Author

Topic: Ledger hardware wallet offering custody for seed backups (Read 398 times)

legendary
Activity: 2114
Merit: 1403
Disobey.
I made a post about this in the HW wallet section right after Ledger made this announcement, and since then I've learned a lot more about what kind of clusterfuck this really is and how dangerous Ledger products are for people who value not only their privacy but security.  Needless to say, I'm no longer going to put up even a feeble defense for any of their actions as I used to do. 

They fucked all of their current customers who likely didn't buy the device they thought they did, i.e., one from which the private keys couldn't be extracted without the owner's consent.  Now that they've disclosed that it can be done, I think they've also fucked themselves as a company--but time will tell.  One thing is for sure: I'm going to be following this drama very closely.

My personal suspicion is that Ledger is being pressured by government agencies to implement this service, or at least to announce that key exfiltration is possible so as to circumvent whatever illegal surveillance law they'd be violating if they got Ledger to seize users' funds for whatever reason.  I didn't come up with that theory, of course, but I believe it fully.
Tbh, I would be suprised if this actually damages their company in the long run.
Just think about what happens to trust towards CEXes after another big one goes down: Short dent, people look for alternatives (DEXes, storing their corns locally etc.) and after a while the majority is back using CEXes.
So yeah, for some period of time it will leave a mark, then a new generation of hardware-wallet-users comes along and everything is back to usual business.
I hope I am wrong, but not too optimistic.

That being said, regarding the real reason why Ledger does this shit... Maybe government pressure, maybe some inside folks are already working for the government, maybe some CEO is best-buddy with an intelligence-exec... who knows.

What I personally hope to see are many more open-source hardware wallet solutions, where some of them manage to become the new industry standards.
legendary
Activity: 1722
Merit: 2213
My personal suspicion is that Ledger is being pressured by government agencies to implement this service, or at least to announce that key exfiltration is possible so as to circumvent whatever illegal surveillance law they'd be violating if they got Ledger to seize users' funds for whatever reason.  I didn't come up with that theory, of course, but I believe it fully.

Have also started considering this, especially after they acknowledged that the seed phrase could be subpoenaed. At first I thought it was simply a new revenue stream, as $10 p/m for say thousands of users is a reasonable income, better than say $60 / $140 irregularly per device I imagine. It's a consistent revenue stream at least, probably more profitable than bear market purchases if I had to guess.

But if US government suddenly decided that it's no longer legal to offer physical wallets without the ability to access seed phrases, then Ledger would likely be the first target to comply. We'll know soon enough if other hardware providers such as Trezor follow suit, otherwise this theory is unlikely to be true, and instead just remains a strange decision by Ledger for "on-boarding" more users (who are scared of self-custody).
legendary
Activity: 3528
Merit: 7005
Top Crypto Casino
I made a post about this in the HW wallet section right after Ledger made this announcement, and since then I've learned a lot more about what kind of clusterfuck this really is and how dangerous Ledger products are for people who value not only their privacy but security.  Needless to say, I'm no longer going to put up even a feeble defense for any of their actions as I used to do. 

They fucked all of their current customers who likely didn't buy the device they thought they did, i.e., one from which the private keys couldn't be extracted without the owner's consent.  Now that they've disclosed that it can be done, I think they've also fucked themselves as a company--but time will tell.  One thing is for sure: I'm going to be following this drama very closely.

My personal suspicion is that Ledger is being pressured by government agencies to implement this service, or at least to announce that key exfiltration is possible so as to circumvent whatever illegal surveillance law they'd be violating if they got Ledger to seize users' funds for whatever reason.  I didn't come up with that theory, of course, but I believe it fully.
member
Activity: 202
Merit: 22
If it's true, you should take extra precautions with your Bitcoin wallets because your Bitcoin will now only be protected by the honesty of the wallet you're using. And it would unquestionably demonstrate that many alleged hacks in the past when Bitcoins were taken may not have actually been stolen but rather were the result of wallet fraud.

This is very true and there should be a topic dedicated to this. An investigation into this.
How many people inside the Ledger company knew that the seed phrase never really was a secret to the owner? I wonder.
The people who developed this technology must be perfectly capable of stealing from account holders and making it look like a hack.
member
Activity: 202
Merit: 22
Feel free to tell me if this is stupid. But within a decade I believe that any hardware wallet will need to be replaced. Because they device is somehow damaged or because government regulation does not allow people to continue with the original device (updates needed in order to trade..) And when that replacement happens, I don't think there will be any legal way to store crypto without government knowing exactly what we own.

And that was the whole point of BTC. I believe in the technology even though I am not tech savvy.
I believe in it because after its launch in 2009, no government found out who Satoshi Nakamoto is and nobody could stop the technology.

But they can stop the wallets by regulating their developers.
And they can attack the exchanges with harsh regulation and KYC.

