Topic: Are hardware wallets really safe? And so is Bip39? Opinions about Ledger? (Read 224 times)

I am going to offer my view on your questions and concerns.

The recovery phrase is generated on your local machine during the setup process. Ledger doesn't do it for you. Still, these are closed-source devices and you have to trust them that they don't have backdoors in there somewhere.

That's true for all hardware wallets, not just Ledger. I am not sure what you mean with compromised. Only a genuine Ledger can connect to the genuine Ledger Live native app and communicate with genuine Ledger servers. If you use a fake HW with a software downloaded from a phishing site, that's not Ledger's fault.

More than secure. The security of the 24-seed phrase is higher than that of a bitcoin private key. Don't worry about someone generating the same seed as you. Worry about all the planets in the solar system come crashing into planet Earth at the same time and you being the sole survivor. That's more likely to happen.

Yes to both questions.

The servers you connect to can see your addresses and the balances on them. That's true for Ledger Live as well as Electrum. The way around that is operating your own server. The information they have on you impacts your privacy but not the security of your coins.

That's not a question. If I wanted to buy a new Ledger device today (which I don't), I would rather get the Nano S Plus than the Nano X. I wasn't a fan of the Bluetooth feature the 1st time I saw it and that hasn't changed. Their battery system is also bad.

Ledger ships its devices with already installed firmware, but that firmware could be outdated. You need internet connection to get the latest firmware. You also need to install the apps you intend to use. You can only do that through Ledger Live. You can't use Electrum and Bitcoin without first installing the Bitcoin app on your Nano.

Or you could try to ship it to a PO box if that works in your country and Ledger supports it. Additionally, you might try your place of work or something like that.

I don't see the point in destroying the device. Don't buy it at all if you aren't going to use it as intended. Look into setting up and using an airgapped system instead.

No hardware wallet is 100% secure. Something can be less or more secure, but not completely 100% secure. A (Ledger) hardware wallet is secure enough if you don't mind its closed-source nature.

In theory, each device could have a backdoor that reports the generated seed phrase back to someone at Ledger. No one knows.

Before you go about destroying it as the above comments have suggested, you should try to write over any data on the device if you can. Factory reset it a few times. Restore it with a new dummy seed phrase and passphrase multiple times. Then you can take it apart and smash/grind/blend/shred it up as small as possible, scoop up the dust and debris you have left and chuck it all in to your next campfire. Good luck getting the data back out of that.

Or even better, don't use a hardware wallet at all if your only goal is to generate a seed phrase and then destroy it. There are better approaches using airgapped computers and amnesic OSs as outlined above.

There's rarely a secure way of doing anything. I mean, most users have their private keys generated on a computer, and rely on the hardware of that device. Then, you have users that use hard drives or SSD's. Hard Drives are notoriously difficult to actually wipe data off, and SSDs might have a feature called "Secure Erase", but that's also been debated on its effectiveness, since it entirely depends if the manufacturer has implemented it correctly. So, a hardware wallet isn't any different from anything else in terms of securely destroying it.

Ultimately, when it comes to sensitive data you can only destroy it as best as possible, even if there's a chance of something being salvageable. So, destroying it with a sledgehammer will pretty much render most people out of the picture when it comes to using anything that's left of it. Also, how you dispose of the broken parts also matter, if it's getting dumped in a land fill there's very little chance of anyone salvaging that due to the amount of items there.

Unfortunately, in life we have a risk to everything, but you can minimize that risk as much as you can. There's no certainty with most of the things we do in life.

Will it blend: https://www.youtube.com/watch?v=rofgMueCOqo

But seriously, a few minutes with a pair of pliers will do enough damage to it to render it useless and impossible to recover.
Which does bring up the interesting point of all the new HW wallets that are coming out in metal cases. Need the big self destruct button just in case.

As we keep discussing they are all vulnerable to the $5 wrench attack so keeping knowledge of your finances secure is always important.
EVEN TO PEOPLE YOU THINK YOU TRUST. Would you really want someone like Yogg to know where you live and that you had funds?

-Dave

But what if throw a hardware wallet into the mouth of a volcano like a One ring or into molten metal like a T800?

It seems to me that if you work hard with a sledgehammer, then no forensics service will be able to restore any data.

Again, this is a waste of time and money for a hacker, not knowing the balance, trying to restore the wallet from fragments. It can spend much more than it recovers from the wallet.

The possibility of this exotic option is almost zero and you should be wary of other attack vectors for hackers.

And how exactly can you securely destroy a hardware wallet? That is what I have always wondered. It's not like there are screws you can just take off and then extract the NAND flash memory/storage from the device...

A determined hacker could take a damaged HW to a forensics service so a sledgehammer will not help here.

I was really interested in what depth it was, considering that I don't use this measure, and I calculated that it was as much as 15.24 meters. I think that's pretty deep and I'm wondering if you have any special reason to bury your backup so deep? I'm not an expert in geology, but is it possible that after 20 or more years your backup won't be there for some reason, maybe due to underground water that will appear over the years or an earthquake that would cause the ground to collapse?

