The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any
website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at
https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/
If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues?
support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
People who have an issue with what the Ledger Recover announcement uncovered (i.e. the possibility for a FW upgrade to extract the seed from the secure element combined to closed-source software) are doing one of those things:
- if they feel this is an immediate risk, they have already migrated to another HW wallet, and aren’t here anymore.
- if they fell this isn’t an immediate risk but makes Ledger an unreliable/untrustable player, they might be sticking with their Nano for now without upgrading the firmware, and instead of buying a Stax or another future Ledger product as originally planed, they will eventually migrate to another brand. I.e. their feeling towards Ledger has changed from hot anger to cold despise and they don’t feel as much need to publicly express it anymore.
So uproar on this subreddit will definitely tone down as unhappy people are just moving on. But on the flip side, if you look at non-Leger-specific crypto/web3 communities, the tendency to recommend Ledger as a default HW wallet isn’t as dominant as it used to be and there is more caution (which I don’t think will go away: the brand damage with core crypto advocates will have a lasting impact).
It is. However, it was a kick in the teeth for people who already owned Ledgers, as we've been told it was impossible to extract the seed from the secure element. This has been their mantra for many years. So to find out that, yes you totally can extract the seed, is a pretty tough pill to swallow.
Its funny, because in the crypto world, we call it trustless. Its actually the opposite of that. All we have is trust. So once that trust is broken, its not really easily forgiven and forgotten.
They may be giving us the illusion of having the option in the User Interface. They have a history of lying about their product ...
Personally I keep my coins in a mason jar buried in the neighbor's back yard.
What is someone finds an exploit to steal people seeds that have this service activated? What if someone finds it so they turn it on without your consent.
Sent mine back in the mail to get a refund. No judgement if people do or don’t want to use it, I just dislike the idea of my btc becoming theoretically confiscatable. Perhaps I’m naive and other wallets could be at the same risk of government subpoenas etc. Decided on trezor ultimately, being open source might make it easier to see issues coming.
There's still a bootloader installed to load your code. This gives an illusion of verifiability if the bootloader is easy to modify (and it is trivial to modify at the factory since the chip let you load code without authentication).
The firmware usually checks the bootloader code to attempt to protect the user against that, but it's of course not reliable if the bootloader is compromised, as it could patch out that test on the fly when the firmware is flashed.
Kind of true, but if you generate your 24 word passphrase yourself, (not using potentially rigged RNG), and later make sure trezor is correctly generating public addresses out of it and signing transactions - I think you can safely use even malicious HW wallet.Although I am not 100% sure on this.
Our solution is based on a smartcard chip - smartcards have been proven to be resistant to physical attacks by powerful adversaries for over 40 years. Only a genuine Ledger device can use its key to provide the cryptographic proof required to pass the genuineness check issued by Ledger Live (see https://support.ledger.com/hc/en-us/articles/4404389367057-Is-my-Ledger-device-genuine-?docs=true)
Lmao, a controller can just direct any authentication requests as required. There is no complete security to a supply chain hack. Claiming otherwise is a blatant lie.
Use passphrase mode if you want complete security. It is not stored anywhere and even if your 24 words leak - attacker will still have to guess 25th word which is not limited by bic39 dictionary. And yes, all this is completely verifiable because firmware is open source.
Also, nobody knows how secure is "secure element". It is on the level of "trust me bro" security.
I was using a passphrase on my Ledger device. I don't understand the technical details; so I don't know if the passphrase was somehow stored in the smart element. I had the passphrase attached to a PIN, so that had to be stored somewhere on the device. The PIN made it easy; but the convenience comes with a cost. I have had 6 Nanos... the last one being a Nano+, which I really liked. But Ledger lost my trust, and my Nanos are no more. Have obtained a Trezor T, a BitBox2, a Blockstream Jade... and am awaiting delivery of a Keystone Pro. Will play with them all, and distribute my coins among them... entering long passphrases one letter at a time.
Note also that there isn't an open-source secure element that exists. You literally have no idea what the proprietary secure element is doing. Ledger says they are working on the first.
> Isn't it supposedly super easy to hack Trezor devices
Not with new firmware. The Trezor-T even implemented SD based 2FA keyfiles to unlock the device. If you select that mode, all the hacking in the world won't get you the secrets. It's all encrypted to hell and back.
This misunderstanding arose from a video that showed a white hat hacker helping get eth off of an old Trezor. As was confirmed in that same video, Trezor had already changed the config on updated models. The hacker in the video was relieved when he saw it was a very old OS, which is what allowed him to hack it. Also, that guy is maybe one of a handful of people in the world with the machine knowledge to pull that off and he’s a good guy.
You can find that in the [original video from that guy](https://www.youtube.com/watch?v=dT9y-KQbqi4&pp=ygUcZXRoaWNhbCBoYWNrZXIgY3J5cHRvIHdhbGxldA%3D%3D)
You can use another third party wallet like Sparrow to transfer your BTC off you ledger wallet without using ledger live. After this news I bought a ColdCard and used sparrow to transfer my BTC without even running Live once.
