Topic: Fuck you ledger - page 4. (Read 1115 times)

But it's what Ledger had been telling us since day one:







Lies, lies, lies.

Ledger Lies.

Just in the spirit of clarity here, I think while it's important to note that although Ledger's communication has been terrible and their marketing repeated this notion - the belief that a secure element could never reveal private keys in any form regardless of what firmware was thrown at it was and has always been incorrect. This was known long before Recover was ever announced. It's how hardware wallets work. Access to the private keys MUST be granted in order to sign anything. The concept of a HW wallet that can both sign a Tx and have ZERO access to the privkeys ever is possible in theory but not in practice as this would mean you would never realistically be able to update the wallet ever. No bugs could be patched etc. It's not practical. Forgive my inability to explain the technical details of this as I'll leave that to people smarter than me but this is how it was explained to me.

So the fact that your wallet can spit out your keys if the firmware allows it is NOT what the problem here is and I think it's very important to understand this in order to combat the gaslighting coming from Ledger. Coldcard will reveal your keys in plain text on the device as well as export them in encrypted form via SD card for a backup if you like. This in no way makes the secure elements or the wallet less secure, those are simply features of the device that are baked into the firmware. (You can always lock down the seed of you like to remove this feature of course but all of it is locked behind a pincode anyways) The crucial differences here are 1) you know exactly what the device is doing and 2) the keys if revealed are only being shown to you and you alone, they're not being sent anywhere. You can either see them on the device or you can export them encrypted on an SD. And 3) you were never led to believe this was impossible with fancy marketing that led you into a false sense of what the hardware was actually capable of. Ledger was deliberately misleading in their marketing at times even stating that "Not even a firmware update could extract your keys" when this was blatantly false. So when people who didn't know better learned that this was actually technically possible they lost it - but they lost it for the wrong reasons! The REAL reason this should worry people is that the process of extracting keys involves so much 3rd party trust and involves those keys being sent through your computer over the internet. That is what should frighten people, not that a SE can spit out a seed if it's told to.

Impressed... and I 100% agree with you, although I've never used Ledger. However, I've always been skeptical about hardware wallets, especially when they announced changes and narratives regarding private key security.

It's better to be vigilant when it comes to the safety of our online assets.

It's good to hear that you've switched to an offline software wallet. We should too. Also, the approach you've adopted, like partial signing online and then signing offline and broadcasting it, is something I wasn't aware of.

I think I need to explore these concepts too, especially this privacy coinjoin, as it adds an extra layer of privacy to your transactions. It's an excellent way to take control of your online privacy in this crypto world.

I've always believed that offline software wallets are not only secure but also cost-effective. If managed correctly, cold wallets can offer the same level of security, or maybe sometimes even surpass hardware wallets.

Well, thanks for sharing your experience.

There are two possibilities here, both rely on trust. You can either have trust that the old firmware still makes physical button presses mandatory to the process, and that the option to bypass button presses doesn't exist in the old firmware versions. Or you can trust Ledger that their new code changes will never allow for the possibility to bypass button presses. The third option I didn't mention is completely abandoning Ledger HWs. 

Ledger has reveled something we initially thought was impossible because that's what we were told. And that's the way secure element chips function. In earlier years it was said that no sensitive data can even leave the chips. We know now that it isn't true. It can if the software tells it to. 

This is it right here. And the communication from Ledger so far has been particularly gaslighty where as they're trying to (and successfully have done so if you read the Reddit threads) make people equate the level of trust needed to feel safe with Ledger Recover with trusting any other hardware wallet to simply generate and store your seed. It's gaslighting and obfuscation. Trying to make people seem paranoid for questioning this since "every wallet needs trust bro what's the big deal?!"


A hardware wallet doesn't (shouldn't) need to connect to any manufacturer servers in order to work. You can use a Ledger with Electrum as well just as easily. You need to use Ledgers software in order to get coin-specific apps onto the device as well as firmware updates but once that's done there no need to ever touch their software again until it's time to update firmware.

The problem(s) here is that:

1. Their firmware is closed source so nobody has any way of knowing what the firmware is doing.

2. They've introduced a recovery service which places on your device code that makes it possible to extract your seed, shard it and have it sent through your computer to other custodial servers. This is being sold as a feature but is fraught with danger and is an absolutely horrid idea for dozens of reasons that have already been covered.

3. For all we know the actual code that enables this ability could've been rolled into previous firmware versions either as a placeholder or as a test. So it may technically already be there and there's literally no way of knowing because it's closed source. Saying "I just won't update then" isn't enough to be sure.

