Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 20. (Read 4835 times)

I'm not a technical fan, but is this thought true?
If the Nano S can "dodge" the 2.2.1 update. then it may be able to dodge another update later, then it will eventually be devices with outdated systems that are increasingly vulnerable while at any later higher update it won't exclude all the new features of 2.2.1.

Looks like Vitalik Buterin has been employed by Ledger SAS.


It is true. Nano s will stay immune. Only X and s+  as well as Stax will suffer


I have did it two days ago. Moved my stash into Foundation Passport 2.

That's probably it.
The first step now is to avoid updating at all costs, and then, for those who don't feel comfortable with their wallet, change their money to another one.

We are also discussing the Ledger issue in the German board and found a tweet claiming that the Nano Ledger S may not be affected because the device is too old for the the current Ledger Recover firmware update?

Regardless of the fact that you should still look for another hardware wallet company, can anyone with a more technical background comment on whether this information is correct?



Source: https://twitter.com/0xQuit/status/1658596830350036992

In fact, it turns out that Ledger first slipped its customers a new firmware version with this damned recovery function and only then announced this function. I don't believe that there was a mistake and the company (in which can’t even sneeze without the consent of the management) mixed up the date of the announcement of such a high-profile feature. Was this done on purpose so that as many users as possible upgraded to version 2.2.1?

Ledger's management are brilliant businessmen: you get verified with KYC and still pay money for it. Simple, ingenious.

Closed source, KYC, dubious collaborations. All this together forms a big alarm signal.


It's funny to hear calls to believe from a Ledger when they have already seriously screwed up with the personal data of their customers 2 times in the not so distant past. Moreover, both times they got off lightly without incurring any material losses, not to mention reputational ones. But it should have. And after this set-up with the so-called recovery function, Ledger will not lose its position in the eyes of ordinary users who don't really ask themselves where this company is slipping? I think no. Moreover, line up of their clients who are ready to pay those $10/month for a KYC.

Faith has no place in financial matters. Here there is only openness, reliability and security.


The coming catastrophe may turn out to be something else. Having a user ID thanks to the KYC for $10\month, having the entire history of transactions and wallets thanks to the data received through the Ledger Live, all users of this devices are at a glance. And if pass this information on to governments, which seems quite possible, if measured by the dynamics of changes in the actions of this company, it becomes not fun at all.

The most hypocritical thing is that the Ledger presents all the crap to its users under a plausible pretext, supposedly taking care of the safety of their funds.

"The road to hell is paved with good intentions".

It is precisely along this road that the Ledger has been slide down more and more lately.

Honestly, you put me at ease a little.

Although, just recently we thought about ordering a batch of customized Ledgers for our employees and for raffles, but now we are very skeptical.

Man, this is scary. I should be telling the people I know about this so they can start preparing to transfer their funds as soon as possible since I was the one who recommended ledger to them and to most of the people who asks. I really don't understand what has gotten into their minds. They must be viewing security and privacy in a perspective that is way too different than every crypto enthusiast out there to have come up with such crap. Doing this is just the same as taunting hackers to a game of hide and seek. This is truly frightening and at the same time really disappointing.

Seriously, this decision wouldn't be made without a lot of discussion and some research/statistics. Ledger is a company, business and aim is to increase profit. Me and you analyze that by implementing this subscription service, one thing is clear, we have to pay money for worsened security. I'm laughing so much, just thinking, what a stupid person you should be to pay money for a service that absolutely abandons the idea of owning a hardware wallet. I mean, you buy a hardware wallet for improved security and then subscribe their service for decreased security, this is such a crazy thing. But Ledger packs all of these positively, in order to generate money, you need to conquer the heart of majority, not minority, majority of people are not smart, minority are, they simply take an advantage of the situation.

I bet their sales will increase, we will see. It offers people an option that they want. Do people lose their keys? Yes. Do they want a recovery option? Yes. Do people think that hardware wallet is safer than any other type of wallet? Yes but do they know why? No, they have just heard that. Do people think that they are confiscating their security by subscribing ledger's service? No. I know it sounds crazy but don't expect people to think and analyze things the way you do. People pay millions of dollars to digitally own a pixelated guy or a silly image of ape, so, do you really expect that majority of people have normal cognitive abilities?

This exactly. The fact that none of the devs have actually just directly answered these questions head on in a couple of sentences, and are instead making people sit through an hour long recording, speaks volumes. It reminds of that quote from Vitalik about known scammer CSW:

It's not clear yet, but we know they must have the means to decrypt it themselves. You can lose your hardware wallet and your seed phrase, and still recover your wallets on a new device. This means that everything needed to recover your seed phrase (i.e. the shares and their decryption keys) are stored by one or more third parties, since you need to provide absolutely nothing yourself, not even the original device.

From what the guys from Ledger wrote, it is a little clearer why they do such stupid things - their business decisions were obviously influenced by their mothers who are serious investors in cryptocurrencies, and at the same time they are not capable of making a backup and storing it safely.

It's even funnier that they justify their stupid moves with hundreds of millions of new users in the future who supposedly want to share their secret backup with various companies around the world. Apparently, they can also read the minds of their future clients...

I thought nothing could surprise me when it comes to Ledger, but these guys definitely do their best in creating unpleasant surprises - what's next, full KYC to be able to use Ledger Live or do a firmware update?