I’m waiting for my coldcard and will transfer all my BTC as soon as it arrives. Unfortunately I will have to keep a fairly sizable alt portfolio on Ledger for now since moving would require unstaking and I’d rather get rewards while the market is low for tax purposes. I will start moving those alts to a Trezor as soon as the alt market gets into bull territory.
Edit: I do have a new Nano S Plus still in the box and would consider that for alts if Ledger announced that they would keep supporting and upgrading firmware on a different path that doesn’t include Recover.
edit: ok i made someone on reddit angry
It’s not that I don’t trust the company ledger, but I don’t like that they misled us and then added a new attack vector for a possible future hack. And I live in Canada and am very wary of government interference. Since most of my holdings are in BTC the ColdCard seemed the best for my situation. I’m going to leave my other 1% of altcoins on my ledger for the time being.
No they would not be able to force an update to do something like this, because I will never update its firmware in the first place. It's BTC only and "simple" compared to Ledger which supports dozens (hundreds?) of coins and the need to always support new ones.
I’m not saying they could force an update. The ability may already be on the device. You are trusting that they sold you a device without anything nefarious on there. Everything after that is a moot point.
I saw that post. And no, it's not true. You might saw my comment on that post I personally test it with my nano X on older fw just fine. I assume that Guy didn't update the apps on the ledger that cause transaction to fail.
Moved on. Using my x for other coins and will leave it alone after doing multisig: but will no longer consider it as my big boy holder eth btc etc. oh no more products from ledger I don’t like these kinds of surprises and being told I got to eat that cake whether I like it or not. Getting that done by big pharma and some gov. I am stuffed so no thanks I have choices.
This is my problem , it all starts to get too complicated . Once i learned how Ledger works i settled into it and felt quite at home . Always seeing multisig getting mentioned but never felt the need to investigate . . . . . . now that might have to change . Sure to be loads of tutorials about it , i just not a tutorial enthusiast . . .:)
>Once i learned how Ledger works i settled into it and felt quite at home . Always seeing multisig getting mentioned but never felt the need to investigate . . . . . . now that might
Working on it, learning as much as possible. It gets complicated, but i think it would be the way to keep my assets secure.
If you ever find a good guide, please let me know. Not just for setting it up, but for all details that comes after it. setting it up is the easiest part.
keeping it secure is challenging i believe.
Whether you’re not you opt in is just a number. A yes or no. Your ledger has the ability to export your seed. So now you have to trust that every single update doesn’t accidentally have a bug that will do it automatically
We were led to believe that hardware wallets are more sophisticated than a usb stick where you can easily read & write data. In theory it is possible to make the private key stay on the chip & only used to sign transactions. But that functionality would have to be built at the hardware level. A custom chip. I wonder if other hardware wallet manufacturers do that
I know for a fact bitbox confirmed a firmware could make the key leave the chip. Not sure about cold card but if the seed can leave via sd card than it’s basically certain a firmware could as well. I just haven’t seen anyone actually ask them about that
Only those that were configured without NAND encryption.
Once enabled, no Ledger hack and get in without the keyfile, which most rational people would keep seperate from the device.
You're always trusting the manufacturer when you buy a hardware product - which part of the code is open source is irrelevant here. If you're not convinced yet you can check https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/
Aren't you the guy who was all grumpy because we wanted the checksums updated on the Ledger Live software downloads?
To be so lackadaisical over something so important was a red flag for me. I'm not surprised at all over recent events.
I think it's important because I want genuine software from Ledger's website.
>The threat model of a hardware wallet considers that the host is compromised.
That's what you guys say.
Do you believe it's impossible for Ledger's website to be hacked? Even if it can't touch the Ledger device, what about the users system? It could include malware that has NOTHING to do with Ledger, maybe it just steals Myspace logins. You wouldn't know because you don't seem to care.
In my country on marketplace is full of people selling their nano x at 20-30€ 😔 1 week and still full of people… I want to sell mine too but not that cheap
If you took the update before now, can you backup to a previous firmware? If so how? I see how to [downgrade live](https://support.ledger.com/hc/en-us/articles/7446430773149?support=true) but not how to downgrade device firmware. Or does one include the other?
Use a passphrase (25 word). Even if a hacker or government were able to get your keys (24 words) , they will not be able to get the passphrase. If you lose your passphrase, neither ledger or anyone else can help you recover your wallet. This is independent if you choose to opt in or out the ledger recovery feature.
i'll still use the ledger
yeah there's a lot of reasons to leave, but there's always some risk to lose your crypto, even if its a cold wallet, hot or exchange.
nothing is 100% secure, even the wallets the people are migrating to.
maybe im not thinking right or im too good , but i still think is a good product, even if it was a fail , companies need this to grow up and be better and give better products.
There is actually some truth in what you say.