Before the Ledger situation I was convinced to invest a significant portion or my savings into BTC as a hedge against inflation, a safe haven.
After the Ledger situation, I no longer believe there is a safe haven. Who knows which backdoors their competitors have left open without the public knowing.



jr. member
Activity: 56
Merit: 26
Oh, but is this surprising? They’ve been hacked, they were spending large amount of money to place their products in rap music videos, then they f-ed up so many other times and now this. Ledger is just a joke man, they’ve created the perfect device for shitcoins and this is the only thing they’re good at.

It wouldn’t surprise me at all if it was already possible to extract the seed even without the update. They’re a very suspicious company to me and they don’t deserve the recognition they’re getting. Fortunately we aren’t as dumb as they think but unfortunately people’ll continue buying their products due to how many shitcoins they support..
legendary
Activity: 2114
Merit: 1403
Disobey.
https://www.youtube.com/watch?v=9scIevuymZM

Andreas Antonopoulos is live just now discussing the ledger f-up.

So far his stance is pretty clear and I am happy to see there is spotlight on all the potential problems a closed-source centralized company such as Ledger poses.
Especially after they have been caught lying about fundamental features of their security-chip on their hardware wallets.
full member
Activity: 602
Merit: 129
We initially believed that Bitcoin offered total privacy and anonymity, but later learned that what we believed to be untraceable was actually traceable. I've always questioned whether wallets could honestly claim they did not know your seed phrase when it comes to the seed phrase issue. Even though this is the first I've heard of it, Ledger was giving me headaches before I even read this because of the ordinal consideration. If it's true, you should take extra precautions with your Bitcoin wallets because your Bitcoin will now only be protected by the honesty of the wallet you're using. And it would unquestionably demonstrate that many alleged hacks in the past when Bitcoins were taken may not have actually been stolen but rather were the result of wallet fraud.



legendary
Activity: 2114
Merit: 1403
Disobey.
Ledger has a nice track-record of fuck-ups, imho. First they just stopped support for their older hardware wallets. Such as Ledger HW (1) and Ledger Nano (1).
Then they managed to leak their customer database including email, clear name, address etc.

Now openly admitting to lying in regards of the possibility for private-key extraction from their security chip seems like the logical next step. Disgusting but not surprising.
https://www.binance.com/en/feed/post/539103

Quote
"The original tweet from Ledger customer service stated, “Technically speaking, it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.”
And:
Quote
"Critics shared an alleged Ledger post from November that stated, “A firmware update cannot extract the private keys from the Secure Element,” implying that the company contradicted itself."
legendary
Activity: 3808
Merit: 1723
Someone asked on Reddit what would happen if some government sent a subpoena to Ledger and asked for a seed of a user, and they basically stated that they would have to provide it to the government. They are basically digging themselves in a larger and larger hole and don’t think they will survive as a company after this incident.

They really should of at least hired some PR instead of having all these amateur responses all over social media. And they definitely shouldn’t of started this recovery program. Most people wouldn’t be ok with it given with how easy it is to get your funds stolen.
legendary
Activity: 2716
Merit: 1855
Rollbit.com | #1 Solana Casino
The same viewpoint! How could we truly trust a company that's suffered a breach before? It's just fair warning for users to be careful, because what Ledger has technically done, is they backdoored their devices. Plus I will say it again like a broken record, "How can we really verify that their ability to backdoor isn't already there"?

But you're also right. Everyone is making the issue bigger than what it is. Anyone who doesn't like Ledger's update should buy a Trezor.
Even users have lost trust in Ledger. Wallet hardware does not really protect when Phrase can be extracted from the device and this is like a wide backdoor that can be an easy gap for hackers to take advantage of.

They even used the help of a third party, Coincover, to do identity verification so that they could easily restore Phrase using their own identity.

This is also an issue of privacy, users have to give up their personal data to use recover.
No more Ledge Non-Custodial, no more Ledger for the best wallet Security.
We no longer have full control, and now starting to leave Ledger and move to Trezor is the right choice.
legendary
Activity: 2898
Merit: 1823
People are making a huge deal about something that is not nearly as big as it is being sold to the misinformed. This added recovery feature, come as a subscription option and you have to pay for that, so not a lot of people are going to opt-in for that extra feature.

We know Ledger were hacked a few years ago.... and a lot of people's information were stolen.. then criminals used that data to launch targeted Phishing attacks on those clients.... so why will people trust them now?  Roll Eyes


The same viewpoint! How could we truly trust a company that's suffered a breach before? It's just fair warning for users to be careful, because what Ledger has technically done, is they backdoored their devices. Plus I will say it again like a broken record, "How can we really verify that their ability to backdoor isn't already there"?

But you're also right. Everyone is making the issue bigger than what it is. Anyone who doesn't like Ledger's update should buy a Trezor.
hero member
Activity: 994
Merit: 1089
At the moment it only affects those who have a ledger nano x and you also have to opt into it.

