Is a ledger nano x still a safe cold storage wallet to use

m2017

legendary

Activity: 1792

Merit: 1296

Playbet.io - Crypto Casino and Sportsbook

Quote from: m2017 on December 16, 2024, 07:41:30 AM

Btw, trezor has a wallet that supports only bitcoin - safe 3 bitcoin-only wallet (I don't know if competitors have similar solutions).

I just found out by chance that it is not necessary to order a wallet specialized for bitcoin.

It turns out that you can convert any (?) Trezor device into one that only BTC-supports. Using a separate firmware that can be installed from the Trezor suit app.

I think it's convenient. You can store crypto-junk on a separate device. If you already have more than 1 trezor's device at hand.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: Lucius on December 14, 2024, 10:39:06 AM

https://x.com/anchor_drops/status/1867384126954979472

I don't know how much truth there is in this and I can't read the comments because I don't have an account - so if anyone has more info, please share.

Investigation shows that he he lent himself to the fishing attack and sent his NFT to the fraudulent address.

Regarding BTC, Ledger officials "assume user error on the BTC side too"

This old story reverberates trough various media these days. ^{what's the drift of all this?}

Meuserna

full member

Activity: 128

Merit: 190

Quote from: Lucius on December 16, 2024, 10:37:15 AM

...considering how popular BTC has become in the last few years, I think the airgapped approach is the only thing that makes sense when it comes to online threats.

I agree completely. Krux and SeedSigner make using an airgapped wallet easy. And with Krux, you have the added benefit of being able to encrypt your seed QR, which means even if somebody finds it they can't scan it.

I'm 99.999999% sure this latest Ledger claim is bogus, and it's terrible because as it's proven to be a lie, it encourages people to think all claims of Ledger being hacked are lies.

Eventually, I do expect Ledger's key extraction scheme to get hacked and wallets will be drained. It's only a question of when. But lies like this bogus claim of a hack encourage people to let their guard down, which is dangerous.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

@m2017, when multicurrency HW became popular, there was discussion about how risks could arise in the form of different attack vectors, given that it would be possible to exploit various vulnerabilities arising from all of these protocols. But back then, the main topic was the price of the hardware, because 6-7 years ago, even $100 for such a device was not something that some people considered justified - let alone someone thinking about having HW for BTC and another one for altcoins.

However, I assume that most (or even all) HW can enable several different accounts that can be protected with a passphrase, and I assume that such a setup can protect users from what happened to the person who lost 10 BTC and some other altcoins.

Yes, Trezor is much more advanced than Ledger in this regard, and I don't know if any other HW has something similar - although considering how popular BTC has become in the last few years, I think the airgapped approach is the only thing that makes sense when it comes to online threats.

m2017

legendary

Activity: 1792

Merit: 1296

Playbet.io - Crypto Casino and Sportsbook

Quote from: Lucius on December 16, 2024, 06:04:48 AM

Thanks for the research, now some things are a little clearer - this is one in a series of stories that confirms that people are the weakest link in the security chain. This is one of the reasons why those who have a lot of BTC should have HW just for BTC - because this shows that it is somehow possible to empty all wallets if you connected the device to an app that was actually a phishing link.

Maybe everyone who did something similar should take action to protect their coins - because it's obvious that some people threw the hook a few years ago and are now catching big fish.

Then it turns out that the multicurrency of hardware wallets is more of a minus than a plus, and a separate device should be used for each cryptocurrency. And here the small memory capacity of the old nano s starts to look like a very good advantage.

One device for bitcoin, another for etherium (+tokens), and so on. And shitcoins can be stored on a separate one. Btw, trezor has a wallet that supports only bitcoin - safe 3 bitcoin-only wallet (I don't know if competitors have similar solutions).

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: DYING_S0UL on December 15, 2024, 10:51:55 AM

~snip~
Got these while looking at the comments! Seems like he did connect somewhere in which he can't remember! Not sure though! I have to look further for more answers!

Thanks for the research, now some things are a little clearer - this is one in a series of stories that confirms that people are the weakest link in the security chain. This is one of the reasons why those who have a lot of BTC should have HW just for BTC - because this shows that it is somehow possible to empty all wallets if you connected the device to an app that was actually a phishing link.

Maybe everyone who did something similar should take action to protect their coins - because it's obvious that some people threw the hook a few years ago and are now catching big fish.

examplens

legendary

Activity: 3472

Merit: 3507

Crypto Swap Exchange

Quote from: DYING_S0UL on December 15, 2024, 10:51:55 AM

Got these while looking at the comments! Seems like he did connect somewhere in which he can't remember! Not sure though! I have to look further for more answers!

Recently, there was a similar accusation in a scam accusation, the user connected the Ledger to a phishing site and lost some tokens. Most often it is the user's fault, I guess everyone is relaxed because the hardware wallet is "safe". Ledger hacked!!!
A large part of the blame lies with Ledger itself because they completely violated the trust and the doubt about the security of its products is great.