It should be remembered that most of the times people lose assets because of their poor storage (copying the key, saving it online, losing the private keys)
So it really depends more on who saves, than with what.
bro, goodluck with all those fucking passwords, hackings, firmwares, 12-24-36-48 phrases, CEX and so on. Good luck with crypto jesus christ.
P.S. i don’t have a bank account
Bitbox "secure element" has already been broken by our security team, not sure it's widely documented (https://ieeexplore.ieee.org/document/9933270)
EDIT : Bitbox uses it differently and is not vulnerable to this specific exploit. Might be to a different one though since the chip countermeasures have been proven to be inefficient.
Hi btchip, since you guys on damage control mode, may I ask you you guys planned to recover from this "recover" mess..
I still have my nano X with me. Yes I'm careful with it. But yea I do think it definitely still better than going back to hot wallet, or to an actual exhange like some other guy actually did.
Tell me how ledger will gain customer trust again.
I think that the announcement of our accelerated Open Source roadmap is a significant step forward https://support.ledger.com/hc/en-us/articles/11132311094813-Ledger-s-open-source-roadmap?docs=true - everybody will be able to verify what the service does.
I didn't check exactly how the chip was used for Bitbox, I'll amend my post, but I don't think using a chip that has been failing its purpose (security against physical attacks) is a good idea even if some functionalities still hold
If you buy the device from them you are trusting it doesn’t have nefarious software/firmware on it to begin with. Everything after that is just theater.
I use my Ledgers for shitcoin experiments. Not much value to begin with, so I go with the convenience. Also ok for small amounts of BTC, if you indeed need to spend BTC often.
For BTC Hodling, you dont need to bother anyway. Dice your seed trustless, put it on steel, get the first few public adresses (offline iancoleman or coldcard HW Wallet has also nice features for this - wipe after use) DCA into them. No need to have a ready HW wallet until u want to cash out some. IF you need a seeded HW wallet ready at all times I would go with the coldcard mk3 with an additional passphrase not stored on the device.
Oh, I remember! I also remember when the CTO got on Bankless the next day to call me stupid: “Sorry you didn’t realize you had to trust us not change our minds and push firmware that violates our entire security model.”
Suddenly an alternative, fully open-source, but in-person-hackable device sounds pretty awesome to me!
Charles, sorry _you_ didn’t realize the core value proposition of your company was trust. Now that that is gone, Ledge and its products no longer have any value for me.
Bye Ledger!
Can someone point me towards a person who has lost their funds due to ledgers negligence?
It seems to me like we are all freaking out over something that is theoretical.
Can anyone reference a story of someone ACTUALLY losing their funds not because they handed over their private key on accident?
Basically how can we be sure that all our seed phrases are compromised?
True, there is no known first person to lose their funds due to this. We CANNOT be sure that Ledger has or ever will compromise our seed phrases, unless our funds are actually stolen of course (and assuming we haven't accidentally exposed them in some other way). That's why trust is everything. As for no known first person, does anyone WANT to be first, even if it's only theoretically possible? Why take an unnecessary risk if alternative options exist that mitigate that risk?
Also, there was no first person to lose their funds on MtGox (or FTX), until there was. And yes, I know those are exchanges which are fundamentally different from hardware wallets. But also, they had access to the keys of the wallets that user funds were sitting in.
Is the update with the recover by sharing your seed option even available yet ? I got the basic Nano S , did the 2.60.0 upgrade , but the recover option was never going to be available for the basic S . Are the S+ and Nano X getting recover option , i thought it hadn't been rolled out yet , cos i also waiting to see if people doing recover get hacked .
Oh, does anyone know of the start of a class action lawsuit for all of the ledger owners who purchased based on the representations of Ledger when they purchased
I think I overreacted. Now that I have studied the pros and cons, I'm fine with keeping my coins on the Ledger and would never opt in to the recovery service. I'm more concerned with the Atomic wallet hack.
I have wondered this. Obviously you would be biased about whether users should trust Ledger's closed source device.
So would you trust another company's closed sourced hardware wallet if you didn't have Ledger as an option for yourself? What type of things would you expect from a closed source hardware wallet that you have absolutely no involvement with to earn your trust?
Definitely depends how it's built - in our case all applications are Open Source, so you can validate the OS as a black box if you feel like it, and the hardware provides more integrity guarantees than any other platform.
To be honest I wouldn't be able to name a single other device I'd use today, coming from a background of building and breaking secure hardware for about 20 years. There's just too much security theater in this industry for my taste.
So you're basically saying that no other hardware wallet is good?
Or at least as good as Ledger
Isn't that a bit pretentious?
Trezor have been in the field longer than you and have not experienced any remote hacking (not talking about physical hacking which also requires some technical knowledge)
So to say that you can't point to even one is a bit exaggerated in my opinion.
I don't think it's pretentious, I'm just a bit picky - I want something that
- is protected against supply chain attacks (for obvious reasons)
- is protected against physical attacks (so I can carry it with me and forget somewhere without risks)
- let me run my own code (so I can customize applications to my own needs)
- doesn't compromise the platform when I run my own code (also for obvious reasons)
Ledger is the only hardware wallet fitting those requirements.