If you do not have a nano x and don't opt into it then I would worry too much about it for now.
Ledger is no longer a recommended hardware wallet only because this option is available, it doesn't matter if you have to have to opt into it or not, the option is terribly flawed, and a bad option that should not be available, because people with bad operational security may opt into it and lose their funds in the future. E.G there are software wallets like coinbase wallet that gives their users the option to back up seed phrase to cloud, and that is one of the many reasons why this wallet isn't recommended.
hero member
Activity: 1316
Merit: 787
Rollbit - The #1 Solana Casino
What if crypto gets banned or makes huge lawsuit for LEDGER and government intercepts these companies assets and gets all the assets. Gold was confiscated too, who knows what happens in future.
Those of us who act as asset owners who store in hardware wallets only need to store seed phrases as securely as possible. What is it for, to ensure that one day we can recover assets to another hardware wallet.
Isn't it that Bitcoin asset owners who store in Ledger can still ignore the Recover feature.

Also what if btc you own is from some illegal activity? FBI or other agency will come and Ledger will have to cooperate, like all companies have to cooperate with law enforcement. Will be bye bye your holdings and will be tied to your identity.

I think move away as quick as possible and never look back to it.
IMO, thinking as fast as possible can sometimes be useful and sometimes not. But the over-concern about Bitcoin because of this problem in my opinion needs to slow down a bit to be able to compartmentalize the problem.
member
Activity: 854
Merit: 30
At the moment it only affects those who have a ledger nano x and you also have to opt into it.

If you do not have a nano x and don't opt into it then I would worry too much about it for now.



How do you know that? Because Ledger said so?

Well yes that is what they say it is exclusively for nano x.

It is not good news for anyone holding a ledger but I wouldn't stress about it too much just yet.

newbie
Activity: 5
Merit: 0
At the moment it only affects those who have a ledger nano x and you also have to opt into it.

If you do not have a nano x and don't opt into it then I would worry too much about it for now.



How do you know that? Because Ledger said so?
member
Activity: 854
Merit: 30
At the moment it only affects those who have a ledger nano x and you also have to opt into it.

If you do not have a nano x and don't opt into it then I would worry too much about it for now.

hero member
Activity: 994
Merit: 1089
- Prison sentences for known holders of BTC. There are many varieties to this. For example my EU citizens now have to declare BTC holdings on their tax declaration forms. Not declaring this could have prison sentence as a consequence in the future. Or confiscation of other assets
I don't live in the EU and i don't know about their tax laws, but i know governments cannot sanction, confiscate assets or require information from users who trade on decentralized platforms and use self custody wallets. Centralized exchanges and services are data farms, and the government can require any information from them or from their users or confiscate assets kept in them.
- Taking down exchanges (lawsuits against Binance and Coinbase now happening)
Governments don't have to "track" centralized exchanges, they comply with them, the charges you read against Binance and a few others is because of how shady they are and how they want to make profit at all cost.
- Attacking hardware wallet companies. We all thought this was impossible. Now we witness that it is not.
I don't think the issue with Ledger has anything to do with the government attacking them, this was their decision because they want to make money or because they have forgotten the basic operational security of BTC assets, both Ledger and Trezor are now bad recommendations, there are better alternatives, or just set up your own air-gapped or cold storage wallet.
newbie
Activity: 5
Merit: 0
The thing is, its not open source and nobody knows if getting the costumer seed will be available from the firmware update when it comes out or our seeds is already in ledger company possession for years.
I dont think people who will keep using ledger are smart people.
What if crypto gets banned or makes huge lawsuit for LEDGER and government intercepts these companies assets and gets all the assets. Gold was confiscated too, who knows what happens in future.
Also what if btc you own is from some illegal activity? FBI or other agency will come and Ledger will have to cooperate, like all companies have to cooperate with law enforcement. Will be bye bye your holdings and will be tied to your identity.

I think move away as quick as possible and never look back to it.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
The more I think about this announcement, the more shocked I get. This literally means that Ledger, its partner companies and governments will know the identity of hardware wallet owners and in case there is a need, they can seize funds of any of their user.
This move can change the situation for whole crypto market, I'm happy that critics come from every corner towards Ledger, wonder if there is a statement about this from Trezor and other companies in near future.

Every Ledger owner should immediately change their hardware wallet or find a different way to store their coins. I genuinely believe that there is a high chance that planned or accidental data breach may happen and everyone will lose their coins, nothing to say about compromising of your identity.

I'm finally confident to say that when it comes to bitcoin wallet creation, I prefer to stick with my very old computer than with any modern hardware.

What will be the assurance that the change to another hardware wallet won't make same announcement later?
I think this is a more penetrative means by government to get to the root of identifying every individual portfolio and wallets.
One thing that never fails to beat my imagination is that new wallets would be created by genius minds who have come to embrace the anonymity that crypto currency has offered.
Unless, no one is made an example of by the hardware wallet's new policy, then persons would opt for means to prevent their seed from being backed up by the wallet, as a prerequisite for limited storage of their coins.
At least it's a better idea to move from them as soon as possible, what other options do you have? Stay with them? Ledger has said that it's designed in a way that it's impossible for the seed phrase to leave device but as you see, it doesn't work like that.
You'll never be 100% sure whom to trust but when something becomes clear, you should act accordingly.
Btw this Ledger accident can become a good opportunity for others to start a bitcoin hardware wallet business and increase the competitiveness and this is a perfect time for someone to come up with better security and with more proofs.



