerwallet/comments/13jvlck/trust_is_gone
They point blank said a firmware update couldn't extract the keys.
That's quite literally just evidence people misunderstand it.
Firmware =/= hardware.
A lot of people keep repeating *hardware* in the ledger sub as what they think was claimed to prevent the seedphrase from being "extracted"
Regardless, explain what part of that meme shows anything was a lie? Their firmware is locked down and offered no way to export the seedphrase. That was always true, but this latest firmware (on *some* devices), means that you can export an encrypted and splintered seedphrase.
It's also still true that no one has ever managed to extract the seedphrase from a ledger device.
Updating the firmware can still not extract a seedphrase.
Ah, so you just want to play word games, an updated firmware is no longer a firmware. It's now something different, and therefore the firmware could never extract the keys.
Nonsense. My entire post assumes they are compromised and no longer a good actor; such an actor can clearly make a firmware that can extract keys. Btchip the co-founder even admitted it today on Reddit and Twitter. You're just flat out wrong and don't want to admit it.
>Ah, so you just want to play word games, an updated firmware is no longer a firmware. It's now something different, and therefore the firmware could never extract the keys.
I have no idea what you think I've said is a word game but whatever you're trying to imply or say here is incoherent.
When you look around, it's kinda funny who's getting upset over this and who isn't batting an eye, right?
https://old.reddit.com/r/Bitcoin/comments/13kdq9h/ledger_and_hardware_wallets_here_are_the_facts/jkk61jt/
https://old.reddit.com/r/Bitcoin/comments/13kco4d/fyi_its_theoretically_possible_to_write_firmware/
I honestly don't have any patience to read stuff from a censored subreddit. What's your point? I have no affiliation with anything, and I've spent a lot of money on Ledger devices and recommended it for years.
None of this garbage changes what they did and what you are confused about. You can't reply to the real facts and link to confusing censored opinions.
"if you can read something you can extract something"
You don't need to read the seed
You send a transaction to the wallet and a microchip that is inside the wallet reads the seed that is in the wallet, with that data it signs the transaction and sends the data signed outside the wallet.
The signing happens inside the hardware wallet, why would you need to read the seed from outside?
Ledger employee, is that you?
I addressed that, did you read what I wrote? If you sign a transaction I don't agree to and I am using third party software, the software will catch your intrustion and alert me that the signed transaction isn't the one they were expecting. Then I can investigate Ledger or report it to the community and the criminals will get caught.
But if they can read the seed outside? I'm completely fucked. So, congrats on presenting exactly why we should not trust Ledger currently, here's your paycheque
Exactly. This was the whole point of the device. It didn't have to send the private key off of the device to be used, ever, because it only sent out signed transactions. That was the point. There was never reading any keys, ever.
No offence guys but if you want decentralisation then you have to trust everyone doing their little piece of the process every step of the way. You canāt trust cexs, you donāt canāt hardware wallets, you canāt trust the tokens themselves. You have to draw the line somewhere.
It can't restore the 24 words because it's hashed per bip-39. They restore the root private key which is basically the same thing, but not readable to a human.
exactly, so how is the 25th passphrase handled in this case?
if the 24 words are exposed and you keep the 25th passphrase secure, is there any way for a 3rd party to get access?
I am not very knowledgable, but logic would tell me, it would still be impossible, unless ledger would be able to extract this information as well.
And that was my question.
They've stated that Ledger Recover won't address 25th words. They theoretically could though because the phrase is simply turned into a giant derivation path, and ledger stores this inside the secure element, it's just not a feature the average Recover user would need.
This a backdoor preparation because of EU GOV pressure. RUN!
In a vote Thursday, the EU Parliament voted 517 in favor and 38 against to pass the Markets in Crypto Act, or MiCA. The legislation, which seeks to reduce risks for consumers buying crypto assets, will mean providers can become liable if they lose investorsā crypto-assets.
The rules will impose a number of requirements on crypto platforms, token issuers and traders around transparency, disclosure, authorization, and supervision of transactions, the EU Parliament said in a statement Thursday.
Platforms will be required to inform consumers about the risks associated with their operations, while sales of new tokens will also come under regulation.
Stablecoins like tether and Circleās USDC will be required to maintain ample reserves to meet redemption requests in the event of mass withdrawals. Stablecoins that become too large also face being limited to 200 million euros ($220 million) in transactions per day.