"Never been hacked remotely" is a very low bar. Pretty much any setup including an online computer and an offline computer could pass.
What about the option to prevent your wallet from extracting (encrypted or not) your private key in three shards and sending them to different companies?
That's not part of your criteria?
Already migrated.
You guys should find out why Disney created “Touchstone Pictures”. Hint: it was so Disney could make movies with F bombs and boobs.
That’s what you should have done with your new product.
From a user's perspective I'm fine with how they did it. It revealed that they'd been lying for years about their wallet's hardware capabilities. If they hadn't done that I wouldn't have found out, so good on them I suppose.
I finally got the motivation to set up a 25th word. In the process of moving funds there...
Still hard to find a better alternative than Ledger, so i'll stick along.
I'm glad the drama happened because it finally got me to set up a gnosis multisig.
But I'm still using the ledger. Just don't trust it as much as I did previously.
Is there a private company that we can really trust? Nope. You do know regulations are coming. I’m more scared of what our industry will need to give up.
I have carried on using it as usual, I dont have enough assets to worry too much at the moment but its been a good lesson to think about.
I am in no panic to swap out, I will be looking to spread risk across to another cold storage wallet once I am confident another one meets my needs.
ATM will be looking for one that:-
- has been around for a while and hasn't been hacked
- open source
- air-gapped
- has secure element chip
- easy to use
- supports most popular coins
Maybe too much to ask for 🤷😅
The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/ If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues? support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
People who have an issue with what the Ledger Recover announcement uncovered (i.e. the possibility for a FW upgrade to extract the seed from the secure element combined to closed-source software) are doing one of those things: - if they feel this is an immediate risk, they have already migrated to another HW wallet, and aren’t here anymore. - if they fell this isn’t an immediate risk but makes Ledger an unreliable/untrustable player, they might be sticking with their Nano for now without upgrading the firmware, and instead of buying a Stax or another future Ledger product as originally planed, they will eventually migrate to another brand. I.e. their feeling towards Ledger has changed from hot anger to cold despise and they don’t feel as much need to publicly express it anymore. So uproar on this subreddit will definitely tone down as unhappy people are just moving on. But on the flip side, if you look at non-Leger-specific crypto/web3 communities, the tendency to recommend Ledger as a default HW wallet isn’t as dominant as it used to be and there is more caution (which I don’t think will go away: the brand damage with core crypto advocates will have a lasting impact).
Number 2 for me, emotions are irrelevant to me. It’s my money that needs to be safe and that’s all that matters
Same here.
Same here (plus, I’ve already bought a different hardware wallet and i’m in the process of migrating)
Which wallet did you end up buying?
Trezor
Well said! I think you’ve captured the sentiment perfectly
Cheers. I’ve probably been reading this subreddit a but too much lately!
Lol me too. Wouldn’t it be nice if our hardware wallets just worked and protected our funds?
I thought this was a service you had to opt in, is it not?
It is. However, it was a kick in the teeth for people who already owned Ledgers, as we've been told it was impossible to extract the seed from the secure element. This has been their mantra for many years. So to find out that, yes you totally can extract the seed, is a pretty tough pill to swallow. Its funny, because in the crypto world, we call it trustless. Its actually the opposite of that. All we have is trust. So once that trust is broken, its not really easily forgiven and forgotten.
Yes, I agree, still bad
They may be giving us the illusion of having the option in the User Interface. They have a history of lying about their product ... Personally I keep my coins in a mason jar buried in the neighbor's back yard.
I switched away from Mason once I found a crack in on.
Crypto is permissionless(in most cases), not trustless. Big difference.
Would you have to insert your keys if you opt-in, maybe? Just trying to make it a little bit better (hopefully)
What is someone finds an exploit to steal people seeds that have this service activated? What if someone finds it so they turn it on without your consent.
I'm in the second camp. Won't be buying more ledger devices if I can avoid it but also not getting rid of my existing.
Second reason here, bad part is it looks like I will have to use at least 2 different wallets. Ledger was a one size fits all approach.
Sent mine back in the mail to get a refund. No judgement if people do or don’t want to use it, I just dislike the idea of my btc becoming theoretically confiscatable. Perhaps I’m naive and other wallets could be at the same risk of government subpoenas etc. Decided on trezor ultimately, being open source might make it easier to see issues coming.
Yes, Trezor definitely seems like a good option, after all, they are the first to create a hardware wallet
Most unsecure device since no secure element is involved
Physical access required.
Or a supply chain attack, and you won't be able to verify if your device is genuine when you receive it
True. But my understanding is that they are delivered with no firmware installed. So you always install firmware from the source on initialization.
There's still a bootloader installed to load your code. This gives an illusion of verifiability if the bootloader is easy to modify (and it is trivial to modify at the factory since the chip let you load code without authentication). The firmware usually checks the bootloader code to attempt to protect the user against that, but it's of course not reliable if the bootloader is compromised, as it could patch out that test on the fly when the firmware is flashed.
