You repeat the same thing in countless posts as if older members are not already aware of the risks that come with using Ledger - and you also advise buying HW that you most likely don't even own and that costs around $300 outside the US. Keeping Bitcoin "safe" is much more than owning any HW, although some people realize this too late.
Are you feeling not comfortable that I am repeating it? Which means you do not have to read my post because I will continue to repeat it anytime we are discussing about hardware wallet.
Yes, I do not have Passport hardware wallet, but you can give any flaws the hardware wallet has to correct me instead of your pointing towards something not useful.
-snip-The point I took from what Lucius said was how to keep Bitcoin safely stored through any means and not limited to HW or even specific brands.
For example, even when you use a Passport hardware wallet, if you are not careful in storing the seeds, whether you forget where to keep them or, furthermore, someone steals them, then the function of the hardware wallet itself is no longer safe.
I suggest that the use of hardware wallets is not limited to specific brands, but instead, security functions, of course, are adjusted to the user's budget to choose based on their search results.
Each hardware wallet certainly has its advantages and disadvantages. I even have the Nano X and Trezor T to learn more firsthand about both.
Some explanations from Ledger related to the Ledger Connect Kit that was exploited some time ago.
– December 14th, 2023, Ledger experienced an exploit on Ledger Connect Kit, a Javascript library to connect Web sites to wallets.
– The industry collaborated with Ledger to neutralize the exploit and try to freeze stolen funds very quickly – the exploit was effectively running for less than two hours.
– This exploit is currently being investigated, Ledger has filed complaints and will help affected individuals try to recover funds.
– This exploit did not and does not affect the integrity of Ledger hardware or Ledger Live.
– The exploit was limited to third party DApps which use the Ledger Connect Kit.
-snip-
This was an unfortunate isolated incident. It is a reminder that security is not static, and Ledger must continuously improve our security systems and processes. In this area, Ledger will implement stronger security controls, connecting our build pipeline that implements strict software supply chain security to the NPM distribution channel.
It is also a reminder that collectively we need to continue to raise the bar for security around DApps where users will engage in browser-based signing. It was Ledger’s service that was exploited this time, but in the future this could happen to another service or library.
At Ledger, we believe clear signing, as opposed to blind signing, will help mitigate these issues. If the user can see what they sign on a trusted display, unintentionally signing rogue transactions can be avoided.
Ledger devices are open platforms. Ethereum has a plugin system that allows DApps to implement clear signing, and DApps who would like to implement this protection for their users can learn how on developer.ledger.com. In the same way we saw the community come together today, we look forward to your help bringing clear signing to all DApps.
So, using Electrum with Ledger is safe and not affected by the Ledger Connect Kit exploit case.