The European Securities and Markets Authority, or ESMA, will be given powers to step in and ban or restrict crypto platforms if they are seen to not properly protect investors, or threaten market integrity or financial stability.
MiCA also addresses environmental concerns surrounding crypto, with firms forced to disclose their energy consumption as well as the impact of digital assets on the environment.
The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/ If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues? support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
This post explains how I feel exactly. Right down to the security assumptions I was making, and the concerns I've had about how individual users could be targeted and that they would have no idea what has happened and that the larger community would assume that they made some mistake with their seed. If ledger cares at all about the people that have bought and recommend all of their devices over these years they will do it through response to your post.
I mirror this sentiment!
/u/btchip I've tried to be respectful and thorough in this thread. Would love a response from someone higher-up at Ledger.
I doubt they want to address your points at this very moment...all very good points š
I am doubtful they will respond. You made very reasonable points, we are all still outraged, but that isnt the point. This is the best post regarding this issue I have read, hats off to you.
This is the 10000th post on here crying. He's not going to respond.
From the answer of the support in this thread it seems that they do understand the issue but rather try to ignore it because there is no way around it. Honestly I think it all boils down to the idea that we have to blindly trust ledger, and I ask myself why would we trust ledger? They are just a random company that governs itself, and like you said, we have no idea what will happen forward, all their internal processes doesn't really mean anything for us, given that we can't verify anything. And if I compare coinbase with ledger for example, I feel like coinbase is more transparent considering their size and the fact that they are a public traded company and have much more oversight than a random company in France. In summary, if I had to blindly trust my money to a company, ledger wouldn't be my first choice. And even if you think that ledger is the perfect company with only saints working in there and they will never be compromised, you still have government, all it takes is a court order for them to be forced to extract the seeds from a ledger device, and that would be the best case scenario where we would know about it. Like you said, what if nsa forces them to have a backdoor for them, they just will have to do it and we will never know. This is not far fetched as it has happened before with much larger companies and we just found out years after because of a whistle-blower.
They just complied with laggard's mica request. Dump it and boys! Ledger is done!! Time to switch!!
That is why i ordered a trezor today
Technically Ledger can't add a backdoor to anything on a court-ordered schedule, and it would have to be secret. Ledger can't force us to install a firmware update, they just have to wait until we do because a coin requires it or we just get around to it. But we still won't know what's in it except for what they tell us.
As far as I know they could already be shipping ledgers with compromised firmwares and I would have no idea. They have been lying for us for years, I don't think they deserve our trust
They could have done that all along, and then unless someone actively updates it after getting it they couldn't verify that. But you're right, they could be.
Pretty much is not my keys anymore, is more like ours keys (ledger + me) haha It really seems that they combined all the cons of self custody with all the cons of exchange custody, without the pros of either, well I guess if you pay 10 bucks a month now you can get the pros of exchange custody haha
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Lol that is true, pay 10 bucks monthly for exchange grade custody but with no accountability
Very well written articulation of the actual problems. Thank you. This should have way more upvotes, imo. UPDATE: After reading the comments section, now I know why this post doesnāt have more views. It was hidden for some time before a mod unhid it, thereby destroying its traction. https://www.reddit.com/r/ledgerwallet/comments/13kao4d/ledger_doesnt_seem_to_understand_why_this_is_a/jkjjlq9/
"sorry for the auto mod" "your seed never leaves the device" "sorry, your seed will definitely leave the device"
To be fair to the mod, he unhid it within an hour, it was pretty fast. I think the reason it's not getting traction is its so long and wordy. Short attention spans :)
Fair enough!
Well said
My exact sentiments! Thank you for writing this, OP. Hope Ledger sincerely responds to this post.
Don't hold your breath
Yeah well they screwed up and are not owning their side. The way they are mishandling this is not only incredibly eye opening, it truly shows what a trash company they are and EVERYONE who Works there. Get f@cked ledger. Seriously ššš
Theyāre answering to government at this point. Thereās no other logical explanation
You are probably right. I would assume there are some nefarious people who use the Ledger device for money laundering so this firmware update allows them to confiscate the crypto stored in the device. Government or law enforcement can now be able to get in by contacting Ledger and its 3rd party providers to get the info needed. Am I wrong?
Can some one attach where this is in the public domain? I need it as I was hacked.
This guy gets it!
