Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 14. (Read 4835 times)

But it's black box firmware software of Ledger for the MCU that controls user interaction with the hardware buttons. It's Ledger's software, the MCU proxies the button presses to the firmware software that runs on the Secure Element and which does most of "Ledger's magic".



If it's public there likely will be experts who have more knowledge to inspect and judge the code. And security concerns are probably a good motivation to look closer. Yes, if you can't do it yourself, you have to trust others. But still I prefer the code to be public, otherwise there's no chance to look closer.



Yes, and it's said that Einstein added: "... and I'm not so sure about the universe."

In my opinion Ledger Paris can basically only do one thing right and that's marketing bs. They suck at everything else, including value their customers. Strangely, it seems to me that Ledger appears kind of synonym to hardware wallet. Look at the topic Show off your hardware wallet, yes I know it's not representative, only 4 of 19 don't show Ledger hardware crap.



And to my knowledge the hardware buttons of a Ledger Nono are completely software controlled. The buttons are not directly wired to the Secure Element where most of Ledger's firmware magic happens. The MCU controls the display and the buttons and proxies user interactions to the Secure Element. It's the firmware that decides what to do when you press a Ledger button. As the firmware is a black box what exactly prevents Ledger to not need your button press? ... Exactly: nothing! It's their secret sauce code...



Your data is safu, they say. They'll surely send you through support desk hell, if you need to request your shards. What if you loose your ID (hey, your new ID has a different S/N...)? What if your face changed after years or some illness? What about live video deep fakes? All is fine, they say.

Bullshit, I say!



Remember what Einstein said?!

I think it's because Ledger integrates different coins overtime, and if I had to guess about 20% of all coins (tokens) are on Ethereum or Binance chain. So naturally all these ERC20 and BEP20 tokens are integrated. Likewise with NFTS, most are also on Ethereum, so merely the Ethereum integration is what accomplishes this goal. The likes of Solana and other L1 projects increases the % slightly I guess.

It wouldn't be surprising that they did. After all, they want to know how much money their customers trust them with. I am not justifying the action, simply explaining what I believe is happening. If Electrum servers can find out loads of information about connected wallets, there is no reason not to think that Ledger's servers can't as well.

Yes, because it's an unfixable hardware defect that can't be ironed out with software patches. It was always there and will always be there for the models One and T in their current forms. 

They removed support following the negative comments surrounding it, but didn't mind signaling support for it.

ColdCard is an airgapped wallet. You can work with PSBTs and import/export them with the help of an SD card for example. The device is not open-source but has public and verifiable code. It's better than standard USBconnected hardware wallets.

No, no. Definitely I know what's in your mind regarding Ledger accident, it's just that I remembered your question and then saw it in their FAQ, that's why I replied and quoted it.
By the way, I still think that it's early to talk whether Ledger buried itself by that decision or not. You know, barking dogs seldom bite. This good old saying means a lot and can be applied in your life. People say X but do Y. Despite the fact that there is a big wave of negative comments on twitter, I keep in mind that people are bad at judgement, bad at learning on mistakes and they easily forget, so, I think that Ledger will see increase in revenue despite everything that happened.

That has happened in 2019, do they still suffer from the same problem? Btw they removed the support of AOPP but yeah, what you say about them is true.
It's interesting to know what you think about Coldcard or do you think that no hardware wallet is trustable and airgapped encrypted devices are the only last and one devices to use.

Considering the way Mr. Pascal performed in the video that was linked in one of my previous posts, he obviously considers his clients ignorant and incapable of making an adequate backup, in other words, he positions himself in the same position as the famous CZ who claims that 99% of users in the crypto world are not intelligent enough to be their own bank.


Ledger (Pascal) also claims in the video that given the situation, they did not notice any drop in sales of their devices, and that this did not even happen after the famous Ledger leak of hundreds of thousands of user data, which he personally considers a trivial event.

---

Either it's a simple fabrication, or Ledger knows exactly how much someone has on their devices, which means that they log all the data from the device every time such a device is online. I would say that it is the latter, and considering the company's reputation, I would not be surprised if they share (sell) this data to anyone who is interested in it.

