Topic: Is Nano Ledger S still safe after the data breach? (Read 273 times)

It is good to know that.  However, I was able to transfer it from an exchange which no longer serve US customers to a desktop wallet, and immediately converted the coins to ETHs and sent them to an US exchange.  I did the same for another coins.  I have about 10 altcoins so I haven't completed the transferring process yet.  All the hardship is just because I live in a state which is not supposed for all the US exchanges (ie. bin..ce.us) that support these coins.  It is sad to part away with these coins after almost 4 years and I am not even making money on them yet!

The money is safe, yes. I though about putting the word 'still' before safe, but I changed my mind.

The privacy of many users is fucked though. I found this yesterday:


Source: https://twitter.com/yeolddoc/status/1353139243548364805


To expand on what Lucius said.

For EOS you need to install Fairy-wallet. The link on the Ledger crypto assets page will take you here > https://github.com/tarassh/fairy-wallet/releases/
Your Ledger device will need to interact with the Fairy Wallet for you to send and receive EOS tokens. You need to install the EOS app on your hardware wallet, and the Fairy wallet on your computer.

When you want to receive tokens, the process looks something like this:
You will get a receiving address on Fairy Wallet. Before you send this address to the sender, you need to verify on the screen of your Ledger hardware wallet that the two addresses are the same. There should be a button in Fairy Wallet that says verify address on hardware wallet, or something similar.

When you send EOS, the process is again somewhat similar. You do that through the Fairy Wallet and you have to verify the amounts, addresses, and transaction fees on your hardware wallet. You use the keys stored safely on your hardware wallet to sign and broadcast the transaction.

That's right, although Ledger Live supports a relatively small number of coins, Ledger Nano S/X allows you to safely store a large number of coins/tokens, by using third party wallets. If you visit the link from my previous post and enter the name of any coin, you will get information whether it is supported by Ledger Live, and if not, which wallet you can use as an alternative.

Yes.
 No.
 
It depends on what you mean by associated here. But a private key is not derived from a transaction.
 Yes. There is always a private key in every public key which is where the public address is derived from.
 1. Yes, the app will allow you to manage your coins.
2. Yes, even if you delete the app to make way for another app, you can re-install it later on and still have your funds intact.
 Yes, you can find it under Accounts.
Because, as I've said, your 24-word seed holds everything. It does not mean that since you uninstalled your EOS app from your device, that it doesn't show there anymore, that you cannot manage it anymore, you already have deleted your private keys. Your EOS private keys are still safely stored in your device even if you uninstalled the app. So once you re-install it, you will find that it is still there. And once you input your 24-word seed on another device, it is also restored.
Questions are always encouraged. But complete and more precise information as regards Ledger is always available here: https://support.ledger.com/.

I know a little bit about how Ledgers work, but I have to confess that the paranoid little parakeet that lives on my left shoulder kept whispering that I was in danger.  Sometimes that little bugger just won't shut up--but after asking a question about this in another thread I was reassured that my meager crypto stash is safe.

But man, Ledger really did seem to take a hit to their reputation because of this brouhaha.  They're still my favorite hardware wallet, though I haven't received my opendimes yet.

You can technically do this with just public keys as well (that's how you create a "watching-only" wallet... it has the ability to "look" at the blockchain and find all the transaction history for the public keys that it holds.)

Public keys are derived from Private keys... but it's a one-way process... private key ---> public key... so if all you have is public keys, you can "look" but not "touch"


Correct... all information for all transactions is stored on the blockchain.


Effectively yes... all "wallet" applications are just interfaces for managing private keys, viewing transaction history and signing/broadcasting transactions.


Sort of correct... Your Ledger holds the seed within it's secure element... from this seed, each coin app is able to to ask the secure element to derive it's particular set of private/public keys at will... if you remove a coin app on the device, nothing changes because the your seed is still stored in the secure element... and the transaction data is all contained on the blockchain... and you can't delete that!  

If you re-add the coin app... it's able to ask the secure element to derive exactly the same set of private/public keys... this is why the system is referred to as a "deterministic wallet"... as long as you have the same "seed" (which you can restore from your 24 words if required), you will always be able to generate the same set of private/public keys.

So, if you get another Ledger device (or any other BIP39 device or wallet application) and put the same 24 words in... it will regenerate the same seed... and therefore the same set of private/public keys.

This is the main reason why safely and securely backing up your 24 words is sooooooooo important! Those 24 words effectively allow full access to ALL your funds.

But I can still transfer EOS from other wallet into my account in Ledger, correct?  That is all I need for now.

@ranochigo and @Lucius
Based on the answers you guys provided, am I correct that
- The private keys allow user to extract information (like how many currently owned) from the blockchain and they do not change when when transactions occurred.
- When an transaction happened, the information is saved in the blockchain.
- Ledger Live is just an interface which user can use to see the coin information extracted from the private keys from the blockchains and to be able to manage the coins.
- As long as I have the seed to the private keys, these private keys (and therefore my coins) will not be changed when a specific app is removed.

Thank you all who participated in this thread.

What you need to understand is that the coin/s is always on the blockchain, you only have the information that allows you to control it via private key/s. When you install, say, a BTC app on your Ledger, and then add your BTC account to Ledger Live, you'll have a visual representation of what that account has (balance). Even when you just start Ledger Live without connecting Nano S, you will still see your BTC account and balance - you need BTC app and Nano S only for send coins.


Deleting app/s does not mean in any case that you are wiping your coins, all your coin addresses are derived from a single seed, and as long as you control that seed, you control all his private keys, and you can't delete anything so to speak. Of course you will be able to see every coin you had in case you have to do a recovery.


