ALERT Ledger Secure Element | Bitcointalksearch.org

mendace

sr. member

Activity: 462

Merit: 603

Pizza Maker 2023 | Bitcoinbeer.events

Quote from: Charles-Tim on May 17, 2023, 08:14:21 AM

RickDeckard has already created a thread where we are discussing about it.

Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

It will be better to lock this thread.

Sure, I hadn't seen the thread

KiaKia

sr. member

Activity: 658

Merit: 384

For almost the same reason I always take my time before updating my wallet software, because some updates can be crappy and vulnerable to attacks, I won't update until a month later because if the new update is not doing things right they will still have to patch it and bad actors might find their ways into peoples crypto wallet and start stealing their coins.

Stay away from any mobile or hardware wallet that gives access to cloud data backup, they don't know what they are doing, Private keys and seed recoveries are safer offline than anywhere online, say no to cloud backup.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

RickDeckard has already created a thread where we are discussing about it.

Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

It will be better to lock this thread.

examplens

legendary

Activity: 3248

Merit: 3098

Quote from: mendace on May 17, 2023, 07:39:11 AM

I conclude by saying that at this point Ledger has in fact screwed up half the hardware wallet world because that chip is practically used by almost all manufacturers, coldcards, Bitboxes, etc... So at this point the question remains "what to do?"

They unexpectedly opened a big hole. With the information that it is possible to access this chip through software, they set homework for the hackers. I don't think we will have to wait long for the results of this fiasco.

Quote

Among other things, Ledger is not exactly the maximum security given the previous leak data.

I would say that Ledger and its developers have a very strange understanding of privacy and security. There are really too many omissions on the part of the, until recently, number 1 brand when it comes to hardware wallets.

BenCodie

legendary

Activity: 1638

Merit: 1036

6.25 ---> 3.125

Nothing beats cold storage and storage that does not involve a third party. i.e. Bitcoin core on an isolated machine. I have always looked at ledgers and hardware wallets and thought, it's only a matter of time before these get breached in some way. Here we are.

Save your money. Buy two flash storage devices (for a cold wallet and hot wallet), encrypt them with a strong password and a modern algorithm, store your keys/wallet files on these and viola. Cheap hardware device. You'll save hundreds, and you won't be exposed to vulnerabilities or negligence by third parties (if your desktop is adequately secure/you are not negligent in your own security).

mendace

sr. member

Activity: 462

Merit: 603

Pizza Maker 2023 | Bitcoinbeer.events

I'm opening this new thread for those who haven't read yet about Ledger's bullshit about seed recovery.
In a nutshell and in short they are launching a cloud service where it is possible to make a backup of your seed which will be divided into 3 encrypted parts and sent to 3 different cloud providers.

https://www.ledger.com/recover

Having said this, the shocking thing is not so much the service which can also be quite secure but the fact that until now it seemed impossible to be able to withdraw the device seed (ST31H320 chip) from the secure element and now it can be done easily via software.
Among other things, Ledger is not exactly the maximum security given the previous leak data.

I conclude by saying that at this point Ledger has in fact screwed up half the hardware wallet world because that chip is practically used by almost all manufacturers, coldcards, Bitboxes, etc... So at this point the question remains "what to do?"

Topic: ALERT Ledger Secure Element (Read 91 times)