Topic: Bitcoin Ledger and other hardware related questions. - page 2. (Read 939 times)

I'll post the Amazon links, since that's where I got them from:

RAVPower 26800mAh Dual Input Port Battery Pack

Solar Power Bank, RAVPower 25000mAh Outdoor Solar Phone Charger

JETSUN Solar Charger, 16750mAh Power Bank

And then I got this bad boy from Chargetech.com: 54K PLUG PRO.  I think that's a link to their whole site and not to the specific charger, but they have some great products.

Can you post link of which powerbank you have?  Like is it powerbank only for laptop?  Or its those that are for tablets/phones mostly?

Hi there, when you say powerbank, you mean the one specifically for your laptop?  Or its one of those powerbanks where you can charge your laptop but also usb devices like tablets and phones?  Im talking about those that you can connect to your laptop.  But also the ones that connect to your usb devices.


Well i don't mean connecting your ledger to a powerbank... im confused how you would do this?  Can you explain?  You cannot do this and im not sure why you would even do this if you can?  A powerbank is meant to charge laptop, tablet, phone.


I mean say your laptop is running out of battery and you need to charge it but you have no outlet or power... but you have a fully charged powerbank... you connect powerbank to your laptop.  Then you use your laptop as normal.  I mean could someone install malware/keylogger in that powerbank where the moment you connect it to your laptop or say a tablet/phone... get malware/keylogger?  Like imagine you bought a powerbank from someone online or someone lend you it... but it has malware if you ever connect it to your laptop/phone/tablet.


Then even once you unplug power bank from your laptop, the next time you open emails or enter your password to your email or password manager, then all your information is keylogged?  That is what i mean by powerbank.  Like you only use it when you need power and there is no outlet to connect to.


Do you get what im asking?  Im confused with your example.

OK, so I'm no expert here, but I own several power banks (I find them incredibly useful when I'm out on my bicycle).  I'm almost certain that connecting your Ledger to a power bank would not be an issue.  I'm assuming you mean the connection would be power bank-->laptop-->Ledger, because it would make no sense to just connect the power bank to the Ledger.

If anyone can show I've given some bad advice, I'm all ears. 

I did hook up my Ledger Nano S, and it's great!  Very easy to use, and I even spent a ridiculous amount of time setting up the words in the steel wallet that came with it.  I've never used a hardware wallet before, and I'm really liking this.

Related to this.



1.  What if you bought say a used modem/router?  Then start using it.  Is it possible to get hacked very easily with this if you use a laptop and connect to the modem/router?


2.  What if you bought like a charger for your laptop?  Or what about those powerbanks that work for laptops?  Like those that connect to your laptop to give you a charge when you cannot find an outlet?  Could someone do something to it where when you connect it to your laptop, you can get malware/keylogged?


3.  What about connecting your iphone or android phone to someone's power bank?  Or what about connecting them to an outlet say at starbucks or coffeeshop?  Could someone set something up in those outlets etc?

There are only really 2 ways to tamper with the device:

1. Firmware
2. Hardware

#1 is the "easiest" method... it's simply modifications made to the firmware to compromise the integrity. Ledger have made great strides since the work of Saleem Rashid to ensure that the device is able to detect altered firmware and/or stop it from working.

#2 is a lot harder as you'd need to break open the casing (without damaging it) and either replace all the internals with your own custom board that replicated the workings of a Ledger... or you're need to attempt to find space in an already cramped container to try and squeeze in your own extra hardware.

Then you'd need to put the case back together. I think it would probably be easier to actually just 3D Print your own casing and build your own full internals than attempting to modify and repackage an existing Ledger device.

So, this probably shows that 2nd hand devices are actually worthless to be purchased and we shouldn't go for them at all when we even need to have a basic check passed even on our official devices, right?


I believe I can ask this here -
Can you tell us something about the different types of procedures such devices can be tampered with? If so, it could make us more mature about them so to save ourselves and others from falling apart from their coins just because they've got no / least technical knowledge about using these devices with care.

The reddit thread about it is here: https://www.reddit.com/r/ledgerwallet/comments/7obot7/all_my_cryptocurrency_stolen/
Ledger's response to the incident is here: https://www.ledger.com/scam-second-hand-ledger-device/

Regardless of where you ordered your Ledger from (or any other hardware wallet), even if directly from the official website, you should perform some basic checks when it first arrives to ensure it has not been tampered with, as I suggested earlier in the thread. Provided you do this, you will not fall victim to this kind of attack.

Worth mentioning that all these security flaws have since been patched, provided you update your Ledger to the latest firmware (as I suggested in my reply above). See here for more details: https://www.ledger.com/firmware-1-4-deep-dive-security-fixes/. Also, by successfully updating, you are also verifying the genuineness of your Ledger, and that it hasn't been tampered with.

You will be okay. In their website they have good manuals. If you follow then it's easy peasy. For NEO, you will need to...
Download the NEON Wallet, install it in your computer.
Install the Neo app in your Ledger

and you will be good to go once you setup your Ledger Nano S

Anyway, the reason I give you the above link was that I felt I advocated too much about Ledger without knowing some of the risks might still exists. And I thought I should let you know about it.


I too is not much worry about it but it's good to know the things we are dealing with.

Cheers :-)

The thing is that you still need physical access to the hardware wallet and a bit of social engineering to "break it". So, in most cases you will be safe as the only way you can actually be affected by this is if the bad guy is with you and you follow his instructions (in this case, he would probably just use the $5 wrench method).

I wouldn't worry about this.