Am I the only one who feels a little confused? They say that they backup your seeds but at the same time they say that they don't backup your seeds

https://twitter.com/Ledger_Support/status/1658824402694283267?cxt=HHwWhoC9tayAqoUuAAAA


Quote
If you choose to pay for a subscription of Ledger Recover, you will need to consent on your Ledger authorizing the duplication, encryption, sharding of your SRP.
Quote
Ledger acts as backup provider for only one encrypted fragment, and a single fragment doesn't allow the SRP to be recovered.

Ledger cannot access any user’s SRPs, nor will it be able to do so at any point in the future.
member
Activity: 202
Merit: 22
Whether you opt to use the service or perform the upgrade isn’t the issue. The issue is that the way the device was designed was poorly because it shouldn’t be possible to extract the seed with a firmware upgrade which gets sent over the internet.


That means we were all lied to from the beginning.
member
Activity: 202
Merit: 22
It’s a disgrace to be honest, I have to wonder if this is some kind of regulatory pressure from governments. I just can not believe they would implement something like this.

Of course it is. I never invested in BTC a decade ago because I believed that governments would find a way to fight back against it.

I described the way they would do this as follows:

- Prison sentences for known holders of BTC. There are many varieties to this. For example my EU citizens now have to declare BTC holdings on their tax declaration forms. Not declaring this could have prison sentence as a consequence in the future. Or confiscation of other assets
- Taking down exchanges (lawsuits against Binance and Coinbase now happening)
- Attacking hardware wallet companies. We all thought this was impossible. Now we witness that it is not.

I wonder what Trezor is going to do. It won't be long before governments come knocking on their door. I can't imagine any of those companies surviving their regulations. And if they don't comply now, surely they will be taken out of business in the future.

I'm not tech savvy enough to understand if buying a device (either Ledger or Trezor) allows us to safely store BTC if we do not update any software (ledger live app, for example) for an entire decade. I can't imagine trading to be easy unless you constantly go through exchanges (which are under attack) or you constantly use apps (Ledger Live) which can only continue if you update it.
hero member
Activity: 1316
Merit: 787
Rollbit - The #1 Solana Casino
^ With this announcement, that is definitely right, never use them at all.
The fact that just a year ago, the company claimed it was impossible for the seed to leave the device, but now they acknowledge its possibility, has further fueled the controversy. However, there is no funds have been stolen so far, but this incident has highlighted the potential vulnerabilities of hardware wallets, which were previously believed to be highly secure and we have a wrong thought.
From now on, I will not recommend that wallet at all.
Many parties were indeed surprised by Ledger's statement via a tweet made by the @Ledger_Support account on May 17, 2023 which has been deleted.
Of course, tweeting will give birth to various negative assumptions because it will have an impact on wallet security. Even other hardware wallets like Trezor have taken a swipe at Ledger for this statement.

Ledger has provided clarification regarding the surprising statement regarding the firmware.
Maybe some of us already know about the news about the contents of Ledger's clarification about the firmware.

Guillemet states that the wallet’s firmware, or OS, is “an open platform” in the sense that “anyone can write their own app and load it on the device.” Before being allowed on the Ledger Manager software, apps are first evaluated by the team to make sure that they aren’t malicious and don’t have security flaws.

According to Ledger, even after an app is approved, the OS does not allow it to use the private key for a network it isn’t made for. The company raised the example of Bitcoin apps not being allowed to use the device’s Ethereum private keys and vice versa for Ethereum apps and Bitcoin keys. In addition, every time a private key is used by an app, Ledger says the OS requires users to confirm their consent to use the key. This seems to imply that third-party apps installed on Ledger shouldn’t be able to use a person’s private key without the user first consenting to its use.
legendary
Activity: 3808
Merit: 1723
Whether you opt to use the service or perform the upgrade isn’t the issue. The issue is that the way the device was designed was poorly because it shouldn’t be possible to extract the seed with a firmware upgrade which gets sent over the internet.

That seed should of never been able to leave the device. But we learnt that it’s not the case here. What if there is some fake software upgrade and people upgrade theirs and get their crypto stolen since it’s possible to extract the seed. What’s the point of the hardware wallet. Might as well stick with electrum.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
In as much as I've always considered and recommended ledger and it's competitor company(trezor), to be the best type of wallet to store bitcoin and other crypto currencies since they are offline wallet, I've never owned any of this hardware wallet, and I do not have any plan of buying one any time soon, as I have been using mycelium and electrum wallets since 2016 and never encountered any issues, I simply have not seen a need to purchase a hardware wallet..
Trezor is not a perfect hardware wallet too especially you have to spend money to buy Trezor wallet. It's not free at all and it is not much better than Ledger. They cooperated with Wasabi to spy transactions and do censorship. I don't like it with a wallet I have to pay expensive cost to buy.

[LIST] Open Source Hardware Wallets. They are not perfect hardware wallets too but I like them more than Ledger or Trezor.