On the other hand it's unlikely that the backdoor has been there before because otherwise the hackers would have stolen the wallet seeds alongside the customer data way back when 

You don't need to open source the firmware if you just open source the costumer data! *taps forehead*



Interesting, I wasn't aware of the censorship controversy around Wasabi. Thanks for bringing this to my attention.

(Still, in my book not even remotely as bad as what Ledger is doing for 2 reasons: (1) I primarily expect security from a hardware wallet, with privacy being a nice-to-have, but I don't mind falling back on other options for that, (2) using transactions with questionable privacy is still optional while having a backdoor is not. But I'll leave it at that, for fear of straying off-topic. I definitely see your point regarding SatoshiLabs' company policy though.)

According to their previous announcement and their FAQ that I provided the link to above, they consider this whole thing as a form of self-custody, so it is a little bit strange that the user doesn't participate in storing funds directly and instead has to trust centralized companies keeping a shared secret.

Does it mean we can't verify that they have no access to the decryption key used to reconstruct the initial seed? It is still unclear how the whole decryption process works and how a hardware wallet knows that you underwent a KYC procedure to start recovering. Who sends it a decryption key because it may be a different device from that you created your setup?

Here are the key points from the live session with CXO Ian C Rogers (@iancr), CTO Charles Guillemet (@P3b7_), and co-founder Nicolas Bacca (@btchip) answering some of the questions.

I gotta be honest, I listened to the whole shebang live and then again on the recording, and if I'm being real, there was a whole lot of mixed signals flying around. I mean, seriously, there's so much conflicting info, half-truths, and straight-up marketing jargon going on, it's hard to know what's real and what's just fluff. They were talking about Ledger Recover and how it's all about security and self-custody, but honestly, some of their explanations were all over the place, not really addressing the tough questions head-on. I get it, they're trying to pitch this as a solution for people who struggle with seed phrases and stuff, like your mom or less tech-savvy folks. But honestly, I think they missed the mark. In the end, after listening to the whole thing, I'm left feeling like there's a whole lot of smoke and mirrors going on. One thing is for sure, once you opt-in for this Ledger Recover service and update the firmware, that Ledger device just can't be considered as a trustworthy self-custody solution for your crypto anymore, no matter how they try to spin it. They're trying to sell us on this idea that we still have full control, but let's be real here, it's not quite the case anymore.


source: https://twitter.com/Ledger/status/1658463730676518920

Yes, I don't see the firmware creating the backdoor. The fact that the new firmware has already circulated, even briefly, can now be analyzed by hackers to be able to discover that backdoor.

Allegedly, and the fact that they have made it very clear everywhere, the Nano S model will be the only one that will not have that back door.
But how now are we to know? Doubts were left in the air, there is not much way to remedy it.

That, and their partnership with Wasabi and blockchain analysis firms, resulting in government sanctioned surveillance and censorship.

This is so wrong on so many levels and I just can't wrap my head around it. I just hope the market will punish Ledger accordingly, but I don't have much faith.

All the more important to keep calling this for what it is: A backdoor. Not an option. A backdoor. Your only option is to pay for the privilege of accessing the backdoor as well.



What happened with Trezor? I remember a seed extraction hack from a couple years back, but that one still required physical access which makes it not even nearly as bad as what Ledger is doing.



Reminds me a bit of that scene in The Big Short:

"I don't get it. Why are they confessing?"
"They're not confessing. They're bragging."



Probably. But you can't ever be sure that this backdoor hasn't been there all along, as pointed out by others upthread.

me yesterday this news has also blown and i can not really imagine what has driven Ledger to publish this recovery update - apparently Ledger earns on the 'old' customers no longer good enough and now wants to earn by this way also on the 'new' customers, for which then the seed security is a 'child's play' and how everything in their lives is stored on any clouds, because the security/privacy is then completely indifferent

what i also wonder is what happens to the Legder sticks that don't go through this update - can they continue to be used without problems?

@TryNinja, I think you have a chance to write another script.

Wherever Ledger was mentioned replace it with a choice of word by the users and update the topic.

I will personally replace it with:

Ledger = Ledger [not recommended anymore, scammers].


I am going to burn my Ledger Nano S today or tomorrow. If I get a chance then I will upload a picture.

May be we need a hashtag in social media, #Notoledger

[Edit]
Examples from some of my old posts were edited now
https://bitcointalksearch.org/topic/m.62009164
https://bitcointalksearch.org/topic/m.61855155

[Re-posted]

Exactly, and that's why it doesn't make any sense. Implementing SSS method is really bad as it might expose users to a lot of risks. I don't understand why they're putting their clients at such a high risk just to earn more money, it seems like a joke to be honest. The whole company will be destroyed after this and I think they'll lose almost all their clients as a result.

If they believe that users are incapable or too stupid of keeping their seed phrase secure, implementing a method that requires sharing 1/3 of the seed while risking exposure of private keys is absolutely nonsensical. It implies a lack of trust in users' ability to handle their own security as well as sharing their wallet data to 3rd parties entities. 

In essence, Ledger has confirmed that they will have access to your private keys.
I wonder what is the point now in the embedded chip responsible for security, if it is possible to easily get a secret from it?