DYING_S0UL

sr. member

Activity: 322

Merit: 318

The Alliance Of Bitcointalk Translators - ENG>BAN

Quote from: Lucius on December 14, 2024, 10:39:06 AM

https://x.com/anchor_drops/status/1867384126954979472

I don't know how much truth there is in this and I can't read the comments because I don't have an account - so if anyone has more info, please share.

Got these while looking at the comments! Seems like he did connect somewhere in which he can't remember! Not sure though! I have to look further for more answers!

Eternad

hero member

Activity: 1400

Merit: 623

Quote from: Lucius on December 14, 2024, 10:39:06 AM

https://x.com/anchor_drops/status/1867384126954979472

I don't know how much truth there is in this and I can't read the comments because I don't have an account - so if anyone has more info, please share.

I still have my ledger containing a decent amount of Bitcoin but not that huge close to the 10BTC of the poster. I don’t find anything strange on wallet since I’m monitoring it on daily basis.

Most of these NFT holders and shitcoins investors usually do crazy stuff like connecting their wallets on different web3 websites.

I’m still confident on my ledger unless multiple issue arise with same concern.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

https://x.com/anchor_drops/status/1867384126954979472

I don't know how much truth there is in this and I can't read the comments because I don't have an account - so if anyone has more info, please share.

Saint-loup

legendary

Activity: 2604

Merit: 2353

How do you know that precisely? I have a Trezor personnally but I would never assume they are unable to get the seed from their own product by any mean, or they will never be able to do it (or any hacker will never find a way to do it). If a wallet is connected to an online device you can't be 100% confident anymore in its total safety IMO. That's why I think the largest or critical part of our funds shouldn't be held into a connected HW. A multisig wallet with a HW and another device(a HW from another company for example) is safer IMO

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: m2017 on October 27, 2024, 08:12:58 AM

Quote from: Meuserna on October 26, 2024, 03:20:34 PM

Ledger is not safe.

There is no direct evidence of this. From a technical point of view, HW ledger is reliable and hacking from the outside is almost impossible (no one has succeeded so far, of course, with an allowance for Salim Rashid

). Another point is Ledger itself, which is accused (again, without direct evidence) of possibly having access to user's seed phrases.
~snip~

If someone wants to live by that belief, I have nothing against it, everyone takes risks on their own - but the fact is that Ledger has something that no HW wallet should have, and that is the ability to extract the seed and share it with third parties. The mere existence of such a feature automatically means that it can be abused at any time to the detriment of those who use the recovery option, but also of all those who think they have to give consent and pay for something like that.

They have created a "door" where there shouldn't be one, now the only question is if and when someone will manage to open that door with malicious intent.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: Pmalek on November 26, 2024, 04:14:15 AM

Quote from: satscraper on November 26, 2024, 03:13:24 AM

Probably he meant that watch-only wallet could be compromised to the extend of building transactions with SIGHASH_NONE flag ^{which requires to sign all inputs and no outputs ^{thus making it's destinations vulnerable}} or transactions with non-spendable OP_RETURN output^{instead of change} and providing such transactions for signing to HW.

That's a complex scenario.

Not really in fact.

To prevent this scenario user has to use relevant HW like Passport 2 which is not capable to sign trx with SIGHASH_NONE flag and ^{at same time} implements "native OP_RETURN message viewing and signing". I'm not sure about ledger's devices ^{it seems to me they are still capable to sign such dangerous transactions without any warning to user.}

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: satscraper on November 26, 2024, 03:13:24 AM

Probably he meant that watch-only wallet could be compromised to the extend of building transactions with SIGHASH_NONE flag ^{which requires to sign all inputs and no outputs ^{thus making it's destinations vulnerable}} or transactions with non-spendable OP_RETURN output^{instead of change} and providing such transactions for signing to HW.

That's a complex scenario. I am not sure what needs to happen for something like that to occur. The usual warnings and advice apply: Keep the computers/phones where you handle bitcoin transactions clean, stick to well-tested and secure wallets, check and then double-check everything you do before signing and broadcasting transactions. That will be enough for most. Sadly, many people don't know what healthy online habits are and that gets them in problems, not just with bitcoin and crypto.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: Pmalek on November 03, 2024, 03:36:41 AM

Quote from: ? on October 26, 2024, 10:07:39 AM

Have been trying to figure out how to set up the jade with sparrow wallet with a watch only wallet put just watched a video that says if you set up the watch only wallet the wallet could be compromised so it’s starting to scare me if I set it up wrong

Again, there shouldn't be anything to compromise. What videos claim that watch-only wallets can be compromsed?