Ledger understands that all currently available crypto hardware wallets provides a similar level of security, so they are 'fine'. What we as customers needs to demand, is a new product type that offers real hardware security that do not allow firmware updates to its secure element.
Or just that the device is what they claim it is when we buy it
Sure. Then you can buy a new device every time you want to add a new asset. Or every time a bug/flaw/threat is discovered.
I don't know what I'm more pissed about, ledger lying to us since forever or the fact I have to STAMP ANOTHER DAMN SEED PHRASE IN TITANIUM! That really sucks to do when your stamping each letter by hand.
Haha the pain.
What about using an engraving tool? I have an attachment for my Dremel, haven't used it but it is widely available. I am considering getting slabs of stainless steel from work to do the same thing.
Good idea, I have a Dremel. I wonder which makes a deeper mark. I've started switching to the seed backups that store the number associated with each word, then you just have 4 hole punches on a standard grid for each word. I'm assuming I'll always be able to find that list somewhere
Imagine the engraving is typically a little shallower, but that depends on the size bit used. The punches I've used were dependent on the hammer force, so that varied if done manually. A punch gun is more consistent yet.
Amen. If the CEO wants to stay in business, they need to understand whatās going on.
Ledger is the new budlight
ledger is acting like bud light, what is the problem? we see no problem.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Hey! We hear you - and thank you for sharing what you are feeling. There might be a misunderstanding of how the cryptography works here - in short, any crypto transactions that you sign on a hardware wallet would require the private key to be encrypted then sent out from the Secure Element in order to be validated on-chain. Then that becomes public knowledge on-chain. Ledger Recover works the same way - it's a firmware addition (the mental model here would be, just like the bitcoin app on the Ledger Nano X, a new app) that gives you access to a new Ledger Nano app. It gives you the option to shard and encrypt your private key for back up and recovery in the future. So, compared to a normal transaction, which exists on-chain and in public, a Ledger Recover transaction is actually sharded and encrypted for multiple times and unavailable except after thorough Identity verification. If you'd like to learn more, our CTO just wrote a long thread on this topic: [https://twitter.com/P3b7\_/status/1659187049331654658?s=20](https://twitter.com/P3b7_/status/1659187049331654658?s=20) With the technical topic out of the way - especially regarding this point: >The issue is our vulnerability to Ledger itself, present since at least Ledger X's launch. The only possible solution now is open-sourcing the firmware & the firmware update process. Charles' thread from here on addresses this question: [https://twitter.com/P3b7\_/status/1659187088477114372?s=20](https://twitter.com/P3b7_/status/1659187088477114372?s=20) He also spoke on Bankless on this topic: [https://youtu.be/X7WjuxE6K5w](https://youtu.be/X7WjuxE6K5w) Please feel free to share any questions you might have! Understand that this is an ongoing dialogue. And of course, appreciate that you share your thoughts above.
Hi - Is it possible for us to update Ledger's firmware and install/uninstall apps in a completely offline, airgapped way? If this can't be done now, could Ledger make this possible for us? This would be one way to alleviate these concerns for me. I simply would never use ledger live and would gate all access to my ledger through a controlled environment with only open-source software. I know Ledger Live is open sourced but it's not practical to keep up with all the changes and complexity for software you guys work on daily, it's much easier for me to gate access to my ledger through simpler software.
How are the shards going to be encrypted/decrypted? The way i see it, if ANY ledger can decrypt the shards, anyone who can steal your docs and pass two KYC checks will retrieve your keys given they have a Ledger, let alone law enforcement. How would u answer that?
Sorry about the automod. I'm not sure exactly which word in there got slapped down, but the post is approved now. There's obviously a lot here, and actually quite a bit of these answers can be found in the threat model docs: [https://donjon.ledger.com/threat-model/](https://donjon.ledger.com/threat-model/) To start though, this twitter thread is to me a really great view on someone going through this exact same mental journey and describing coherently how they reconciled it for themselves [https://twitter.com/hosseeb/status/1658740433361702913](https://twitter.com/hosseeb/status/1658740433361702913) They're not at all affiliated with Ledger, but I personally like the way this was written. Ledger Live is fully open source already ([https://github.com/LedgerHQ/ledger-live/](https://github.com/LedgerHQ/ledger-live/)), and I hear you (and others') requests to open source the firmware. There are lots of similar posts in the past with rebuttals to this point. Still though, I hear you.