4. The idea that firmware can allow the secure element to reveal the seed really is a non-issue and is being used to obfuscate the issue by Ledger when they say "any hardware wallet can technically spit the seed out if firmware tells it to" - yes but they're not sending your keys through your PC which may or may not be malware infected, outward across the internet to 3rd parties which you now have to trust. However this did highlight the deep misunderstanding many people had about how hardware wallets actually work - this was due in part to most people being uneducated on the technicalities and also Ledger's fault for constantly using the wording that your seed could never leave the device. Now it's "oh well of course they can you should've known that but only if our firmware allows it which now it does"

5. Another point that has been stated to death but needs to be repeated is that the idea of "if you don't opt in what's the problem?!" is misleading because there is nothing permanent in the hardware that stops the need for a button press to allow key extraction from being removed in a firmware update. So technically - Ledger could force you into this through a firmware update and extract your keys without you doing a single thing. The ability is there. Even if today you had to press buttons to allow the recovery service there's nothing that prevents them from removing that requirement in the future. Or perhaps it's already removed and the button press is just theatre to make you think it's necessary. You can't know because they're closed source. "Trust me bro!".

Nah you are right. Its a hardware wallet which integrates with their software Ledger Live. All firmware updates are handled over Ledger Live. And since its closed-source no one knew that there is or was a "backdoor" to extract the mnemonic phrase of your device.
Yesterday they launched their service called Ledger Recovery which caused the drama. The thread about it was already mentioned here but I recommend reading it: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

Sorry, but I'm quite confused as I never owned a Ledger. Isn't it a hardware wallet? Doesn't that mean it cannot connect to any network except the computer that you'll plug it into? Doesn't that mean that the only manner to expose your private keys is by establishing a connection with their servers once you plug it into your PC and by sending your private keys to their server?

Does it require downloading closed-source Ledger software as well for it to work? Sounds pretty fucked up situation.

Perhaps there are things in the firmware they don't want anyone to know.  They've been talking about making their code open source, but they're also lying about what "open source" actually means.  In other words, they want to use the phrase Open Source while keeping some of their code closed...  which just raises more questions about what they're hiding.

Ledger is dirty.

Why don't they just open-source their firmware, at least with a restrictive license if they are not comfortable with unlimited freedoms of MIT or GPL or similar. That is the quickest way to dispel any fears that there is a backdoor in Ledger source code. But of course, they won't do that, so it's best to avoid any kind of wallet - hardware or software - where its operation cannot be independently verified.

Compare Ledger - closed source, connects to an internet enabled device, has the ability to send your seed phrase across the internet - to something like a Passport - open source, completely airgapped, communicates with QR codes - and the difference is stark. The difference in the amount of trust required, and the amount of independent verification which is possible, is astronomical.

It's like saying "all software wallets require trust" when comparing something like airgapped open source Sparrow wallet, to hot closed source Trust wallet. There is simply no comparison, and anyone claiming they are in any way similar is either naive or malicious.

The key is common to all Ledger devices, and therefore the encryption is utterly useless: https://bitcointalksearch.org/topic/m.62453002

The key issue here is that even if at this point you do need a physical button press to confirm/deny a Tx or seed sharding, there's is nothing inherent in the architecture of Ledgers hardware that restricts the device to operating this way forever. The required button presses are a firmware update away from not being needed at all. Which means that change could be made with or without your knowledge. "We promise we won't" Back to trust me bro.

Ledger keeps repeating that "all hardware wallets require trust" and people get lost in this because while on one hand it's true to some degree, not every wallet requires as much trust as one that's closed source which also has the ability via firmware to split and send seeds through your USB/Bluetooth connection, through your PC and then stored elsewhere.

"Oh but the shards are encrypted!" This only sounds good until you realize that Ledger themselves say that any device can restore the shards. So the encryption keys are either specific to ledger Hardware (meaning anybody with a Ledger has them) or they're stored at Ledger headquarters (meaning they have them and you have to hope they aren't leaked the way all those addresses and emails were). Any way you slice this it's frightening.

YES.

Anybody who says you have to use the buttons to confirm actions is assuming that to be true.  Since Ledger's code is closed, no one but Ledger knows for sure what their code actually does.  Even Ledger admitted they can't prove their code doesn't have any backdoors.  They lied, saying "...because you can't disprove a negative," but that's nonsense.  Ledger can't prove their code doesn't have backdoors because Ledger's code isn't open.

Anyone who tells you Ledger's code is safe is making assumptions about their code, and that's very dangerous.

First off, one aspect of this entire thing that seems to barely ever be discussed which bothers me far more than the concept of a recover feature is the fact that Ledger seems to be quite comfortable attending WEF retreats and rubbing elbows with the same people who want us to own nothing and be happy. I don't feel safe leaving my keys in the hands of a "trust me bro" CEO who attends WEF conferences and refuses to fully open source firmware that's possible of extracting keys from their devices via USB cable through a PC and over the internet.

Secondly, they keep beating the drum about how these shards are encrypted, but if anybody can restore their keys on a brand new ledger than clearly the encryption keys to these shards reside somewhere within Ledger. Where? Who has them? If any device can restore with 2/3 shards then that means it only takes collusion from 2 of these companies that store the shards to have access to every single key out there.

