Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 2. (Read 5423 times)

I already have that, an air-gapped computer that doesn't connect to the internet as my cold-storage set up for my Bitcoins, with an exclusive USB for signing.

I'm merely asking Ledger compared to a computer/laptop with a fresh installation of Linux that's exclusively for using crypto.


I believe no one can prove or disprove BOTH sides of the debate, BUT who wants to buy a brand new Ledger Nano S+? I have one available for sale arriving soon.

   

You missed a step: the possibility should never have been built into the hardware. But it's very convenient for them to try and hook millions of existing customers, instead of selling a separate device to leak private keys online.

The fact that it's now only up to software to extract keys, makes Ledger just a software wallet. It doesn't even belong on this board anymore

Since the sharing of the keys, or more precisely the shards of the keys, happens remotely and over the internet, a hack that captures those shared keys could also be orchestrated over the internet and remotely by a hacker. Ledger claims that no keys can be shared without a user's consent, but how do we know that? They have also said that your keys never leave the device and now we know that they can. A piece of code determines whether or not the key extraction is approved. Even if Ledger did create it in a way where you have to approve key sharing, we can't rule out that a malicious party can't rewrite this and allow key sharing without a user's consent.

The code for Ledger Recover should never be part of the universal firmware. They should never have developed it. But since they did, it should have received its own separate firmware. That way, you would have the standard firmware without Ledger Recover and a special one with Ledger Recover. Each user could decide which way to go, but they didn't do that.

In theory.  Like I keep saying...  there's no way to prove it.  There's no way to prove there isn't a backdoor in Ledger's code for access to a user's keys without confirming it on the user's device.


Can't prove it?

Can't trust it.

Don't use it.

There have been comments already to your question. My two cents are: if you use the consumer laptop air-gapped as a cold wallet only, that I'd consider safer than this Ledger crap.

We can't know what the black box firmware of a Ledger does or doesn't. So, you can't verify it, you can't trust it, period! Your trust level is to believe when the Ledger Paris freaks scream at you: it's all safe, trust us, bro!

This is already bad enough and reason to better stay away from Ledger. But it gets worse. This recovery subsciption abomination is activated by a software, Ledger Live, the finest piece of programming craftmanship, full of trackers, cough, cough. And come on, software on a potentially unsafe and vulnerable device can't protect itself from malware. It can't be safe!

Yes, you have to confirm it on your Ledger hardware and it seems, encrypted stuff is exchanged, certainly not too easy to exploit, but who knows. We'll know when it happened.

A malware targeting Ledger Live... what could possibly go wrong? Go figure!

Ledger Recover gives Ledger or any hacker access to your keys over the internet.


Prove it.

That's the problem with Ledger's internet recover API.  It gives internet access to the keys on a Ledger device.  Sure, you may think you're safe because you didn't turn the feature on, but the code to give Ledger or hackers access to your keys is still on your wallet.  Hackers won't care about the feature.  They'll be hacking the code.

Once you've used a seed phrase on a Ledger device, there's no way to prove that seed is truly safe, so even if you decide to switch to a different device, you're just moving a seed Ledger or hackers may already have access to to another device.

A seed is no longer truly safe once it's touched a Ledger device.  After using a Ledger device, the only way to be sure your coins are safe is to create a new seed on a different device and move your coins to that wallet.

or a company that got had it customers personal information hacked, and they got hacked not once but twice so far
or a company that care more about profit over the safety of its users assets

Ledger as a hardware wallet is dead to anyone who even remotely cares about the safety of their coins.

hack 1: https://www.ledger.com/message-ledgers-ceo-data-leak
hack 2: https://www.ledger.com/blog/security-incident-report

If Ledger's own software can extract the seed from the device to send it to their servers, I can imagine a sophisticated piece of malware doing the same (in the future).

That's a dangerous assumption.

That's probably all encrypted.

It's already on its way, I can't cancel it anymore. Haha!

But, OK, let's be more more practical and constructive with the discussion. My next question is, will a "hacker" need to have physical access to the device to hack/steal my private keys, or can he/she steal it remotely? Let's pretend that the device doesn't have the Seed/Wallet Recovery feature on.

Plus if it could send/leak a user's seed/private key over the internet, could we see those packets of data if we have a traffic sniffer on?

That's possible. But they wanted their $9.99/month from each user for this "service", so they had to publish it.

Theoretically, Ledger could have implemented Ledger Recover and introduced their keys-sharing code without anyone knowing about it if they wanted to. The only thing that could prevent it is perhaps their TOS and Privacy Policy, but we all know how quickly these agreements can change and that most end-users don't pay attention to it.

Ledger Recover could have been released in secret. The agreement and names of custodians could have been kept private. Code-sharing firmware could have been introduced in firmware updates and no one would know anything about it until much later when the information got leaked. They could have done it in a way where users don't have to give their consent to extract their keys. The closed-source nature of their products make all that possible.