You can use multi-sig wallets with Bitcoin Core, Electrum as alternatives for hardware wallets.

If you need wallets for tokens, you can use Safe wallet with multi-sig wallet.
hero member
Activity: 2590
Merit: 644

What are your thoughts?


Thoughts? Simple.

Don't update your firmware if you already own a Ledger, don't buy a Ledger if you don't own one. Buy a Trezor, preferably a Trezor One because it has lower attack vectors.

We can't trust a company which was breached in the past before. Plus how can we verify that they haven't already backdoored their devices?
^ With this announcement, that is definitely right, never use them at all.
The fact that just a year ago, the company claimed it was impossible for the seed to leave the device, but now they acknowledge its possibility, has further fueled the controversy. However, there is no funds have been stolen so far, but this incident has highlighted the potential vulnerabilities of hardware wallets, which were previously believed to be highly secure and we have a wrong thought.
From now on, I will not recommend that wallet at all.
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform
In as much as I've always considered and recommended ledger and it's competitor company(trezor), to be the best type of wallet to store bitcoin and other crypto currencies since they are offline wallet, I've never owned any of this hardware wallet, and I do not have any plan of buying one any time soon, as I have been using mycelium and electrum wallets since 2016 and never encountered any issues, I simply have not seen a need to purchase a hardware wallet..

And this update of them providing a service that could backup user's seed phrase in the cloud indeed raises concern as to whether the hard ware wallet are truly secure and decentralized as people thought, this is a question only the company themselves can answer.
hero member
Activity: 812
Merit: 560
A lot of people are smashing their ledgers into pieces when they announced a service to custody people’s seeds. This sparked outrage because it makes it possible for the secret seed to be extracted from the device.

A year ago or so they claimed it’s impossible for the seed to leave the device and now they are claiming it’s possible.

No funds were stolen but it seems that hardware wallets aren’t as safe as people assumed. The biggest issue here is that it’s not open source and no one can verify if it’s actually secure.

What are your thoughts?


Which seems to me a very stupid move by ledger since up to now he has always said the opposite, the fact is that even the other hardware wallets that have open source software actually have the firmware of the closed secure element, this is quite normal because you don't want to reveal the cards on the table to avoid attacks but I repeat that what the ledger wants to do is not scary for me, i.e. the backup or the extraction of the seed which at this point is clear that it can be extracted but the fact that it wants storing seeds on different providers and these are all exposed to the network, so since ledger doesn't have a good reputation in data retention this is what scares me the most

How can a non custodial hardware wallet perform the function of a custodial wallet and yet expect people to make ise of such, we aren't novice anymore, at least by now the whole experience of what is happening that people are loosing their asset to the hands of custodial exchanges should habe taught us enough lessons to avoid anything that has to do with custody of what belongs to is with another party, I've also seen a centralized exchange claiming they are building a decentralized exchange wallet for it users, what a mistery, we have to be careful because they are painting black as white for us and we should not accept such or fall in for such.
hero member
Activity: 2884
Merit: 579
Hire Bitcointalk Camp. Manager @ r7promotions.com
AFAIK, this is still on the beta phase and Ledger's community and customers feedback isn't as interesting as it may seem and it's the opposite of the probable respond they'll get.

I hope they listen to their community and revert back to the original idea and kick out the person who suggested that idea. 
I hope so too.

It's going to put their sales into the pit and downhill if they ever will continue this even if it's visible that the community don't like this update that they've made.

We understand that they're a business but still it's important for them to retain that values that they've started with and the actual purpose why people are buying their products but not with this newest ones that they've got.
hero member
Activity: 504
Merit: 625
Pizza Maker 2023 | Bitcoinbeer.events
A lot of people are smashing their ledgers into pieces when they announced a service to custody people’s seeds. This sparked outrage because it makes it possible for the secret seed to be extracted from the device.

A year ago or so they claimed it’s impossible for the seed to leave the device and now they are claiming it’s possible.

No funds were stolen but it seems that hardware wallets aren’t as safe as people assumed. The biggest issue here is that it’s not open source and no one can verify if it’s actually secure.

What are your thoughts?


Which seems to me a very stupid move by ledger since up to now he has always said the opposite, the fact is that even the other hardware wallets that have open source software actually have the firmware of the closed secure element, this is quite normal because you don't want to reveal the cards on the table to avoid attacks but I repeat that what the ledger wants to do is not scary for me, i.e. the backup or the extraction of the seed which at this point is clear that it can be extracted but the fact that it wants storing seeds on different providers and these are all exposed to the network, so since ledger doesn't have a good reputation in data retention this is what scares me the most
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
People are making a huge deal about something that is not nearly as big as it is being sold to the misinformed. This added recovery feature, come as a subscription option and you have to pay for that, so not a lot of people are going to opt-in for that extra feature.

We know Ledger were hacked a few years ago.... and a lot of people's information were stolen.. then criminals used that data to launch targeted Phishing attacks on those clients.... so why will people trust them now?  Roll Eyes
hero member
Activity: 1120
Merit: 554
🇵🇭
A lot of people are smashing their ledgers into pieces when they announced a service to custody people’s seeds. This sparked outrage because it makes it possible for the secret seed to be extracted from the device.

