Topic: Ledger Nano S security issues - page 2. (Read 594 times)

So pretty much what I've been doing alright, gotcha. What was that talk about a new Trezor by the way? I can't find it on their website.

Not sure bro...for large amount of btc cold storage i use paper wallets...for the rest i use trezor. I use ledger only for alts

Do you know if Ledger had that issue as well? I've got both just for the heck of it, but I'm not sure which would make the most sense to use for larger stacks.

Totally different when stolen. And I believe if that happens you can use your seed to reclaim your btc hopefully before thief can crack it

Didn't Trezor have some issue where it basically exposed all vital information with minimal effort? Of course that would require it being stolen, but still.

I agree Ty! 

Trezor is the best hardware out there IMO.

Cannot wait until the new one comes out by the end of this month.

If Ledger happens to stop by this post I'd like to say hello.  Now I'd like to request a piece of technology not from the 1990's.  My YakBak and TalkBoy are both more impressive pieces of technology and I'm pretty sure I didn't even know what a computer was then.  To anyone reading this and considering buying I highly suggest Trezor as I've heard much better things and I've tested Ledger and it's poo poo..  It does suck that that Trezor doesn't hold as many Alts but besides that I can promise it's better.

I would read this article about the man in the middle attack!

https://news.bitcoin.com/ledger-addresses-man-in-the-middle-attack-that-threatens-millions-of-hardware-wallets/

https://ledgerwallet.us2.list-manage.com/track/click?u=bcc2126fb4bf3e02256d6c188&id=271fdbe596&e=d0d7444049




Dear Ledger user,

Protecting your security is of paramount importance to us. The Ledger Wallet Bitcoin Chrome application has just been updated to give you more control over the security of your transactions. The update is automatic and enables an essential new feature: verification of the reception address directly on the device.
  
 

This new feature is addressing a specific issue known in the crypto-community as the "Man in the Middle Attack". There has been a recent announcement of a malware proof of concept that could potentially infect the user’s computer - including, the Ledger Chrome application. In this scenario, an attacker could theoretically change the ‘receive’ address displayed on the (infected) computer’s screen within the Ledger Chrome application.

By enabling you to verify the receive address on your device (the only source you can trust), the updated Chrome app provides an additional peace-of-mind.  Always verify the receive address on your device before communicating it to a third party.

Your current funds are not at risk and do not require any action.

Besides this important software update, we are taking 3 specific actions to make sure our users are safe and secure, while remaining alert:  
•   Software updates: the Ledger Wallet Bitcoin Chrome application is the first to benefit from the on device receive address verification feature. It is available for Bitcoin and all other coins managed by the Chrome app. ETH and XRP apps will benefit from that new feature in the upcoming desktop global release.
•   Upgraded Bug Bounty program: we are growing quickly - and we are still developing and strengthening some of our behind the scenes processes. We value contributions from security researchers and the community, and will be making our Bug Bounty programs faster and more efficient.
•   Prevention: we are continuously working on developing resources and materials to help our user base better understand the threats they face and how they can best secure their assets. If not done already, we urge you to read our basic security principles ruleset.
Security is an arms race. We’re in it for the long haul and are prepared for it. At Ledger, we take our mission seriously and that mission is to protect you.

Thank you for your trust.

Eric Larcheveque
Ledger, CEO