Is a ledger nano x still a safe cold storage wallet to use

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: m2017 on October 27, 2024, 08:12:58 AM

Quote from: Meuserna on October 26, 2024, 03:20:34 PM

Ledger is not safe.

There is no direct evidence of this. From a technical point of view, HW ledger is reliable and hacking from the outside is almost impossible (no one has succeeded so far, of course, with an allowance for Salim Rashid

). Another point is Ledger itself, which is accused (again, without direct evidence) of possibly having access to user's seed phrases.
~snip~

If someone wants to live by that belief, I have nothing against it, everyone takes risks on their own - but the fact is that Ledger has something that no HW wallet should have, and that is the ability to extract the seed and share it with third parties. The mere existence of such a feature automatically means that it can be abused at any time to the detriment of those who use the recovery option, but also of all those who think they have to give consent and pay for something like that.

They have created a "door" where there shouldn't be one, now the only question is if and when someone will manage to open that door with malicious intent.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: Pmalek on Today at 04:14:15 AM

Quote from: satscraper on Today at 03:13:24 AM

Probably he meant that watch-only wallet could be compromised to the extend of building transactions with SIGHASH_NONE flag ^{which requires to sign all inputs and no outputs ^{thus making it's destinations vulnerable}} or transactions with non-spendable OP_RETURN output^{instead of change} and providing such transactions for signing to HW.

That's a complex scenario.

Not really in fact.

To prevent this scenario user has to use relevant HW like Passport 2 which is not capable to sign trx with SIGHASH_NONE flag and ^{at same time} implements "native OP_RETURN message viewing and signing". I'm not sure about ledger's devices ^{it seems to me they are still capable to sign such dangerous transactions without any warning to user.}

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: satscraper on Today at 03:13:24 AM

Probably he meant that watch-only wallet could be compromised to the extend of building transactions with SIGHASH_NONE flag ^{which requires to sign all inputs and no outputs ^{thus making it's destinations vulnerable}} or transactions with non-spendable OP_RETURN output^{instead of change} and providing such transactions for signing to HW.

That's a complex scenario. I am not sure what needs to happen for something like that to occur. The usual warnings and advice apply: Keep the computers/phones where you handle bitcoin transactions clean, stick to well-tested and secure wallets, check and then double-check everything you do before signing and broadcasting transactions. That will be enough for most. Sadly, many people don't know what healthy online habits are and that gets them in problems, not just with bitcoin and crypto.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: Pmalek on November 03, 2024, 03:36:41 AM

Quote from: ? on October 26, 2024, 10:07:39 AM

Have been trying to figure out how to set up the jade with sparrow wallet with a watch only wallet put just watched a video that says if you set up the watch only wallet the wallet could be compromised so it’s starting to scare me if I set it up wrong

Again, there shouldn't be anything to compromise. What videos claim that watch-only wallets can be compromsed?

Probably he meant that watch-only wallet could be compromised to the extend of building transactions with SIGHASH_NONE flag ^{which requires to sign all inputs and no outputs ^{thus making it's destinations vulnerable}} or transactions with non-spendable OP_RETURN output^{instead of change} and providing such transactions for signing to HW.

Pmalek

legendary

Activity: 2730

Merit: 7065

It comes down to this. Ledger keeps secrets. Ledger lies. Ledger's security practices are dubious, with ex-employees still having access to company data and accounts. Or they don't and Ledger lied again. No one can inspect and verify anything Ledger says. You will have to decide for yourself if this is a brand that inspires trust and reliability.

Quote from: ? on October 26, 2024, 10:07:39 AM

Hi charles, I have a jade which I set up with nunchuck wallet airgapped but I have heard people saying not to use nunchuck because it also has a back up inheritance plan option which could be compromised.

If you paired the wallets properly, there is nothing in your Nunchuk wallet which can cause you to lose your bitcoin. Your Nunchuk wallet holds your master public key and can create addresses. There are no private keys in it. Worse case scenario, your privacy gets negatively affected. You remain safe from having your crypto stolen, though.

Regarding the inheritance plan, something you don't use can't leak. I am not worried about my naked photos in thongs and high heels finding their way to the internet because there are no such images of me. Wink

Quote from: ? on October 26, 2024, 10:07:39 AM

Have been trying to figure out how to set up the jade with sparrow wallet with a watch only wallet put just watched a video that says if you set up the watch only wallet the wallet could be compromised so it’s starting to scare me if I set it up wrong

Again, there shouldn't be anything to compromise. What videos claim that watch-only wallets can be compromsed?

The Sceptical Chymist

legendary

Activity: 3528

Merit: 7005

Top Crypto Casino

Quote from: ? on October 26, 2024, 10:32:13 AM

Listen, I really recommend sticking with your Ledger Nano X if you're using it; it's a solid hardware wallet.

Unfortunately the company are lying scumbags who outed themselves when they rolled out their Recover service, thereby telling the world they basically have access to the private keys of (if I'm not mistaken) every Ledger device except the Nano S--which dkbit98 mentioned in a roundabout way. I used to be a fan of theirs and now I'm soured on hardware wallets altogether thanks to them, the cunts.

OP, if you have to use a HW wallet, listen to members who suggest those with open-source code and not those who recommend Ledger devices--at least if you care about your privacy, that is.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: ? on October 26, 2024, 09:30:26 AM

Is ledger nano x hardware wallet still a safe wallet to use

No, it's not.
They are still using closed source firmware, and that ledger X crap have so much problem that I would never use it for anything.
If you want to read more about that you can visit Ledger nan0 X Circus show topic:
https://bitcointalksearch.org/topic/ledger-nano-x-battery-pandemic-5358741

There are plenty of solid open source alternative hardware wallets you can use instead:
https://bitcointalksearch.org/topic/list-open-source-hardware-wallets-5288971

Quote from: Meuserna on October 26, 2024, 03:20:34 PM

You can't. No one can prove what Ledger's code can or can't do, since Ledger's code isn't open for you or anyone else to fully review.