There have been a number of vulnerabilities across multiple different hardware wallets which could result in funds being lost. Ledger had a vulnerability where an attacker could trick you in to making a bitcoin transaction while your device was showing you a transaction for some altcoin. Trezor still have a vulnerability where the seed phrase can be extract from the device by someone with physical access to the device. There will 100% be other vulnerabilities discovered in the future.

As you say, they are generally secure, but no method is 100% safe.

I don't. I consider encrypted airgapped cold storage to be more secure than any hardware wallet which is connected directly to your computer or phone.

The long and short of the whole thing is that we all consider hard ware wallets (not just ledger) to be the most secure means through which we can safely store our crypto assets.
When we discuss about hardware wallets, we have
-Ladger
-Trezor
But ledger seems to be a most popular hardware wallet, a thing with most non-custodial wallets which includes, but not limited to electrum, mycelium, ladger(hardware), Trezor(hardware) etc, is that when ever they are hacked, like the Ladger customer care already pointed out , it is mostly the user's fault, and not the company itself, this is why we are made or understand that we are our own security, because even hardware wallets, which are considered to be the most secure, can still be hacked if the user is careless with the seed phrase that secures the wallet.

In short, hardware wallets are considered to be a secure method for storing cryptocurrencies. They are widely used by many individuals and to the best of my knowledge, there have been no reported instances of funds being lost due to security issues with these devices. This is particularly true for the more well-known and reputable hardware wallets.

However, it's important to remember that no storage method is completely secure. Hardware wallets, while considered to be a safe option, can still be lost, stolen, or damaged. If the device is not set up correctly, if they are tampered with or if the recovery seed phrase is not kept securely, the funds on it could still be lost.

Ledger wallet is using closed source secure element to generate seed words, and user is doing that when they start device for the first time.
You can also generate your seed words offline and import them in ledger if you don't trust their closed source generation.
Devices are not delivered with pre-generated seed words, and if someone receives device like that, that is a scam.
There is always a possibility for hidden backdoors, but that is the case with all other devices.

Go ahead and try to brute force it.
You can always make it more secure with multiple passphrases and with multisig setup.

Yes, he can use it with any compatible wallet, including Electrum and other hardware wallets.

This device is better than model X that has many battery issues, and you don't need bluetooth when you can connect device with cable just fine.
I am not recommending anyone to buy any closed source ledger devices, but ledger S plus is probably best of all their junk devices.

Probably.
There are thousands of Linux OS, and I don't know if all of them will work with ledger, but most distributions will work.

Nothing is 100% secure, especially not when you keep anything on some cloud drive.

No, and this is not a hack.

Passport, Keystone, Bitbox, Trezor, are all open source and much better and more reliable than ledger.

PS
You are asking too many questions...

You are certainly along the right tracks.

I'm not sure you need a hardware wallet in this situation, especially if you are planning to destroy it after you have generated the seed phrase. Given that you say you already have an old laptop with no hard drive and will be running a live Linux OS, then you can just use that to generate your seed phrase. Bonus is that you can do this using only open source software, which you won't get with a Ledger hardware wallet, and it avoids all the issues with data leaks from hardware wallet companies.

I would suggest not using bitaddress or Ian Coleman to generate your entropy seed phrase. Javascript is a very poor choice for generating entropy.

In terms of privacy, yes you can extract your master public key from the seed phrase and then use that to endlessly generate new addresses to send coins to. You would need to be careful how you handle this master public key though if privacy is your goal. If you import it in to a random hot wallet to watch your addresses, then whichever server(s) your wallet is connecting to will be able to see all your addresses are linked to each other. You would instead need to be looking up your addresses via your own node in some way, such as with your own Electrum server or by running Sparrow wallet pointed at your own node.

I would also strongly suggest making more than a single back up of your seed phrase.

Ledger hardware wallet should be safe enough, but if you want be completely sure about your safety, you can go for an open-source hardware wallet like Trezor.
Click the link below and visit the the topic created by dkbit98.
[ list] Open Source Hardware Wallets


Right. Even a 12 word seed phrase is secure enough.


Yes. Most wallets use the BIP39 standard.
Just note that electrum generates the seed phrase using its own algorithm, but it supports importing BIP39 seed phrases.


Your seed phrase can generate numerous addresses.

 
Right. With using a new address for every transaction, you can protect your privacy.
Note that the addresses will be linked together if you spend all your fund in a single a transaction.


Right. You can use your master public key to create a watch-only wallet. It will give you the same addresses.
You will need your seed phrase only for spending the fund.


I have never heard of any vulnerability in ledger hardware wallets, but I would use an open-source hardware wallet.


I think the topic created by dkbit98 (which I shared its link above) should be helpful to you.