Man, I have no background in computer science or anything related to that, so most of that article is Greek to me--but I do appreciate the link.

I have not yet set up the Ledger S, but I think I'm going to do it today and may add my NEO onto it.  I don't suspect I'll have a problem as long as I can follow the directions.  We'll see how it goes.  For better or worse, I'm not all that concerned about my coins getting stolen, but I'll be careful about that.

Hey bud just wanted to give you a shout out. You must remember this post which I responded to you and advocating for ledger. I still do but there is something I was not aware.

Please read this: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/

It seems more than a year old article but this gives a very good insight about the device security. I hope this knowledge will help us to keep out crypto safe.

Cheers :-)

IIRC, there was a case whereby someone was scammed with a fake seed. The person bought a hardware wallet online advertised as new and there was a pregenerated seed that was disguised as the recovery code and several victims fell for it. I would still take precautions and do my own due diligence with regards to buying a hardware wallet regardless of whether its new or not.

On the topic of raspberry pi, that's my current cold storage solution. Using Core on even with Pi 3+ is possible, provided that you're not operating it as a full node. I prefer a more simplistic approach with Electrum's GUI and its worth a consideration since the whole setup goes for about $35 and its cheaper than even a used hardware wallet. The security would be somewhat similar barring physical attacks.

It only asks for some of your words (e.g #8, #12, #17...) and not all of them.

A lot of time has passed since I set up my Nano S but if my memory serves my right I had to check and confirm every single word of my seed and not just a few of them!?
If someone has done the initial setup recently please confirm whether you had to re-enter every single word of your seed or just a few of them?

This site is useful if you are going to be storing alts on your Ledger: https://support.ledger.com/hc/en-us/categories/115000811829-Apps. Basically, it gives you a step-by-step guide for each alt, including which wallet you need (or which wallets you can choose from) which are compatible with the Ledger to store your coins. The page for Neo is here: https://support.ledger.com/hc/en-us/articles/115005530425-Neo-NEO. Essentially you will be downloading the NEON wallet, and the instead of using a password or similar to unlock it, you will unlock it with your Ledger device.

I would definitely follow HCP's advice above first, though. I also received and sent a few small transactions (a few dollars worth of BTC) first to make sure I was happy with how that worked too. One of the main benefits of the hardware wallet is that any time you are making a transaction, the transaction address and amount are shown on the hardware wallet's screen, and you have to confirm that these are correct (by pressing the right button) before the transaction will be signed. Make sure you check the address against the original address you were sent/given/displayed, and not against what you copy/pasted, just in case your computer is infected with clipboard malware.

There aren't too many pitfalls really... and the Ledger Nano S is a decent enough piece of kit.

Aside from all the normal advice of making sure the device is reset and generating a new seed mnemonic/PIN/Passphrase etc... I would also advise that BEFORE you send any crypto to the device, make sure you're comfortable with wiping it and restoring from the 24 word seed mnemonic.

Basically, install Ledger Live, connect the device and follow the instructions for setting it up. Then note down the receiving address(es) given. Then wipe the device (there is an option in the settings or you can simply enter an incorrect PIN 3 times)... the restore from the 24 word seed mnemonic and confirm that you see the same receiving address(es) following the restore.

This will give you piece of mind that:
1. You have correctly written down the WHOLE seed mnemonic (from memory, the initial setup only confirms a couple of the words at random).
2. The restore functionality works as advertised without risking any coins.

When I got mine, I actually created a couple of different seeds and checked against things like Ian Coleman's BIP39 mnemonic converter to make sure that it was creating "proper" mnemonics, before I wiped and then created the "final" one.


Also, try installing, deleting and reinstalling the coin apps on the device to get comfortable with how the "Manager" functionality in Ledger Live works and see that even if you remove an app and then reinstall, you still get the same addresses etc.

Finally, just an FYI, by default, Ledger will give Nested Segwit addresses for BTC. You can also create "Legacy" if you want and apparently the native Segwit support is in final stages of release... for now, I believe native segwit is still marked as "experimental".

Hardware wallets are a bit of a meme in my book. I would look into the new Raspberry Pi 4, the 4 GB version. It should be similar to running a node in a Core 2 Duo I guess. You get 4 1.5ghz cores and without the IME or PSP clusterfucks.



In addition, it looks cute plus you get to piss off Craig Wright running a node on it.

I don't think it's completely off-topic here to mention that I received my Ledger Nano S today, along with the steelwallet.  Both are things of beauty, but that's about the only thing I can say about them right now since I haven't actually played around with them yet.  So far I'm very happy with my purchase, and I've no doubt that these are the real deal and not some counterfeit garbage.

The Ledger and steelwallet arrived late in the day and I'm tired, so tomorrow I'll see what I can do about storing some crypto on the Ledger.  I'm mostly interested in keeping NEO on it since it'll earn GAS without having to be running all the time. 

If anyone else has any good advice for me, I'd greatly appreciate it--and I did read this thread.  Hardware wallets are new to me and I'm not sure what the pitfalls are, if any.

Yes, it does mean he cannot go online. If he wants true "offline storage", then the computer needs to remain offline permanently. Otherwise, it should be considered no more secure than a "normal" desktop wallet and then associated security measures will need to be taken to ensure the security and safety of their funds.

Additionally, using your "everyday" computer in conjunction with cryptocurrency can be problematic if your "everyday" computer activity includes "risky" activities (downloading pirated software, visiting porn sites etc). The chances of infecting your PC with malware/viruses is a lot higher in these instances.