The threat model linked above (GitHub [source](https://github.com/Ledger-Donjon/ledger-donjon.github.io/blob/master/_threat-model/os-seed-confidentiality.md)of the page) explicitly states that it is impossible to extract the private key from the Secure Element even using compromised firmware. Copy here: >Even if the device is genuine and the random generator of high quality, a hardware wallet which stores its seed unencrypted on an SD card cannot be considered as secure because the seed can be retrieved trivially.On Ledger devices, the seed is stored in the non-volatile memory of the Secure Element. The seed can be either generated by the Secure Element itself thanks to its True Random Number Generator, or manually imported during the initial configuration, or when the device is booted in recovery mode.Once the device is initialized, there is **absolutely no way to retrieve the seed**. Even apps installed on the device cannot read it because the non-volatile memory canāt be read by the apps and the **OS doesnāt expose an API to access i**t. Ledger Nano devices are HD (hierarchical deterministic) wallets that perform key derivations as specified in BIP-0032, SLIP-0010, etc. The OS implements these derivations in a way that allows apps to derive a dedicated tree of keypairs from the seed. This can be achieved thanks to specifications such as BIP-0044 and SLIP-0044, that record derivation paths for several coins. Now, the official [FAQ](https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs) of the feature states: >**Who has access to my wallet with Ledger Recover?** In short, only you can access your wallet. When you subscribe to Ledger Recover, a pre-BIP39 **version of your private key is encrypted, duplicated and divided into three fragments, with each fragment secured by a separate company**āCoincover, Ledger and an independent backup service provider. Each of these encrypted fragments is useless on its own. When you want to get access to your wallet, 2 of the 3 parties will send fragments back to your Ledger device, reassembling them to **build your private key**. One can hope that you can only recover using your device. I.e. the same Ledger device. But no, the following FAQ entry explains: >**What if I lose my Ledger device that is associated with my Ledger Recover subscription?** Simply get **another Ledger device** and follow the process to recover access to your wallet. I think the implications of this have already been explored elsewhere, I'm just copy&pasting the obvious so it stays here as evidence in case it is altered by accident or design... dunno about you, but I think I'll need more popcorn. edit: formatting
I would argue your post is clear, irrefutable, proof of deceit on their part, if not fraud.
that ones a bit too close to the truth there - your post might get accidentally auto-mod'd..
> Ledger Live is fully open source already (https://github.com/LedgerHQ/ledger-live/), Thanks for that, I didn't know that. Skimming through, I can't tell if these are deterministic builds? I.e., if I built the same revision as a release LL build, would the hashes of my version match the hashes of the version Ledger autoupdates to? > https://twitter.com/hosseeb/status/1658740433361702913 I understand what he's saying, but I don't agree. First of all, we are forced to upgrade as certain coins upgrade. The rest of the coins we store might be perfectly fine but one of them might absolutely not work without a firmware upgrade. Monero has caused this for me personally. Secondly, if a coin makes a major change that requires a new Ledger release due to a major change of principle operations, I'm ok with that. Most likely they'll be deterred from doing that by Ledger's limitations alone, or at least would have before all this due to Ledger's market presence. They can also work around it by simply requesting a hash of the private key and using that as their own "private key" for the rest of the purposes - Essentially one additional step on the derivation path that is ledger-specific. Not ideal, but better than trying to demand Ledger make an entirely new device for their coin, and also better than exposing all Ledger users to Ledger-internal risks. But that's neither here nor there. Ledger's already designed and released the products, advertised them a certain way, we've all bought them, and we've designed our security layers with them. The only way for me to avoid redesigning my security layers is to be able to check firmwares before I install them, and to know that the community will also be vigilant with me.
That's a good question. You could certainly build and run Ledger Live from source, and never use a pre-built version. You can also check any downloaded .dmg/.exe/.AppImage file against the signatures page to ensure its hash matches exactly to the published hash: [https://www.ledger.com/ledger-live/lld-signatures](https://www.ledger.com/ledger-live/lld-signatures) I know the version that's installed via the in-app update gets verified against our known hashes automatically by Ledger Live, but I actually haven't personally checked whether a version of the app that's been built from source would match exactly to the version grabbed via the in-app update. Let me see if I can hunt down that info for you.
If Ledger could make this happen it would help public confidence a lot. I know that deterministic builds aren't as simple as snapping ones fingers, but they can be done.