Thirdly, the idea of "just don't use it" may not be that simple as I recall seeing somewhere (I think within the other large thread on this topic) that the claim that you always have to physically press the buttons on a ledger to initiate an operation like sharding and sending your keys via recovery service is actually false, as the device can be updated via firmware to drop this necessity with ease. Somebody (sorry I can't remember who or where) posted evidence that proves the physical button press is not technically required for such an action to be engaged. If anybody knows the technicalities of this or can prove it true or false please reply with such info.

Edit I think it was this post I'm referencing.


So really the fact that its technically possible for Ledger to do this - that isn't the real issue (although their communication and prior marketing was abysmal) - any HW wallet can technically access the priv key if firmware demands it. The real issue is that there are a million things that haven't been answered on a technical level in the excruciating detail necessary for anyone to be able to feel good about this.

Yeah, this doesn't sound right. Could you tell us a bit more about how you created your offline wallet, and what you did with the OS before you generated your keys on it? To make sure you are doing it properly, how are you signing those transactions?

Is this a serious question? Do you expect a company that relies on the sale of hardware wallets to tell you not to use hardware wallets because you can get the job done with airgapped cold wallets? Even the marketing geniuses at Ledger wouldn't do that.

They also claim that keys can't leave the SE enclosure without your permission, meaning physical confirmation on your hardware wallet with the button presses. I have no idea if that is true or not, and even if it is, there is no publicly verifiable code for them to back up their words. And finally, even if there is, I wouldn't know how to read it and can only hope that those who know take the time to study it properly. Basically, it's a carrousel of fuckery. 

Ledger Live is open-source and the crypto applications you install on your wallet are open-source. Some of them are created by third-party developers, some by Ledger in-house. The firmware and hardware isn't open source. You have no way of knowing what the software on your hardware wallet does.

Using that same analogy, it would then be even easier to extract keys that aren't protected by a secure element chip. One example is Trezor's unfixable seed extraction vulnerability.

They exposed themselves. All everyone had to do was listen.

This is easily explained - their marketing department doesn't know what the engineering (development) department  does. The marketing department wanted to present this information as an innovation and as a cool feature for users, but it turned out that this contradicts the very concept of device security and previous public statements by past employees of the marketing department. In general, this “paradox” is a demonstration that ledger simply screwed up.

Any company sets itself up for failure the moment it thinks it knows what its customers want. Completely forgetting to ask them about it.


There is nothing more valuable than the trust of your clients and customers. It is necessary to satisfy their needs, and not pursue their hidden mercantile interests.

For some average user who can hardly understand the risks of such a feature, perhaps such a feature is even positive in the sense that they will feel safer if they lose their device or backup. There should be no doubt that it will be a salvation for some users, but the whole thing should not have been done in such a way as to cast doubt on the company's reputation (or what is left of it).

If they already wanted to do that, they could offer a firmware that would enable such an option and one that would not have such an option, or even better, a completely new device. What they managed to do is that I now feel safer having my private keys in Electrum than in their HW.

Ledger uses Secure Element chip. This is the chip that is used in passports and credit cards. Ledger uses Secure Chip to generate and store your private keys. In past, Ledger has said that your private keys never leave the Secure Element chip, that means, it's almost impossible to extract private keys from your wallet. Then they appeared with Ledger Recover news and this is the moment when everyone understood that ledger has been lying about its claims that keys never leave secure chip.
If you read Ledger Recover FAQ, you'll find paradox:
Claim 1 - No access to your private key was made to enable Ledger Recover to work.
Claim 2 - Ledger's Operating System allows access to the private key stored within the Secure Element, but only after you manually approve and confirm it.

My logical question is, how is that? Answer is, Ledger is a liar.

Actually, Ledger thinks that they didn't make a mistake by implementing Ledger Recover. They think that positive side of Ledger Recover will outweigh the negative sides and it's only a matter of time to see the success of this implementation.

/sign.


There was a big drama because of that a few months ago. That is the big disadvantage of closed-source projects like Ledger. 

They always said that there was no way to get the keys. So users could not do more than believe all that. Then in May they introduced a new feature: Ledger Recover.
The feature allows you to share the seed phrase with a cloud provider by storing a backup there. This is all optional but raises many questions, so sensitive data like the mnemonic phrase can be extracted from the ledger - so you have been lied to by Ledger for years.

Absolute no-go and another reason why you should never trust Ledger anymore. They make one fatal mistake after another, proving that nothing beats open source!

Nobody should be using Ledger to begin with.

- Closed-source.
- Their email database was leaked in the past, and phishing emails were sent across the globe.
- They support centralized shitcoins.

Recipe for disaster. Now I'm reading they can access private keys? Is that confirmed? Hopefully not. Otherwise, it is officially the worst piece of Bitcoin hardware you can get.

Ledger is not open source and it wasn't possible to know it was a lie that your seed phrase cannot leave the secure element, that was until they launched the Ledger recovery service, then their lies were exposed as well as many other flaws in the Ledger hardware wallet. Self custodial doesn't automatically mean safe, you have to also make sure the wallet is open source and the code has been widely reviewed, Ledger isn't a recommended hardware wallet and if you have their device, you should switch to other good alternatives.