Ledger Live is not supporting EOS directly, therefore you will need a third party wallet - and you can see all the information on this link -> https://www.ledger.com/supported-crypto-assets

Wallet is not an account. Wallets are just tools for you to spend Bitcoins.
Yes.
No. Your private key never changes.
No. You don't have to specifically connect Ledger to a computer. You can easily create a watch-only wallet by extracting the master public key, I think Ledger allows this and import it into a suitable wallet like Electrum. You only need to know the addresses which can be and will be generated by the seed stored inside your Ledger wallet.

Thank you for your answers, @ranochigo.  Are my understanding of the following correct?

Wallet = account?
The private keys are stored in the Ledger device? 
The private keys are updated when there are transactions occurred? 
One always need to connect the ledger to a computer in order to retrieve the coins ownership information?

So the private keys of all the supported 1000+(?) cryptocurrencies are all somehow embedded in these 24 words?  I would thought that the private key for a coin address is created after user install the coin app and deposited the coin.  I guess Im still a little confused on how private key works.  Isn’t a private key associated to a transaction after an exchange is made?  For example, if I haven’t transferred any BTC into the BTC account, would there be a private key associated to the account?  

Is the function of a coin (ex, BTC) app just to help user to see the specific coin info and to manage the coin?  
If I installed the EOS app and transferred 100 EOS coins to the ledger.  Later, I deleted the app to gain more space back, would the 100 EOS coins still be in my ledger wallet address?  If I reinstall it later on the same device, would I be able to see the 100 EOS coins?  The reason why I’m so concerned about this is because I got a Ledger Nano S which can only hold 3 of coin apps.  I need space for 7 other coins that I need to transfer.

Also, does Ledger Live store the information that my EOS account has 100 coins?  Else, if I use the 24-word phrase to recover my coins to a new ledger device, how would the 100 coins be there?  

I know this is a lot of questions, but please be patient with me.  

Your Ledger device is used to store the seeds. Ledger uses BIP39, a mnemoric standards to convert your seed phrase into a long string of letters called the seed. The wallet uses the seed to derive the private keys using a child key derivation. Wallets do not store your Bitcoins.

Wallets are a way for you to make and sign transactions. They do not contain any Bitcoins. Transferring your seed phrase to another wallet or device merely means that you're transferring your seeds and thus your private keys into another wallet so you can make and sign transactions from there.

Your 24-word seed holds all the private keys of all the addresses of all cryptocurrencies which Ledger supports. That's everything that you need to recover everything you own. So once you input your 24-word seed to a new device for recovery, all the private keys will be restored there.

You need to take note that your private keys are not stored in the Ledger Live app. There is, therefore, no transfer that happens from your Ledger Live to a device.

After reading your posts, I now understand that the private keys are stored in the ledger itself and the company does not store our private keys. 

In such case, how does the recovery function work if one is recovering the coins to a new ledger device by using the 24-word phrases and the user info?  How does Ledger Live able to transfer the private keys to the new device?  Is it being done using some type of encryption conversion?

I did contact them (even though I haven’t installed the Ledger yet) and they got back to me after two weeks with an email that began with this

“ Thanks for your request.

Your request for data information has been transferred to our internal privacy policy team. In accordance with our Privacy Policy and the European General Data Protection Regulation, our data protection team will evaluate your request and get back to you within due delays. In accordance with our Privacy Policy and the European General Data Protection Regulation, our data protection team will evaluate your request and get back to you within due delays (this can take up to 4 weeks to get a response).”

So altogether it may take up to 6 weeks - that is, if they get back to me.  

By the way, what is Electrum?  Does it work the same way as Ledger Live?

Thanks suzanne5223 ,

By the time I  had finally gone to Electrum, I was exhausted from trying to understand what my ledger nano was showing ,my head was ringing.

I did sync Electrum, and I did see several strings of addresses ,I think they were showing zero balance, or "spent "   I forget now, but From what you said ,I think I'll go back and check .

What was in there was worth next to nothing , and I just got it in my head not to give up, trying to figure Ledger live out.
Little did I know several people on here already gave me all the instructions i needed .

I was convinced that I had more than zero balance ,that's why I kept trying different things .

I could even have been mistaken thinking I had a few dollars still in the ledger.

I'm getting that stressed felling just remembering it all .

Any way I'll drop it for a few days , and if BTC stays low I'll check with Electrum and use it from now on, instead of Ledger live .

What I said about Ledger's horrible lack of support , and even worse reviews on Facebook is still something a potential Ledger nano S should checkout first.

Definitely right!

This had nothing to do or does affect Nano's security in talks into their hardware product. The leak or breach is only into those informations but doesnt
included nor necessary on opening someones wallet.Even Ledger itself doesnt have the access just like what been said.
So theres no need to worry on this matter.

same as others i do still trust up this HW.I dont see anything much better than on this one.

Your private keys aren't stored by Ledger, so there's nothing to worry about.

The data Ledger has was only from people who bought in their store and registered on their site. If you bought your device somewhere else your email wasn't leaked.

Even if you registered on their site the hacker has your email now, just like all other online stores do. It's a good idea to use one email for private stuff like your bank account and another for online purchases.

As others mentioned, what was leaked was your name and physical address and email address.

They can't used that info to access your private key, they have to physically have your devices to do that.

As a Nano user, yes, I got the phishing email, but I just ignore it, the problem is that there are Nano users who didn't check the email's authenticity first, that's why they become a victim.

It is impossible, because your private keys are locally stored in your device. This devices never send any information online. Ledger do not have access to your coins.

The data breach was related to addresses, phone numbers, email addresses... a terrible privacy data leak, but not to worry about your coins.
I would still buy a ledger nano.