A year ago or so they claimed it’s impossible for the seed to leave the device and now they are claiming it’s possible.

No funds were stolen but it seems that hardware wallets aren’t as safe as people assumed. The biggest issue here is that it’s not open source and no one can verify if it’s actually secure.

What are your thoughts?


So this means all the suggestion about using hardware wallet such as ledger is a lie? How come no one audit their product code before it was release to the market. All of the person that advertised it as safe should be penalized in case damage is done?  Shocked

JK

I’m prepared that something like this is possible since they can be considered as centralized since no one do an audit to them. That's why air gapped DIY wallet is still the best rather than wallet that being manufactured by somebody since you will still need to trust the manufacturer for the integrity of the product since there is no way for us to check the code or software manually. I have a ledger but it's absurd to crash it now while my funds is safe on it for a long time.
legendary
Activity: 3010
Merit: 1280
Get $2100 deposit bonuses & 60 FS
I believe the Ledger company will come to its senses when people start avoiding their Ledger wallets.  It is really absurd offer/upgrade when most of the cryptocurrency gurus advise people to keep their wallets offline.  When veterans are informing people to keep their private key offline and keep away from the internet, ledger offers a service of saving private keys on cloud storage.  Are they nuts?  I think this action will kill the company, I hope it won't be late for them to readjust in the future.

AFAIK, this is still on the beta phase and Ledger's community and customers feedback isn't as interesting as it may seem and it's the opposite of the probable respond they'll get.

I hope they listen to their community and revert back to the original idea and kick out the person who suggested that idea. 

sr. member
Activity: 728
Merit: 388
Vave.com - Crypto Casino
I think that Ledger messed up and now people look into other hard wallets. But I never used one, I'm keeping my Bitcoin with other coins in OWNR wallet since I don't have too much and keep my seed phrase on paper in 2 hidden copies.
I've heard about OWNR, how cool is this wallet? I guess it's another Trust wallet like aka hot wallet, it seems the best way is to write down recovery seeds and keep them offline, most hardware wallets are having issues I don't know why, there was one that look like a complete Android phone, so nice looking, I thought it will be the most secured hardware wallet until people start complaining about missing assets in the wallet, some said it's a bug and now I don't have interest in such hardware wallet ever again, if same thing happen with ledger then people will have no choice but to abandon Ledger and buy other hardware wallet.
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
A lot of people are smashing their ledgers into pieces when they announced a service to custody people’s seeds. This sparked outrage because it makes it possible for the secret seed to be extracted from the device.

A year ago or so they claimed it’s impossible for the seed to leave the device and now they are claiming it’s possible.

No funds were stolen but it seems that hardware wallets aren’t as safe as people assumed. The biggest issue here is that it’s not open source and no one can verify if it’s actually secure.

What are your thoughts?

I think that should not trust financial assets to anyone. There will always be a risk that the custodian, if he has the opportunity, will want to take someone else's.

Big hardware wallet manufacturers are gradually turning into a kind of banks. It looks like you are giving them your crypto for safekeeping and you have to trust them completely. Just for a word.

In the light of recent events (news about Ledger and Trezor), it seems that the time has come for people to reconsider their attitude towards hardware wallets. Where once these were reliable storage devices, security is now at risk. The most unpleasant thing about this is that the danger doesn't come from intruders or hackers, but from the manufacturer itself. It would seem that it sounds like nonsense, but we are all eyewitnesses of what is happening.

Only the owner should have access to the seed phrase and no HW device manufacturer has any right to claim it. It doesn't matter under what pretexts it is served.
hero member
Activity: 2884
Merit: 579
Hire Bitcointalk Camp. Manager @ r7promotions.com
AFAIK, this is still on the beta phase and Ledger's community and customers feedback isn't as interesting as it may seem and it's the opposite of the probable respond they'll get.

So by reading the feature on their website, it is not them that will actually do this feature but it's the company named Coincover.

Ledger Recover by Coincover

It's said that those who owns the old version Nano S aren't going to be affected much by only those that owns the newer model which is the X.

That's the service and it's a terrible additional service they've made. The response of the community that has been helping and supporting them all over the years is unwelcoming.

This makes me don't trust my Ledger anymore and will have to switch to Trezor.
sr. member
Activity: 602
Merit: 387
Rollbit is for you. Take $RLB token!
A lot of people are smashing their ledgers into pieces when they announced a service to custody people’s seeds. This sparked outrage because it makes it possible for the secret seed to be extracted from the device.
Moving coins to a new wallet (not Ledger) and keep your Ledger wallet as a collectible. It might have some higher value in future when people look at history of Ledger and their wallet products.

Quote
A year ago or so they claimed it’s impossible for the seed to leave the device and now they are claiming it’s possible.
They can change their minds and build new products, services but if they break basics to keep coins safely, it's bad no matter what types of product and service they want to build and release.