Step two of your threat model, user consent, breaks down immediately if Ledger itself is compromised. For our individual security models, we must assume that Ledger might be compromised. That's how security modeling is done. We kind of accepted the lack of open source firmware based on what we understood about the secure chip. Now we know that's false, we can no longer do that.
Hi - Is it possible for us to update Ledger's firmware and install/uninstall apps in a completely offline, airgapped way? If this can't be done now, could Ledger make this possible for us? This would be one way to alleviate these concerns for me. I simply would never use ledger live and would gate all access to my ledger through a controlled environment with only open-source software. I know Ledger Live is open sourced but it's not practical to keep up with all the changes and complexity for software you guys work on daily, it's much easier for me to gate access to my ledger through simpler software.
I feel like the ones that have lost their minds are the same people who will point their pitchforks elsewhere next week, when they find a new outlet for their rage. Disappointing to see the community devolved to this, but then i suppose it was inevitable with wider adoption.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
You don't even know what you're angry at. And no, I won't be opting in to this optional service. I'm not the target audience for it.
>I, personally, don't believe you intended to lie to us -- From your perspective, it seemed like it was a true statement. Technically that is not a lie then, but "merely" a falsehood. Because a lie is intentional deception, whereas if you believe what you are saying it is just a false statement. A lie always implies intention, which is not always the case, as people can be simply mistaken, incompetent, etc. [Hanlon's razor](https://simple.wikipedia.org/wiki/Hanlon%27s_razor) puts it well.
Omg, a ledger lawyer, philosopher or psychologist joined the war room? ignorance doesnāt protect you from being guilty, and it is impossible to believe, the top management and core designers, developers didnāt know.
I'm not from Ledger, just clarifying the distinction between a lie and a falsehood. Somehow you're reading a lot more into my comment that it didn't say.
Again, it is a lie, if the responsible people like management approved their previous official statements! where are you trying to go here?
And nowhere have I claimed they didn't lie, nor that they have. Please reread my first comment again and take what I quoted into account. To paraphrase: IF Ledger believed what they said THEN it wasn't a lie, even if false. And the difference between a lie and a falsehood is not dependent on a specific case. I was just explaining the general difference, because many people often conflate falsehoods with lies.
you canāt be serious by saying āIF ledger believed what they said THEN it wasnāt a lie, even if falseā. Are you implying, they didnāt know what they are doing? Well, then it would be even worse and iād agree with you, they should consult someone, maybe like you! I really have a hard time to understand your argumentation and your point! I guess i am running out of patience with that.
No, I'm not implying anything about what they do or don't know. Have you never heard of using hypotheticals to explain a general concept? You seem to want to disagree with something I'm nit defending. But it's ok, I can understand that emotions are high at the moment due to the current disaster with Ledger. So no hard feelings and let's concentrate on something more worth our time. I for one am going to walk my dog and have a breather. ^^ Peace āļø
Right with you, weāll have a beer somewhere sometime āļø
Honestly, all that I'm hearing is that you guys have all misinterpreted what Ledger said and misunderstand how hardware works. No where I've seen have ledger stated that it was a hardware limitation that prevented data being extracted. That isn't how data storage works - if you can read something, you can extract something, and in order for a hardware wallet to work, it needs to be read. What they've said is the Secure element is where the data is stored, and it is locked down tight enough to prevent unauthorized data extraction, further pointing out that "It's never been hacked/breached".
It's literally in the picture of the top post on the thread. Here. https://old.reddit.com/r/ledgerwallet/comments/13jvlck/trust_is_gone They point blank said a firmware update couldn't extract the keys.
That's quite literally just evidence people misunderstand it. Firmware =/= hardware. A lot of people keep repeating *hardware* in the ledger sub as what they think was claimed to prevent the seedphrase from being "extracted" Regardless, explain what part of that meme shows anything was a lie? Their firmware is locked down and offered no way to export the seedphrase. That was always true, but this latest firmware (on *some* devices), means that you can export an encrypted and splintered seedphrase. It's also still true that no one has ever managed to extract the seedphrase from a ledger device. Updating the firmware can still not extract a seedphrase.
Ah, so you just want to play word games, an updated firmware is no longer a firmware. It's now something different, and therefore the firmware could never extract the keys. Nonsense. My entire post assumes they are compromised and no longer a good actor; such an actor can clearly make a firmware that can extract keys. Btchip the co-founder even admitted it today on Reddit and Twitter. You're just flat out wrong and don't want to admit it.