Ledger developers can prove this by simply opening the code for everyone to see, or at least making it source available, but they won't do it.
Not to mention their new ''feature'' of exporting and sending keys to different third parties, and multiple security incidents and leaks of customer information.

m2017

legendary

Activity: 1792

Merit: 1296

Crypto Casino and Sportsbook

Quote from: Meuserna on October 26, 2024, 03:20:34 PM

Ledger is not safe.

There is no direct evidence of this. From a technical point of view, HW ledger is reliable and hacking from the outside is almost impossible (no one has succeeded so far, of course, with an allowance for Salim Rashid

). Another point is Ledger itself, which is accused (again, without direct evidence) of possibly having access to user's seed phrases.

What we get as a result: there have been no facts about the theft of crypto by Ledger so far, but this doesn't mean that in the future this will not happen (or will happen).

I would say that this is more a question of trust in this company (which in the past had unpleasant incidents and lied to its clients).

Meuserna

full member

Activity: 128

Merit: 190

Quote from: ImThour on October 26, 2024, 09:55:22 AM

Nothing to worry as it doesn't connect to the internet at the time of making a new wallet and it's offline process.

Prove it.

You can't. No one can prove what Ledger's code can or can't do, since Ledger's code isn't open for you or anyone else to fully review.

Ledger added key extraction code to the firmware for their devices, and Ledger is selling that as a feature called Ledger Recover. Key extraction means Ledger and/or their partner companies (let THAT sink in!) or anyone who hacks their code has the ability to extract the keys from your device, over the internet.

Ledger is not safe.

Period.

It's probably fine for storing small amounts, but you should not use it to secure anything you'd be upset about losing.

The only safe use for a Ledger hardware wallet is as a decoy.

?

Activity: -

Merit: -

Thanks for the slide I was just confused as I thought that’s the whole reason people were upset with ledger that there was an option for the seed to be backed up so even if you didn’t agree to the back up there was still a way for there to be. So I thought nunchuck also having that option may be the same like I said I’m not that tech savvy so don’t want to stuff it up cheers 👍

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Quote from: ImThour on October 26, 2024, 09:55:22 AM

You can also look for Trezor, I think it's open source if I am not wrong.

Trezor is open source. The hardware wallet company continue to be open source when they begin to create wallets that have secure element, unlike Ledger Nano wallets that their secure elemens are close source. If he has Jade, I will still prefer it because it is airgapped which is one of the reasons I am recommending Foundation Passport.

Quote from: ? on October 26, 2024, 10:07:39 AM

Hi charles, I have a jade which I set up with nunchuck wallet airgapped but I have heard people saying not to use nunchuck because it also has a back up inheritance plan option which could be compromised.

I have tested how Nunchuck wallet is before. I have posted before in one of your trades that the inheritance is not for single signature wallet but for multisig.

I have also posted that you can connect other wallet with Jade. Not necessary to use Nunchuck. This is the third time I posted this image on another of your post. This is the image:

https://help.blockstream.com/hc/en-us/articles/9601453403801-Download-a-companion-app-for-Jade

You can connect any of the listed wallets in the image above with Jade.

One of the advantages of airgapped wallet is that you are completely sure that your seed phrase and private keys are not connected online. You have the option to use QR code for making transaction.

?

Activity: -

Merit: -

Quote from: ? on October 26, 2024, 09:30:26 AM

Is ledger nano x hardware wallet still a safe wallet to use

Listen, I really recommend sticking with your Ledger Nano X if you're using it; it's a solid hardware wallet. Just make sure to keep your recovery phrase stored safely—that’s super important. Also, remember to update your device regularly to benefit from the latest security features. Be cautious of phishing attempts; always check links before clicking on them. Avoid connecting it to public computers or unsecured Wi-Fi networks. If you follow these tips, you can confidently use it to manage your cryptocurrencies

?

Activity: -

Merit: -

Hi charles, I have a jade which I set up with nunchuck wallet airgapped but I have heard people saying not to use nunchuck because it also has a back up inheritance plan option which could be compromised. Have been trying to figure out how to set up the jade with sparrow wallet with a watch only wallet put just watched a video that says if you set up the watch only wallet the wallet could be compromised so it’s starting to scare me if I set it up wrong

ImThour

copper member

Activity: 1470

Merit: 1609

Bitcoin Bottom was at $15.4k

I have used Ledger before and I do not think why you would not consider it safe, it's a hardware wallet and it's pretty okay if you keep your secret phase actually secret.
Nothing to worry as it doesn't connect to the internet at the time of making a new wallet and it's offline process. You can also look for Trezor, I think it's open source if I am not wrong.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

I thought you bought Jade which is far better.

If possible you do not share your seed phrase with those third parties that Ledger gave as an option to backup your seed phrase. Provided if you have it and not yet ready to buy a good hardware wallet.

I thought hardware wallet should be an offline wallet. How is the wallet offline when it is sharing people's seed phrase with third parties online. It is not an offline wallet and I can not recommend it.

If you want to get yourself a hardware wallet, stay away from Ledger Nano wallets.

?

Activity: -

Merit: -

Is ledger nano x hardware wallet still a safe wallet to use

Topic: Is a ledger nano x still a safe cold storage wallet to use (Read 153 times)