Oh, don't get me wrong. I am under no illusion that a new device makes zero technical difference to existing devices. Even without this firmware being deployed to existing devices, it is now abundantly clear that Ledger have been lying for years about the capabilities of their secure elements. I was simply pointing out that if I was a Ledger employee/board member, then I would have done the tiniest bit of research first, realized that 99% of existing customers hate this idea, and suggested launching it on a new device only and saying nothing about our existing devices.

It's good that they weren't this smart, though, since it's served as a big wake up call for people to stop trusting these shady third parties. Unfortunately it seems many people are simply jumping from one shady third party (Ledger) to another shady third party (Trezor).

All their devices suffer from unfixable seed extraction vulnerabilities, which they deliberately sweep under the rug and do not tell their users how to mitigate against. They also have a very pro-government, pro-censorship, pro-surveillance, and anti-fungibility ethos, as shown by their support of AOPP and their partnership with Wasabi and blockchain analysis.

Yesterday I was reading Ledger Recover FAQ and there is a similar question (but about second operating system) in their FAQ, it may be interesting for you:
Is there something wrong with Trezor at the moment? Just asking. It's an open-source and you can verify whether the code of bought hardware matches the publicly available open-source code.

Yes, for the first time in history we got a decentralized currency but money and power always ruins the party. Decentralization is like an anarchy and in human life anarchy can't work because we, by nature, are social animals. People always try to form a group, to centralize and every group tries to gain as much power as possible and finally the strongest group takes over the weakest one and you know, then happens all the shit.
By the way, bitcoin gives us freedom but freedom comes with responsibilities, people don't like responsibilities, they want to give it away and when you give it away, you become a slave.

There is a country called Georgia and the data of their whole population is leaked and published online, maybe people from this country don't care about KYC anymore because it's already available for everyone for free What a shame man.
Data Leak: Personal identifiable information of 4.9 million Georgians found online

Not sure about the statement, how do you come to conclusion like that with hardware wallet?

---

Also, here is an interesting Reddit thread from ledger co-founder and Ex CEO: My personal view on the pr disaster from Ledger

But that's the whole point of the service. The ability for mothers and grandmothers to recover their coins on any device even if they lose their seed and misplace the original hardware wallet. Their claim that the decryption key is stored on your Nano's secure element makes no sense. How can the key be in in device A and I still have everything I need to recover my coins on devices B and C? Together with their partners, they store all the essentials for successful recovery.     

No, not the Ledger Nano S. They aren't selling this model anymore and will eventually drop support for it. The Ledger Nano S Plus will have support for Ledger Recover. So far they haven't mentioned anything about the Ledger Stax.

"Ledger, the largest hardware wallet maker, has completed a €100 million valuation at a €1.3 billion valuation. Ledger claims it now stores more than 20% of the world's cryptocurrencies and 30% of the world's NFTs. Investors include True Global Ventures, Cité Gestion SPV, Digital Finance Group, and VaynerFund."
https://twitter.com/WuBlockchain/status/1641445894162874369?

At the end of March, the ledger was doing very well. Maybe new investors suggested this brilliant idea to them.
The next report on cryptocurrencies and tokens on ledger wallets will certainly be interesting

Considering the documents on the FAQ page of Ledger Recovery and how Ledger is replying on Twitter, I would say that o_e_l_e_o is exactly right regarding how the process will be deployed. What amazes me is the fact that Ledger is totally silent when faced with the fact[1][2][3] - or flaw - that is being able to restore your encrypted shards on any device. Do they consider their clients that ignorant regarding how seed phrases work? I should also note that Ledger Nano S will eventually[4] receive this "awesome" feature, per reply on their Reddit page.

As a side note, I am still amazed by the fact that they imploded their company and lost the loyalty of their clients for $9.99 per month...

---

[1]https://nitter.it/koinosblocks/status/1658789379626729475
[2]https://nitter.it/leacaselli30/status/1659268462806433792
[3]https://nitter.it/holger_wally/status/1658589976530132993
[4]https://safereddit.com/r/ledgerwallet/comments/13scxdo/comment/jlp5t5b/?context=3

Not in that particular reddit discussion, but that topic is partially covered in the Ledger Recover FAQs. I say partially because they don't go into details how the recovery is supposed to work if the original device is lost. Check the answer to the question "What if I lose my Ledger device that is associated with my Ledger Recover subscription?" o_e_l_e_o is surely on the right track here.