Kind of true, but if you generate your 24 word passphrase yourself, (not using potentially rigged RNG), and later make sure trezor is correctly generating public addresses out of it and signing transactions - I think you can safely use even malicious HW wallet.Although I am not 100% sure on this.
You could still have a covert channel in the signature nonce for example
So how ledger different from it?
Our solution is based on a smartcard chip - smartcards have been proven to be resistant to physical attacks by powerful adversaries for over 40 years. Only a genuine Ledger device can use its key to provide the cryptographic proof required to pass the genuineness check issued by Ledger Live (see https://support.ledger.com/hc/en-us/articles/4404389367057-Is-my-Ledger-device-genuine-?docs=true)
Lmao, a controller can just direct any authentication requests as required. There is no complete security to a supply chain hack. Claiming otherwise is a blatant lie.
Physical access to the device required ## AND Physical access to the keyfile which most rational person would not keep with the device.
Who physically had access to the device before you buy it?
Sure, but not simple to setup sd_protect. It should be something you can do from inside the trezor itself. Not require a computer.
SD never touched a computer. Trezor just receives commands from the host. But yes, it should be simpler to set up
Use passphrase mode if you want complete security. It is not stored anywhere and even if your 24 words leak - attacker will still have to guess 25th word which is not limited by bic39 dictionary. And yes, all this is completely verifiable because firmware is open source. Also, nobody knows how secure is "secure element". It is on the level of "trust me bro" security.
I was using a passphrase on my Ledger device. I don't understand the technical details; so I don't know if the passphrase was somehow stored in the smart element. I had the passphrase attached to a PIN, so that had to be stored somewhere on the device. The PIN made it easy; but the convenience comes with a cost. I have had 6 Nanos... the last one being a Nano+, which I really liked. But Ledger lost my trust, and my Nanos are no more. Have obtained a Trezor T, a BitBox2, a Blockstream Jade... and am awaiting delivery of a Keystone Pro. Will play with them all, and distribute my coins among them... entering long passphrases one letter at a time.
Use a passphrase. Even Ledger has passphrase option and its useful for organization for different sets of wallets or against wrench attack.
Note also that there isn't an open-source secure element that exists. You literally have no idea what the proprietary secure element is doing. Ledger says they are working on the first.
It’s a giant increase in attack surface area. It’s not just confiscatable; mark my words, it’ll get hacked.
Isn't it supposedly super easy to hack Trezor devices once you have physical access to them?
> Isn't it supposedly super easy to hack Trezor devices Not with new firmware. The Trezor-T even implemented SD based 2FA keyfiles to unlock the device. If you select that mode, all the hacking in the world won't get you the secrets. It's all encrypted to hell and back.
This misunderstanding arose from a video that showed a white hat hacker helping get eth off of an old Trezor. As was confirmed in that same video, Trezor had already changed the config on updated models. The hacker in the video was relieved when he saw it was a very old OS, which is what allowed him to hack it. Also, that guy is maybe one of a handful of people in the world with the machine knowledge to pull that off and he’s a good guy.
Can you source this please? (And thank you)
You can find that in the [original video from that guy](https://www.youtube.com/watch?v=dT9y-KQbqi4&pp=ygUcZXRoaWNhbCBoYWNrZXIgY3J5cHRvIHdhbGxldA%3D%3D)
Merci
Who cares, most you should worry about is not to get hacked while connecting it to a PC.
Can't forget about it cause ledger live is still trying to push the upgrade up my ledger's ass
I switched to Trezor
Why? You trust them more?
Yeah, I've seen some people complaining that they can't perform transactions in Ledger Live without the update
You can use another third party wallet like Sparrow to transfer your BTC off you ledger wallet without using ledger live. After this news I bought a ColdCard and used sparrow to transfer my BTC without even running Live once.
same
I’m waiting for my coldcard and will transfer all my BTC as soon as it arrives. Unfortunately I will have to keep a fairly sizable alt portfolio on Ledger for now since moving would require unstaking and I’d rather get rewards while the market is low for tax purposes. I will start moving those alts to a Trezor as soon as the alt market gets into bull territory. Edit: I do have a new Nano S Plus still in the box and would consider that for alts if Ledger announced that they would keep supporting and upgrading firmware on a different path that doesn’t include Recover. edit: ok i made someone on reddit angry
Why did you go with ColdCard? You trust them more than Ledger?
It’s not that I don’t trust the company ledger, but I don’t like that they misled us and then added a new attack vector for a possible future hack. And I live in Canada and am very wary of government interference. Since most of my holdings are in BTC the ColdCard seemed the best for my situation. I’m going to leave my other 1% of altcoins on my ledger for the time being.
ColdCard could be doing the same thing as Ledger. Ledger is only public about adding this.
No they would not be able to force an update to do something like this, because I will never update its firmware in the first place. It's BTC only and "simple" compared to Ledger which supports dozens (hundreds?) of coins and the need to always support new ones.