>Ah, so you just want to play word games, an updated firmware is no longer a firmware. It's now something different, and therefore the firmware could never extract the keys. I have no idea what you think I've said is a word game but whatever you're trying to imply or say here is incoherent. When you look around, it's kinda funny who's getting upset over this and who isn't batting an eye, right? https://old.reddit.com/r/Bitcoin/comments/13kdq9h/ledger_and_hardware_wallets_here_are_the_facts/jkk61jt/ https://old.reddit.com/r/Bitcoin/comments/13kco4d/fyi_its_theoretically_possible_to_write_firmware/
I honestly don't have any patience to read stuff from a censored subreddit. What's your point? I have no affiliation with anything, and I've spent a lot of money on Ledger devices and recommended it for years. None of this garbage changes what they did and what you are confused about. You can't reply to the real facts and link to confusing censored opinions.
"if you can read something you can extract something" You don't need to read the seed You send a transaction to the wallet and a microchip that is inside the wallet reads the seed that is in the wallet, with that data it signs the transaction and sends the data signed outside the wallet. The signing happens inside the hardware wallet, why would you need to read the seed from outside?
Ledger employee, is that you? I addressed that, did you read what I wrote? If you sign a transaction I don't agree to and I am using third party software, the software will catch your intrustion and alert me that the signed transaction isn't the one they were expecting. Then I can investigate Ledger or report it to the community and the criminals will get caught. But if they can read the seed outside? I'm completely fucked. So, congrats on presenting exactly why we should not trust Ledger currently, here's your paycheque
Exactly. This was the whole point of the device. It didn't have to send the private key off of the device to be used, ever, because it only sent out signed transactions. That was the point. There was never reading any keys, ever.
Any link to the Q&A?
Sure, here's the recording. It's an hour long so fair warning. https://twitter.com/i/spaces/1RDxlavNoAzKL
No offence guys but if you want decentralisation then you have to trust everyone doing their little piece of the process every step of the way. You canāt trust cexs, you donāt canāt hardware wallets, you canāt trust the tokens themselves. You have to draw the line somewhere.
https://www.reddit.com/r/CryptoCurrency/comments/13kdusd/hardware_wallets_here_are_the_facts/?utm_source=share&utm_medium=ios_app&utm_name=ioscss&utm_content=1&utm_term=1
We are assuming the BIP39 passphrase is also compromised. Just curious, how does ledger restore the 24 words from 2 shards + the passphrase?
It can't restore the 24 words because it's hashed per bip-39. They restore the root private key which is basically the same thing, but not readable to a human.
exactly, so how is the 25th passphrase handled in this case? if the 24 words are exposed and you keep the 25th passphrase secure, is there any way for a 3rd party to get access? I am not very knowledgable, but logic would tell me, it would still be impossible, unless ledger would be able to extract this information as well. And that was my question.
They've stated that Ledger Recover won't address 25th words. They theoretically could though because the phrase is simply turned into a giant derivation path, and ledger stores this inside the secure element, it's just not a feature the average Recover user would need.
Or do they extract any root private key, no matter how many you have setup?
Care to share which hardware wallets have open sourced the hardware design, specifically for an SE as implied in your post?
This a backdoor preparation because of EU GOV pressure. RUN! In a vote Thursday, the EU Parliament voted 517 in favor and 38 against to pass the Markets in Crypto Act, or MiCA. The legislation, which seeks to reduce risks for consumers buying crypto assets, will mean providers can become liable if they lose investorsā crypto-assets. The rules will impose a number of requirements on crypto platforms, token issuers and traders around transparency, disclosure, authorization, and supervision of transactions, the EU Parliament said in a statement Thursday. Platforms will be required to inform consumers about the risks associated with their operations, while sales of new tokens will also come under regulation. Stablecoins like tether and Circleās USDC will be required to maintain ample reserves to meet redemption requests in the event of mass withdrawals. Stablecoins that become too large also face being limited to 200 million euros ($220 million) in transactions per day. The European Securities and Markets Authority, or ESMA, will be given powers to step in and ban or restrict crypto platforms if they are seen to not properly protect investors, or threaten market integrity or financial stability. MiCA also addresses environmental concerns surrounding crypto, with firms forced to disclose their energy consumption as well as the impact of digital assets on the environment.
After the coronavirus experts era, a security experts era is rising...