They don't need to. As I pointed out earlier in this thread:


If you are able to recover everything to a brand new device, then that means Ledger and their third party buddies are storing everything needed to fully recover your wallet. This means not just the encrypted shards, but the decryption key as well.

Further, all three of your encrypted shards and their decryption key must first pass from your hardware wallet to your computer, and then all be sent out from your computer to these third parties, and then again in the reverse direction. You are exposing everything needed to steal your coins to the same risks as any other hot wallet.

It just shows that all those who go in that direction are not aware of what they are actually buying or for some reason known only to them they ignore some known facts. That HW has an irreparable vulnerability that allows an attacker who comes into possession of such a device to extract the seed in 5-10 minutes, not to mention their cooperation with those who will analyze all transactions and determine which ones are good and which ones are not. In addition, who says that the Trezor will not come up with something similar to Ledger in the future?

They never answered this: https://www.reddit.com/r/ledgerwallet/comments/13lo5rv/decrypt_key_and_ledger_recover/

To me, this looks very suspicious because you need a communication channel between hardware wallets to transfer a decryption key, which basically means you have to rely on a third-party provider (most likely the entity asking you for documents) to store and send it to you after a successful KYC procedure. I don't quite understand what prevents this provider from colluding with companies holding parts of your seed, or how this provider can be a safer solution than a hardware wallet itself. This new recovery feature does nothing but weakens your security setup since the amount of information to store safely increases, and the number of parties knowing that information doubles and triples. No matter if they open-source this feature eventually, this is just terrible for a hardware wallet manufacturer to offer it.

Fair point, I was only considering was who handling the raw data, rather than how it's stored. I also think the encrypted ID with your shard is the least of your worries though... the seed phrase is more the concern.


Strange, I thought I heard a Q&A with the CTO claimed that it was only decrypt-able via the original Ledger, but obviously this doesn't make sense if it breaks and you want to recover your seed phrase.

---

In other news: Trezor sales soar 900% amid Ledger’s seed recovery controversy
https://cryptoslate.com/trezor-sales-soar-900-amid-ledgers-seed-recovery-controversy/

Seems Ledger users are going from one very insecure device to a slightly less insecure device.

I wasn't asking about the seed and storing the seed this time. I meant who stores the KYC data (the IDs and selfies). Your link confirms that Onfido is their partner for that which answers my question.   

I have heard the opposite. You don't need the original device you used for Ledger Recover and seed sharding. Since the shards are connected to your identity (the ID and selfie you provide), the hardware wallet device is of secondary importance here. 

For Ledger's shard, yes. But your KYC data will also be stored with the other two third party companies as well, in order for them to release their shard if needed:
It's the exact opposite, in fact. They say that you can use Ledger Recover with a brand new device:

I checked for you, it's done via KYC provider Onfido. Make of that what you will.


Despite all the risks, I wouldn't say having your seed phrase sharded to three companies is higher risk than simply having Ledger "look after it" for you. Clearly there would be slightly less risk, as all three companies would need to be hacked. Not that I'm defending Ledger here, but just pointing out the reality as I think you're not looking at the most vulnerable angle. The real risk is that Ledger's servers are far from secure based on past hack as you pointed out, and therefore the sharded seed phrase going through Ledger servers in order to "safely" get to the other two companies is a massive risk.

All it would therefore take is to gain access to Ledger's servers (again) and bingo, you can intercept an encrypted seed phrase, even if sharded. They do claim the seed can only be decrypted with the same Ledger that created it, but I imagine with any Ledger there would be a simple workaround for this, such as spoofing the device's log number in order for the encrypted shard to think it's the same one.

There will probably be special price discounts for new users to sign up. Maybe the next Black Friday deal will be a special $1.99/month for the next year for those who enroll.
This is just the initial money-grab, it will become cheaper with time. At one point, it might even become free.

Btw, who stores the KYC data?
Ledger, because it worked perfectly with other data in the past?
Ledger + the two other companies for triple the risk?
Or a brand new service we don't yet know about?