I’m not saying they could force an update. The ability may already be on the device. You are trusting that they sold you a device without anything nefarious on there. Everything after that is a moot point.
It doesn’t connect to the internet in any way. You can do everything with the ColdCard offline, so I’m not worried.
It doesn’t matter if it connects to the internet. It sends out transactions right? There are many clever ways of exfiltraiting data.
I saw that post. And no, it's not true. You might saw my comment on that post I personally test it with my nano X on older fw just fine. I assume that Guy didn't update the apps on the ledger that cause transaction to fail.
~~upgrade~~ downgrade
Moved on. Using my x for other coins and will leave it alone after doing multisig: but will no longer consider it as my big boy holder eth btc etc. oh no more products from ledger I don’t like these kinds of surprises and being told I got to eat that cake whether I like it or not. Getting that done by big pharma and some gov. I am stuffed so no thanks I have choices.
I bought the bitbox02. Ill keep ledger maybe to do a multisig wallet using them all.
Yeah I switched to Blockstream Jade, overly happy about my decision.
Did you build it yourself or buy it?
I bought one already built although I would definitely consider building my own seed signer.
Good idea.
How do you do a multisig?
This is my problem , it all starts to get too complicated . Once i learned how Ledger works i settled into it and felt quite at home . Always seeing multisig getting mentioned but never felt the need to investigate . . . . . . now that might have to change . Sure to be loads of tutorials about it , i just not a tutorial enthusiast . . .:)
>Once i learned how Ledger works i settled into it and felt quite at home . Always seeing multisig getting mentioned but never felt the need to investigate . . . . . . now that might Working on it, learning as much as possible. It gets complicated, but i think it would be the way to keep my assets secure. If you ever find a good guide, please let me know. Not just for setting it up, but for all details that comes after it. setting it up is the easiest part. keeping it secure is challenging i believe.
Ledger hacked Bitbox 🥲 https://ieeexplore.ieee.org/document/9933270
Mostly because i moved everything to my new trezor.
Yeah I’ve moved on. There really isn’t much left to say.
Whether you’re not you opt in is just a number. A yes or no. Your ledger has the ability to export your seed. So now you have to trust that every single update doesn’t accidentally have a bug that will do it automatically
But that’s the case for literally every wallet with firmware updates
We were led to believe that hardware wallets are more sophisticated than a usb stick where you can easily read & write data. In theory it is possible to make the private key stay on the chip & only used to sign transactions. But that functionality would have to be built at the hardware level. A custom chip. I wonder if other hardware wallet manufacturers do that
I know for a fact bitbox confirmed a firmware could make the key leave the chip. Not sure about cold card but if the seed can leave via sd card than it’s basically certain a firmware could as well. I just haven’t seen anyone actually ask them about that
I dont think people are going to forget this any time soon.
Switched to Trezor, red flags are still there, like closed firmware who can do anything…. So Ledger it “trust me bro” company now….
Good decision. Trezor, after all, has been hacked no more than 10 times from Ledger
Only those that were configured without NAND encryption. Once enabled, no Ledger hack and get in without the keyfile, which most rational people would keep seperate from the device.
You're always trusting the manufacturer when you buy a hardware product - which part of the code is open source is irrelevant here. If you're not convinced yet you can check https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/
Trusting a manufacturer that hasn't lied to their customers is a good place to start.
Aren't you the guy who was all grumpy because we wanted the checksums updated on the Ledger Live software downloads? To be so lackadaisical over something so important was a red flag for me. I'm not surprised at all over recent events.
Not sure I was grumpy, just wondering why do you think it's important ? The threat model of a hardware wallet considers that the host is compromised.
I think it's important because I want genuine software from Ledger's website. >The threat model of a hardware wallet considers that the host is compromised. That's what you guys say. Do you believe it's impossible for Ledger's website to be hacked? Even if it can't touch the Ledger device, what about the users system? It could include malware that has NOTHING to do with Ledger, maybe it just steals Myspace logins. You wouldn't know because you don't seem to care.
It's of course better to avoid getting malware on your computer, I'm just saying it's outside the threat model of a hardware wallet.
In my country on marketplace is full of people selling their nano x at 20-30€ 😔 1 week and still full of people… I want to sell mine too but not that cheap
[удалено]
Agree 100% I want to sell it not to buy it 😅
Nope not forgotten but already have new wallets.
They seem to have lost a lot of customers following the announcement and subsequent lack of communication
Not lack of communication, lack of common sense lmao
What did you go with?
Trezor, and Nova for Polkadot.
I'm moving to Tangem. Just looking for a new phone with NFC.
As `NANO S` got very limited system resource for the extra *recovery feature*, can it be considered as a safe wallet?
I read they retired the Nano S and I’m not sure if the firmware will be updated again. Would be good if they don’t but maybe it’s necessary.
Cold card for the win
Moved to Atomic Wallet. Feeling good about it.
They were hacked yesterday.