Full disclosure, I come from this thread where I've thought that maybe offline wallets are still the solution, but I’m 10 years late to the party: https://bitcointalksearch.org/topic/storing-bitcoin-about-20-years-and-is-offline-paper-wallet-bitaddress-secure-5436012

Since some people convinced me to use a hardware wallet instead of my earlier choice (50x offline generated addresses saved on 10x USB flash drives), I have some questions about the hardware wallet. I still have my 0.5 Bitcoin (just an example here) on Coinbase and would like to transfer them to a cold wallet ASAP. My main purpose is to keep Bitcoin save from others as well as myself, so long-term storage for about 20 years.


1. So with Ledger, for instance, it’s a “24-word recovery phrase.” I was wondering when and how the recovery phrase was determined on a Ledger device for example? It’s not possible that the company itself knows it before they deliver it with DHL? I’ve heard the best way to buy a Ledger is from the company itself, because Amazon/eBay Ledgers could be compromised.

2. Just these 24 words in the right order are pretty much secure and it’s like a “count all the atoms on planet Earth” thing so it’s impossible that somebody else uses the same phrase or finds out about it? I’m not the smartest guy in town, but there are no brute force attacks possible by combining 24 words from this BIP39 list? https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

3. The 24-word recovery phrase in universally compatible (whether other hardware wallets, software etc), so if a thief knows my recovery phrase, he can also use it with Electrum obviously?

4. And this 24-word recovery phrase is able to generate thousands of public/private keys, so if I have a Bitcoin savings plan like 0.1 Bitcoin every month (so sending it from Coinbase/Binance to the hardware wallet), nobody would find out about the real balance since it’s spread out over many addresses?

5. If I go for a Ledger, I would probably purchase the Nano S Plus because it doesn’t have any bluetooth? Does anyone have experiences with this particular device? https://shop.ledger.com/products/ledger-nano-s-plus

6. I can setup a Ledger also completely offline with Linux/Ubuntu DVD and just Electrum? Just asking because most tutorials are based on Ledger Live, but I’m not sure?

7. I’m also concerned about the Ledger since there was this data breach online, so the thing to do would be using the address of a homeless shelter, something like that just to stay anonymous? Since I've heard that many people got death threats after the data breach.

https://www.nasdaq.com/articles/inside-the-scam%3A-victims-of-ledger-hack-are-receiving-fake-hardware-wallets-2021-06-17

8. If I have everything setup with Ledger Live or Electrum, can I have a watch only wallet just for transferring my Bitcoin from Binance/Coinbase with a new public address even if I chose do destroy my Ledger device after 1 week for additional safety? As far as I understand, it’s only about the initial setup and as soon as have my 24-word seed phrase, I only have to care about storing that phrase like 50 feet underground. As I said earlier, I only want to receive Bitcoin, not spend them. Hodl so to speak.

9. So the Ledger device in general is pretty much 100% secure and the only known hacks and 100% of the time it was the user who put the phrase up on Google drive, told their partner etc.? Just asking because I went to like 50 Reddit threads and there is like “Help! Someone stole my Bitcoin from my Ledger” almost every single day. Ledger support also says on Reddit:

“The most critical component in using a Ledger is the user. When users post about losing their assets, they have either given away their recovery phrase or given permissions to a malicious contract. For this reason you must closely guard your recovery phrase and always verify the contracts you're signing.”
https://www.reddit.com/r/ledgerwallet/comments/wdoas8/i_have_been_using_ledger_for_a_week_and_i_feel/


10. As far as my understanding goes, there are only 2 ways to “hack” (not the right word of course) a Ledger device:  1. someone knows 24 word seed or 2. Ledger device and someone knows pin code. That’s correct?

11. If anyone has other good recommendations for a good hardware wallet, I would like to hear it. Maybe less controversial than Ledger although they still seem to be pretty popular, even after the data breach.



So after reading all my points again, I would buy a hardware wallet, create the 24-word phrase with the hardware wallet, write the 24-word recovery phrase down on metal (put that 50 feet underground in a PVC tube etc.), send 0.5 Bitcoin + monthly Bitcoin savings plan to hardware wallet addresses and just destroy the hardware wallet with a sledgehammer/chemicals/various. So If only care about my 24-word seed phrase (which, again, will be 50 feet underground) and the right public address (I can create new ones even without the hardware device?) to which I can send my Binance/Coinbase Bitcoin savings plan regularly, I wouldn’t need any hardware wallet for the next 20 years, correct?

After doing some research, and since everything seems to be about the 24-word seed phrase, how about using the Iancoleman Web site offline with Ubuntu/Linux DVD on an offline laptop that will always be offline for generating the 24-word phrase? Just saying since I want to destroy the hardware wallet anyway and just need it for generating the 24-word seed phrase. Or could this Web site cause some problems since JavaScript is involved and it could possibly mess things up?

https://iancoleman.io/bip39/

Because I don’t need any access to the Bitcoin for about 20 years, I think that’s the most secure way? I’m always open for suggestions. Thank you very much.