At the same time, they transparently announced that they had access to private keys. After all, we should trust them that they will never abuse it and that the recovery option is activated only at the user's request.

It's a tough question because you have to pick between two unsafe options. The Ledger can hardly be called a trusted brand anymore with everything that has happened in the past and with the things that will probably happen in the future. On the other hand, keeping your bitcoin in a hot wallet and on a device you use for various online activities isn't smart either. The only thing worse is using a CEX as your "wallet."

This is what I would do.
I would reformat and install a clean OS on it. I'd install Electrum and use that as my go-to bitcoin wallet. After that, I wouldn't use that laptop for anything else again as long as I have my keys on it. If you have altcoins/shitcoins where there are no quality open-source software available, I would keep them in the Ledger. What's the alternative? Trust Wallet? Exodus? It's all crap, closed-source, and requires trust. You might as well use the Ledger for bottom-barrel alt/shitcoins.   

Can you cancel the order?

The feature is called Ledger Recover.  Even if you don't use it, the code for it is part of the firmware for your device.  And the code is closed-source, which means the only way to prove what it does is to have Ledger show you the code - which of course they will not do.  It's like asking if someone's secret recipe contains artificial ingredients.  Even if they say it doesn't...  they can't prove it without giving you access to the recipe, which is a secret.

Realistically, a Ledger device is perfectly safe...  until the day hackers crack it (or a malicious employee?  Or a stupid employee gets phished again?)


Even worse: it was a former Ledger employee who got phished.  HHhmmmm.  Why do ex-employees still have access to Ledger's codebase?


So, that's the issue.  You're safe until you're not, and when Ledger gets hacked again, there won't be any way to know ahead of time.

If you can cancel the order, that's your best move.  If you can't, ask for a refund before even opening the package.

Let me answer that with a counter question: can you truly trust a device made by a company that has lied before?

And there's the problem.  Ledger's word has no value.

First of all, Ledger has lied to their users so many times about so many things.  They said keys never leave Ledger devices while they were writing a key extraction API for their firmware and uploading it to users devices.  That's like your wife saying she'd never cheat on you while setting up dates on Tinder.  Ledger says they've never been hacked while paying bounties with nondisclosure agreements so people who hacked them can't say so.  They literally printed "We Are Open Source" on the boxes for hardware wallets that run closed source firmware.  They are liars.

Second: Their firmware is closed source, so they can say whatever they want, knowing no one can prove they're lying.  They might as well say their firmware cures cancer, since there's no way to prove it doesn't.  There's no way to prove they don't already have access to every Ledger user's seed whether or not the user signed up for their scammy Recover service since their API gives them access to every user's seed.  Now they're saying they'll add an option to turn it off?  There's no way to prove that off toggle will actually do anything.  Their firmware is closed source, which means they can't even prove it's safe.

The only provably safe use for a Ledger device is to use it as a decoy wallet with a B.S. seed.

I was a long time Ledger user.  The day their key extraction firmware got outed, I remember looking at my Ledger, thinking "How do I prove they can't access my seed the moment I turn this thing on?  How can I know for sure they haven't already accessed my seed?"  Ledger Recover had to have been in the works for at least a year or two before it was announced, considering how complicated the project was (the code, the legal contracts with multiple companies lawyers, etc.  Ledger Recover was not a small project).  Surely, Ledger's firmware already had chunks of the key extraction API by the beginning of 2023.  How can anyone prove any of it is safe?  You can't.

There's an old saying that's popular in Bitcoin:  "Don't trust.  Verify."

Closed source can't be verified.

Closed source code can't be trusted.

What a waste of money. But when my Ledger arrives, what if I don't use the "Seed/Wallet Recovery" feature? Would that be safer than a consumer device that isn't being used for anything except Bitcoin/shitcoining?

OK, the closed-source firmware is concerning, I should have remembered this topic before buying myself a Christmas present. But can we truly say that Ledger wallets are not secure?

A "consumer laptop" is basically a hot wallet, which by definition shouldn't be considered safe. The moment you find out it's no longer safe, your coins are gone already. Ledger devices are even worse than hot wallets: they're designed to broadcast their seed over the internet. The moment you find out it's no longer safe, is probably the moment a couple of million naive Ledger Recovery users all lose their coins at the same time.

So out of those 2 options, I'd pick #3: a Trezor Safe 3.

They say that this service must be turn on to be operational, but I think that the most of general concern is not about service itself but their ^hidden potential  to extract SEED against your will which might be lurked in their close code. All bitcoiners ^{me including} are paranoid to some extend ^{which is probably good, better safe than sorry.}

I have a Trezor One, which is getting old, and which is not working in many shitcoin wallet software anymore. I decided to buy the cheapest model of the Ledger, then I remembered this topic. Haha.

This is going to be a laughable question. What's safer to use, a consumer laptop used merely for Bitcoin and shitcoining, or a Ledger Nano S+?


But the "Recovery Service" won't be "on" if you don't turn it "on", no?