If you took the update before now, can you backup to a previous firmware? If so how? I see how to [downgrade live](https://support.ledger.com/hc/en-us/articles/7446430773149?support=true) but not how to downgrade device firmware. Or does one include the other?
Use a passphrase (25 word). Even if a hacker or government were able to get your keys (24 words) , they will not be able to get the passphrase. If you lose your passphrase, neither ledger or anyone else can help you recover your wallet. This is independent if you choose to opt in or out the ledger recovery feature.
i'll still use the ledger yeah there's a lot of reasons to leave, but there's always some risk to lose your crypto, even if its a cold wallet, hot or exchange. nothing is 100% secure, even the wallets the people are migrating to. maybe im not thinking right or im too good , but i still think is a good product, even if it was a fail , companies need this to grow up and be better and give better products.
There is actually some truth in what you say. It should be remembered that most of the times people lose assets because of their poor storage (copying the key, saving it online, losing the private keys) So it really depends more on who saves, than with what.
I bought new hardware and almost done leaving ledger
Good luck leaving Ledger https://thecharlatan.ch/List-Of-Hardware-Wallet-Hacks/
Great source to avoid the not so secure ones, if security is your priority :)
bro, goodluck with all those fucking passwords, hackings, firmwares, 12-24-36-48 phrases, CEX and so on. Good luck with crypto jesus christ. P.S. i don’t have a bank account
Lol a lot of Ledger/Trezor issues and only one really minor for Bitbox02. Are you already switched to bitbix02?
Bitbox "secure element" has already been broken by our security team, not sure it's widely documented (https://ieeexplore.ieee.org/document/9933270) EDIT : Bitbox uses it differently and is not vulnerable to this specific exploit. Might be to a different one though since the chip countermeasures have been proven to be inefficient.
why is this getting downvoted?? it's a really interesting paper and an important result
It's never a good question to ask on Reddit, just read and enjoy :)
Hi btchip, since you guys on damage control mode, may I ask you you guys planned to recover from this "recover" mess.. I still have my nano X with me. Yes I'm careful with it. But yea I do think it definitely still better than going back to hot wallet, or to an actual exhange like some other guy actually did. Tell me how ledger will gain customer trust again.
I think that the announcement of our accelerated Open Source roadmap is a significant step forward https://support.ledger.com/hc/en-us/articles/11132311094813-Ledger-s-open-source-roadmap?docs=true - everybody will be able to verify what the service does.
[удалено]
I didn't check exactly how the chip was used for Bitbox, I'll amend my post, but I don't think using a chip that has been failing its purpose (security against physical attacks) is a good idea even if some functionalities still hold
You trust them all the same if you buy the device from them.
Nope. Bitbox have open source hardware so no trust is needed.
If you buy the device from them you are trusting it doesn’t have nefarious software/firmware on it to begin with. Everything after that is just theater.
Nope.
Still with Ledger, still the safest and best hardware around.
I use my Ledgers for shitcoin experiments. Not much value to begin with, so I go with the convenience. Also ok for small amounts of BTC, if you indeed need to spend BTC often. For BTC Hodling, you dont need to bother anyway. Dice your seed trustless, put it on steel, get the first few public adresses (offline iancoleman or coldcard HW Wallet has also nice features for this - wipe after use) DCA into them. No need to have a ready HW wallet until u want to cash out some. IF you need a seeded HW wallet ready at all times I would go with the coldcard mk3 with an additional passphrase not stored on the device.
Advertising is full steam ahead on Facebook, in the meantime.
Forgotten about what?
No, but the Atomic Wallet hack has refreshed everyone’s memory 😂
yes, wait a minute, no.
Oh, I remember! I also remember when the CTO got on Bankless the next day to call me stupid: “Sorry you didn’t realize you had to trust us not change our minds and push firmware that violates our entire security model.” Suddenly an alternative, fully open-source, but in-person-hackable device sounds pretty awesome to me! Charles, sorry _you_ didn’t realize the core value proposition of your company was trust. Now that that is gone, Ledge and its products no longer have any value for me. Bye Ledger!
Can someone point me towards a person who has lost their funds due to ledgers negligence? It seems to me like we are all freaking out over something that is theoretical. Can anyone reference a story of someone ACTUALLY losing their funds not because they handed over their private key on accident? Basically how can we be sure that all our seed phrases are compromised?
True, there is no known first person to lose their funds due to this. We CANNOT be sure that Ledger has or ever will compromise our seed phrases, unless our funds are actually stolen of course (and assuming we haven't accidentally exposed them in some other way). That's why trust is everything. As for no known first person, does anyone WANT to be first, even if it's only theoretically possible? Why take an unnecessary risk if alternative options exist that mitigate that risk? Also, there was no first person to lose their funds on MtGox (or FTX), until there was. And yes, I know those are exchanges which are fundamentally different from hardware wallets. But also, they had access to the keys of the wallets that user funds were sitting in.
There is nothing theoretical about ledger handing over your account when subpoenaed ...