Probably he meant that watch-only wallet could be compromised to the extend of building transactions with SIGHASH_NONE flag ^{which requires to sign all inputs and no outputs ^{thus making it's destinations vulnerable}} or transactions with non-spendable OP_RETURN output^{instead of change} and providing such transactions for signing to HW.

Pmalek

legendary

Activity: 2730

Merit: 7065

It comes down to this. Ledger keeps secrets. Ledger lies. Ledger's security practices are dubious, with ex-employees still having access to company data and accounts. Or they don't and Ledger lied again. No one can inspect and verify anything Ledger says. You will have to decide for yourself if this is a brand that inspires trust and reliability.

Quote from: ? on October 26, 2024, 10:07:39 AM

Hi charles, I have a jade which I set up with nunchuck wallet airgapped but I have heard people saying not to use nunchuck because it also has a back up inheritance plan option which could be compromised.

If you paired the wallets properly, there is nothing in your Nunchuk wallet which can cause you to lose your bitcoin. Your Nunchuk wallet holds your master public key and can create addresses. There are no private keys in it. Worse case scenario, your privacy gets negatively affected. You remain safe from having your crypto stolen, though.

Regarding the inheritance plan, something you don't use can't leak. I am not worried about my naked photos in thongs and high heels finding their way to the internet because there are no such images of me. Wink

Quote from: ? on October 26, 2024, 10:07:39 AM

Have been trying to figure out how to set up the jade with sparrow wallet with a watch only wallet put just watched a video that says if you set up the watch only wallet the wallet could be compromised so it’s starting to scare me if I set it up wrong

Again, there shouldn't be anything to compromise. What videos claim that watch-only wallets can be compromsed?

The Sceptical Chymist

legendary

Activity: 3556

Merit: 7011

Top Crypto Casino

Quote from: ? on October 26, 2024, 10:32:13 AM

Listen, I really recommend sticking with your Ledger Nano X if you're using it; it's a solid hardware wallet.

Unfortunately the company are lying scumbags who outed themselves when they rolled out their Recover service, thereby telling the world they basically have access to the private keys of (if I'm not mistaken) every Ledger device except the Nano S--which dkbit98 mentioned in a roundabout way. I used to be a fan of theirs and now I'm soured on hardware wallets altogether thanks to them, the cunts.

OP, if you have to use a HW wallet, listen to members who suggest those with open-source code and not those who recommend Ledger devices--at least if you care about your privacy, that is.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: ? on October 26, 2024, 09:30:26 AM

Is ledger nano x hardware wallet still a safe wallet to use

No, it's not.
They are still using closed source firmware, and that ledger X crap have so much problem that I would never use it for anything.
If you want to read more about that you can visit Ledger nan0 X Circus show topic:
https://bitcointalksearch.org/topic/ledger-nano-x-battery-pandemic-5358741

There are plenty of solid open source alternative hardware wallets you can use instead:
https://bitcointalksearch.org/topic/list-open-source-hardware-wallets-5288971

Quote from: Meuserna on October 26, 2024, 03:20:34 PM

You can't. No one can prove what Ledger's code can or can't do, since Ledger's code isn't open for you or anyone else to fully review.

Ledger developers can prove this by simply opening the code for everyone to see, or at least making it source available, but they won't do it.
Not to mention their new ''feature'' of exporting and sending keys to different third parties, and multiple security incidents and leaks of customer information.

m2017

legendary

Activity: 1792

Merit: 1296

Playbet.io - Crypto Casino and Sportsbook

Quote from: Meuserna on October 26, 2024, 03:20:34 PM

Ledger is not safe.

There is no direct evidence of this. From a technical point of view, HW ledger is reliable and hacking from the outside is almost impossible (no one has succeeded so far, of course, with an allowance for Salim Rashid

). Another point is Ledger itself, which is accused (again, without direct evidence) of possibly having access to user's seed phrases.

What we get as a result: there have been no facts about the theft of crypto by Ledger so far, but this doesn't mean that in the future this will not happen (or will happen).

I would say that this is more a question of trust in this company (which in the past had unpleasant incidents and lied to its clients).

Meuserna

full member

Activity: 128

Merit: 190

Quote from: ImThour on October 26, 2024, 09:55:22 AM

Nothing to worry as it doesn't connect to the internet at the time of making a new wallet and it's offline process.

Prove it.

You can't. No one can prove what Ledger's code can or can't do, since Ledger's code isn't open for you or anyone else to fully review.

Ledger added key extraction code to the firmware for their devices, and Ledger is selling that as a feature called Ledger Recover. Key extraction means Ledger and/or their partner companies (let THAT sink in!) or anyone who hacks their code has the ability to extract the keys from your device, over the internet.

Ledger is not safe.

Period.

It's probably fine for storing small amounts, but you should not use it to secure anything you'd be upset about losing.

The only safe use for a Ledger hardware wallet is as a decoy.

Topic: Is a ledger nano x still a safe cold storage wallet to use (Read 305 times)