Quote
No funds were stolen but it seems that hardware wallets aren’t as safe as people assumed. The biggest issue here is that it’s not open source and no one can verify if it’s actually secure.
Just not yet. We don't know what will happen but fundamentally and technically, their latest movement is bad and it potentially causes something bad for their users.

Quote
What are your thoughts?
Stop using it. Don't buy any new Ledger wallets in future.
full member
Activity: 952
Merit: 232
The more I think about this announcement, the more shocked I get. This literally means that Ledger, its partner companies and governments will know the identity of hardware wallet owners and in case there is a need, they can seize funds of any of their user.
This move can change the situation for whole crypto market, I'm happy that critics come from every corner towards Ledger, wonder if there is a statement about this from Trezor and other companies in near future.

Every Ledger owner should immediately change their hardware wallet or find a different way to store their coins. I genuinely believe that there is a high chance that planned or accidental data breach may happen and everyone will lose their coins, nothing to say about compromising of your identity.

I'm finally confident to say that when it comes to bitcoin wallet creation, I prefer to stick with my very old computer than with any modern hardware.

What will be the assurance that the change to another hardware wallet won't make same announcement later?
I think this is a more penetrative means by government to get to the root of identifying every individual portfolio and wallets.
One thing that never fails to beat my imagination is that new wallets would be created by genius minds who have come to embrace the anonymity that crypto currency has offered.
Unless, no one is made an example of by the hardware wallet's new policy, then persons would opt for means to prevent their seed from being backed up by the wallet, as a prerequisite for limited storage of their coins.
legendary
Activity: 2898
Merit: 1823

What are your thoughts?


Thoughts? Simple.

Don't update your firmware if you already own a Ledger, don't buy a Ledger if you don't own one. Buy a Trezor, preferably a Trezor One because it has lower attack vectors.

We can't trust a company which was breached in the past before. Plus how can we verify that they haven't already backdoored their devices?
hero member
Activity: 714
Merit: 521
A year ago or so they claimed it’s impossible for the seed to leave the device and now they are claiming it’s possible.
No funds were stolen but it seems that hardware wallets aren’t as safe as people assumed. The biggest issue here is that it’s not open source and no one can verify if it’s actually secure.
What are your thoughts?
TBH, i am not on the list of people who have smashed their ledgers into pieces as the "Ledger Recover" updates is yet to be released and another reason is i own no ledger (haha), well, but i am also afraid of this, because at first when a person asks ways to save there BTC? we bluntly recommend them Hardware Wallets, Such as Ledger and Trazer, Even yesterday i have recommended a newbie to buy a Hardware wallet but other experienced members has already guided me with the situation. But, i think there is no good in making noise before its release because now we at least know that it's possible for ledger companies to break encryption in our HW. And, it is confirmed now, so the point is why not test it so that we can at least know the possibilities and scenarios it could make?

If Ledger can do that the razor might also do that? How to confirm that? my thoughts are we should not put all of our assets in one type of hardware wallet such as a ledger we should diversify them in different company's wallet addresses. or we should follow big icons like Micro Strategy's CEO Michael Saylor so that we can learn how they store there BTC for so long.

If you think you are to remain more secured in a well and advanced way, it's better to seek for this security with bitcoincore, download the software and rule the nodes, this is the highest and advanced way to remain free from any form of doubtedness in keeping our asset secured.

If you're using any form of non custodial wallet under cold storage, then esure that's it's on a airgapped device which is not connected to the internet, electrum wallet is another better option in the his category, ensure you download it from their official website, but as for me, I wouldn't armit giving my KYC information to any of this seller of hardware wallet or use their service to secure my private keys or seedphrase.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
The more I think about this announcement, the more shocked I get. This literally means that Ledger, its partner companies and governments will know the identity of hardware wallet owners and in case there is a need, they can seize funds of any of their user.
This move can change the situation for whole crypto market, I'm happy that critics come from every corner towards Ledger, wonder if there is a statement about this from Trezor and other companies in near future.

Every Ledger owner should immediately change their hardware wallet or find a different way to store their coins. I genuinely believe that there is a high chance that planned or accidental data breach may happen and everyone will lose their coins, nothing to say about compromising of your identity.

I'm finally confident to say that when it comes to bitcoin wallet creation, I prefer to stick with my very old computer than with any modern hardware.
hero member
Activity: 952
Merit: 662
There are two thread has been created about this particular discussions:
1. ALERT Ledger Secure Element
2. Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

You can check yourself there are many users have giving their own opinions.

My opinion is people need to consider to set up their own cold storage rather than trusting a centralized company to create a hardware wallet. Right now, trezor looks safer than ledger, but no one knows what trezor will do in the future.

I think that Ledger messed up and now people look into other hard wallets.
People in this forum, not sure with people outside this forum because most of them didn't even own hardware wallet and learn about non custodial wallet.
sr. member
Activity: 1078
Merit: 342
Sinbad Mixer: Mix Your BTC Quickly
To be honest, I don't own any Ledger product and I'm glad I didn't especially after their recent announcement about sharing the seedphrase backup with third-party entities. This decision kinda break the trust that has been built over years with their users.