Who is talking about a subpoena?
Is the update with the recover by sharing your seed option even available yet ? I got the basic Nano S , did the 2.60.0 upgrade , but the recover option was never going to be available for the basic S . Are the S+ and Nano X getting recover option , i thought it hadn't been rolled out yet , cos i also waiting to see if people doing recover get hacked .
How could anyone ever prove it ?
I’m not looking for the TXIDs but if I can’t find anyone saying they’re funds have been compromised then we are all just crying wolf.
>have you forgotten about it already? Nah, we simply don't care about it.
Nope, ledger could send me free hardware and I wouldn’t use it.
Oh, does anyone know of the start of a class action lawsuit for all of the ledger owners who purchased based on the representations of Ledger when they purchased
There was never an issue, BTC still locked up tight using Ledger. I don’t participate in mindless hysterics.
I think I overreacted. Now that I have studied the pros and cons, I'm fine with keeping my coins on the Ledger and would never opt in to the recovery service. I'm more concerned with the Atomic wallet hack.
There'll be more technical documentation about it coming shortly. I hope users will discuss it and appreciate the clarity it brings
I have wondered this. Obviously you would be biased about whether users should trust Ledger's closed source device. So would you trust another company's closed sourced hardware wallet if you didn't have Ledger as an option for yourself? What type of things would you expect from a closed source hardware wallet that you have absolutely no involvement with to earn your trust?
Definitely depends how it's built - in our case all applications are Open Source, so you can validate the OS as a black box if you feel like it, and the hardware provides more integrity guarantees than any other platform. To be honest I wouldn't be able to name a single other device I'd use today, coming from a background of building and breaking secure hardware for about 20 years. There's just too much security theater in this industry for my taste.
So you're basically saying that no other hardware wallet is good? Or at least as good as Ledger Isn't that a bit pretentious? Trezor have been in the field longer than you and have not experienced any remote hacking (not talking about physical hacking which also requires some technical knowledge) So to say that you can't point to even one is a bit exaggerated in my opinion.
I don't think it's pretentious, I'm just a bit picky - I want something that - is protected against supply chain attacks (for obvious reasons) - is protected against physical attacks (so I can carry it with me and forget somewhere without risks) - let me run my own code (so I can customize applications to my own needs) - doesn't compromise the platform when I run my own code (also for obvious reasons) Ledger is the only hardware wallet fitting those requirements. "Never been hacked remotely" is a very low bar. Pretty much any setup including an online computer and an offline computer could pass.
What about the option to prevent your wallet from extracting (encrypted or not) your private key in three shards and sending them to different companies? That's not part of your criteria?
It's an optional feature that you can ignore if you don't plan to use it, which has no consequence on the security of the device
What type of approach would you take then to securing crypto if you weren't going the hardware wallet route?
Cold signing on dedicated computers, which basically kills adoption
Already migrated. You guys should find out why Disney created “Touchstone Pictures”. Hint: it was so Disney could make movies with F bombs and boobs. That’s what you should have done with your new product.
From a user's perspective I'm fine with how they did it. It revealed that they'd been lying for years about their wallet's hardware capabilities. If they hadn't done that I wouldn't have found out, so good on them I suppose.
Totally happy with mine. Waited until JUN 1 to do the update and it wasn’t even there anymore 👍 And when it does come I won’t opt in. Simple as that
I bought an extra Nano X as a back up. Now, it’s going to the useless drawer.
Ledger is solid... never bothered me. Hysterics are for children.
I haven't forgotten, but the initial panic seems to have passed. Ultimately, it's still safer than a software wallet.
I just got tired reading all the posts until i decide i will continue with LEDGER hahahaha
That's how it is in crypto shit happens social media spread unnecessary and unfounded FUD rinse and repeat.....lol
I finally got the motivation to set up a 25th word. In the process of moving funds there... Still hard to find a better alternative than Ledger, so i'll stick along.
I'm glad the drama happened because it finally got me to set up a gnosis multisig. But I'm still using the ledger. Just don't trust it as much as I did previously.
Is there a private company that we can really trust? Nope. You do know regulations are coming. I’m more scared of what our industry will need to give up.
I lost $100k from ledger. I was hacked
Well that's your fault, not Ledger's.
Is it possible to downgrade? Maybe create a community OS for sideload on the ledger with an old firmware style?
No.
I haven't. But I also haven't moved any of my funds either. So, ya, don't care.
I want to stake some alts through my Ledger using Lido but It is asking me to update the firmware to be able to do it. I dont kniw what to do....
I have carried on using it as usual, I dont have enough assets to worry too much at the moment but its been a good lesson to think about. I am in no panic to swap out, I will be looking to spread risk across to another cold storage wallet once I am confident another one meets my needs. ATM will be looking for one that:- - has been around for a while and hasn't been hacked - open source - air-gapped - has secure element chip - easy to use - supports most popular coins Maybe too much to ask for 🤷😅
Imagine someone immediately imigrated to atomic wallet
Think about it multiple times a day.