I know that there's no funds have been stolen yet but this move is concerning because many people rely on Ledger devices to safeguard their life savings in Bitcoin. It's not something to take lightly; these users prioritize security and privacy. Personally, I prefer using an air-gapped device that I own and have full control over rather than relying on a hardware device released by a company that introduces updates that could potentially putting my funds at risk.

I value my ability to secure my funds and protect my private keys/seed phrase. I don't appreciate Ledger making decisions that assume otherwise.
legendary
Activity: 3304
Merit: 1617
#1 VIP Crypto Casino
They’ve betrayed trust & destroyed the whole reason people buy & use them. It’s a disgrace to be honest, I have to wonder if this is some kind of regulatory pressure from governments. I just can not believe they would implement something like this. There are points of failure in most ways to HODL your coins but this is ridiculous. A sad sight tbh, not good.
sr. member
Activity: 658
Merit: 441
A lot of people are smashing their ledgers into pieces when they announced a service to custody people’s seeds. This sparked outrage because it makes it possible for the secret seed to be extracted from the device.
The company is not forcing anyone to subscribe to the service. It is an opt-in subscription seed phrase recovery service that attracts $9.99 per month. You have the choice to choose whether to subscribe or not. So I don't see the reason why anyone should smash his or her hardware device.

TBH, i am not on the list of people who have smashed their ledgers into pieces as the "Ledger Recover" updates is yet to be released and another reason is i own no ledger.  
It was officially launched yesterday.

But, i think there is no good in making noise before its release because now we at least know that it's possible for ledger companies to break encryption in our HW. And, it is confirmed now, so the point is why not test it so that we can at least know the possibilities and scenarios it could make?
I believe all the security parameters must have been checked but personally I still have my doubts and I don't feel comfortable having my seed phrase backed up on the ledger. At some point, an hacker can find a loophole to steal people's private seed phrase and funds.
hero member
Activity: 826
Merit: 641
Leading Crypto Sports Betting & Casino Platform
The complete privacy and anonymity of Bitcoin were what we thought initially, but what we thought was untraceable later become known to be traceable. For the issue of the seed phare, I've always been wondering if wallets could truly be truthful in their saying that they did not know your seed phrase. Although this is the first place I would read about this, it was the ordinal consideration that was my headache with Ledger before I read this.

If it's true, then one should be so careful of their Bitcoin in wallets, it will now be the integrity of the wallet you are using that can safeguard your Bitcoin. And it would surely prove that many of the supposed hacking of the past where BTC were stolen might not be truly hacking but the wallet propaganda to steal coins from one's account.
jr. member
Activity: 95
Merit: 1
I think that Ledger messed up and now people look into other hard wallets. But I never used one, I'm keeping my Bitcoin with other coins in OWNR wallet since I don't have too much and keep my seed phrase on paper in 2 hidden copies.
sr. member
Activity: 873
Merit: 268
That's why I stopped using Ledger. It's literally the opposite of what crypto should be. And it's sad where this is all going. It feels like soon all exchanges and wallets will be centralized and there will be no more freedom and anonymity.

So for everyone who is using Ledger and thinks that this update won't touch you, just know that this means that Ledger HAS the technology to KNOW your seed phrase. It means it saves it somewhere and can back it up even without your agreement if needed.
hero member
Activity: 1386
Merit: 513
Payment Gateway Allows Recurring Payments
A year ago or so they claimed it’s impossible for the seed to leave the device and now they are claiming it’s possible.
No funds were stolen but it seems that hardware wallets aren’t as safe as people assumed. The biggest issue here is that it’s not open source and no one can verify if it’s actually secure.
What are your thoughts?
TBH, i am not on the list of people who have smashed their ledgers into pieces as the "Ledger Recover" updates is yet to be released and another reason is i own no ledger (haha), well, but i am also afraid of this, because at first when a person asks ways to save there BTC? we bluntly recommend them Hardware Wallets, Such as Ledger and Trazer, Even yesterday i have recommended a newbie to buy a Hardware wallet but other experienced members has already guided me with the situation. But, i think there is no good in making noise before its release because now we at least know that it's possible for ledger companies to break encryption in our HW. And, it is confirmed now, so the point is why not test it so that we can at least know the possibilities and scenarios it could make?

If Ledger can do that the razor might also do that? How to confirm that? my thoughts are we should not put all of our assets in one type of hardware wallet such as a ledger we should diversify them in different company's wallet addresses. or we should follow big icons like Micro Strategy's CEO Michael Saylor so that we can learn how they store there BTC for so long.
legendary
Activity: 3808
Merit: 1723
A lot of people are smashing their ledgers into pieces when they announced a service to custody people’s seeds. This sparked outrage because it makes it possible for the secret seed to be extracted from the device.

A year ago or so they claimed it’s impossible for the seed to leave the device and now they are claiming it’s possible.

No funds were stolen but it seems that hardware wallets aren’t as safe as people assumed. The biggest issue here is that it’s not open source and no one can verify if it’s actually secure.

What are your thoughts?
Jump to: