Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 22. (Read 4835 times)

From my perspective, either answer will always affect negatively the overall product and void the concept behind the product sold by Ledger. Even if you don't opt in for this service, what Ledger is doing is claiming that ever since the beginning of their products it was always possible to extract the recovery phrases - encrypted or not - but the feature has since been dormant (until now it seems). If there is even a remote change that by a simple firmware upgrade the security chip starts broadcasting and exporting your recovery phrases, what security do their users have?

To answer to your second question, if you had to type your recovery phrases to use this service, it would be even worse than the current solution that they are proposing as you were violating one of the core rules of your funds safety - never share/type your recovery phrases anywhere, not even with your device manufacturer or the Pope.

---

It's a total shitshow as of now. Their CTO even recorded[1] a video for Reddit to address the chaos that's currently ravaging their sub but the message is always the same - "We will not know your keys". They also seemed to launch a FAQ[2] for the service, but the answers there are laughable:
This system is "designed to add an enhanced layer of security" and how do they do that? By stripping away one of the core concepts behind Bitcoin and handing it over to 3 entities (2 of them unknown at least for me) and another one being Ledger. Ridiculous.
So what they are saying is that "They don't share your private keys" but instead share an encrypted derivated version of our private keys with external entities which then can be used to give us access to our funds. Do note that they said they are not our private keys, but at the end of the day when they are decrypted they still give us access to our funds.
This means that these backups hold all the information that is needed to get access to the funds, meaning that the original device doesn't even need to "decrypt" anything and isn't the only machine capable of doing so. If this "backup" isn't a pure copy of the private keys - like Ledger claims that it isn't - then what is? Since they are exporting a copy, they claim that they aren't exporting the original recovery phrases? Do they really think their userbase is that stupid?
Alas, more privacy invasion policies and data hoarding of personal information. I'm baffled at so lack of respect by one's privacy.

What is even more laughable is that Coincover - the 2nd entity that will receive the backups - is operating in an environment made by Ledger as this piece of the FAQ claims it, so Ledger is actually present in 2 out of the 3 companies that hold your backup:

---

Even if Ledger trashes this concept to the ground, the message is clear - Their secure chip was always able to extract your recovery phrase (encrypted or not) and it was just waiting for a firmware update to enable that option. If you care about your privacy and your funds, please stop using your Ledger device and transfer your funds to another wallet.

---

[1]https://www.reddit.com/link/13j5cna/video/u4texr0t270b1/player
[2]https://support.ledger.com/hc/en-us/articles/9579368109597?docs=true

Also something else I glossed over before - they are providing $50,000 in insurance for your holdings. They must, therefore, be monitoring all the balances on all your addresses in real time and linking all that information to your KYC and seed phrase back ups to ensure that they don't get scammed by someone claiming to have lost $50,000 when they were only holding $10.

I've skim listened to this on 2x speed, but I can't find anywhere that they actually address that there now exists the ability for Ledger wallets to export seed phrases off of the secure element. Someone please correct me if I'm wrong. They answer questions like politicians. Direct quote from Nicolas Bacca (BTChip, Ledger VP): "I'm not sure what's not to like."

Absolutely unbelievable. This forum, Reddit, Twitter, literally everywhere pointing out the massive issues with this, and the VP responds by sticking his head in the sand and saying "Everything is great!"

Anyone interested can listen live in Spaces right now: Introducing Ledger Recover: answering your Qs w/@iancr @P3b7_ @btchip

https://twitter.com/i/spaces/1RDxlavNoAzKL?s=20

This is truly insane, never thought I'd hear of this from any hardware manufacturer. As others have said, it completely defeats the point and security of a hardware wallet and offline seed phrase.

To think you can shard your seed phrase and have 1/3 in escrow? What a laughable concept. At best it will simply open the door for fraudulent recovery of seed phrases (with stolen IDs etc) and at worst the three companies simultaneously get hacked and everyone loses their money! The worst thing is knowing how many users will opt-in to this thinking it's safe and secure method of seed phrase back up.

The fact they are charging $10 per month also suggests to me that they are in financial trouble, as that's quite an expensive form of non-custodial bank account. I'd expect this service to be more of a $10/20 one-off payment, or annual. Does anyone know about Ledger's financials? Given the state of the economy and this recent "product relase", I can't imagine that they are in good health right now.

I just saw a local thread, and ran here to see if it was true or not, I thought it was a joke or a misunderstanding


I have a question that might be important about this service:
--> Will this update make Ledger able to extract the seed from the hard wallet? (which I thought was impossible, like you said)
or
--> Will the user have to type the seed to be stored by the ledger?

If it's the second option it wouldn't change much regarding security for those who don't opt for the service
But if it is the first option, it is a tool that can fall into the wrong hands and generate an exploit

I'm worried, since I have a Ledger Nano S 

I'm still pretty skeptical about all this. Has Ledger put out any official statement or something that says the seed phrase won't be sent anywhere unless we subscribe to their monthly plan? However, even if such confirmation exists, we should still question whether we have any means of independently verifying this claim or if we're simply relying on their word. The mere possibility of the seed phrase leaving the hardware device and potentially being accessible online, in any form, undermines the fundamental purpose of a hardware wallet, which is to serve as the sole custodian of our private keys.


From what I understand, all three shards are being backed up by either Ledger or third-party custodians. It might not seem like a huge difference, but it does make the whole process a bit less secure. With three pieces of information "out there", if someone gets their hands on just two of them, they could access your coins.

Holly hell, what is happening with Ledger? Did the owner change hands or something? It feels like they started to make decisions that are profit-driven like what exchange does, without even considering what their product actually is. At the same time, I might be deceived and this is just how they act since the beginning. Looks like it is time to find other manufacturers that sell in my region and ditch Ledger entirely if I need to buy an HW in the future. Hopefully, that would never happen and I can just build my own air-gapped device with ease.

I agree with your point. Currently storing your bitcoins in a seed plate or an air-gapped device that you personally own is the best and most secure option.

Trust in hardware wallets has become a concern after this, so it's better to keep peace in your mind and use something that you own to store your BTC.

Indeed, with a simple firmware update the Ledger Nano seems to function more like a hot wallet rather than a hardware wallet that keeps your private keys offline. This shift essentially turns it into a free hot wallet, which is scary since it involves transmitting your seed phrase and wallet information to third-party entities.

I wonder what they're thinking about when they're doing this?

Just to address the above statement only: if you can live with Ledger's closed-source code, it's still a good wallet that doesn't require buyers of it to have their private keys split up into shards and placed into other people's hands.

The first thing that popped into my head was that this "service" would make it incredibly easy for governments/law enforcement agencies to seize assets from anyone who uses it, as I'm sure none of the three parties in control of the shards would defy court orders--and who knows, they might even give up the info without such an order.  That's the problem; you don't know what's going to happen when you're not in control of your private keys.

Ugh.  This is fucking awful.

I haven't read anything this stupid since Square's concept of shared self-custody. But Ledger was faster and actually worked on developing and releasing this bullshit before Square. They really will use any opportunity to try and profit, no matter what. If this turns out to be a success, this generation doesn't deserve Bitcoin.

---

All correct except the last part. To become part of their revolutionary seed sharing solution, you have to subscribe to it somewhere, give your consent, and agree to pay those $9.99 per month. So, you don't have to use it. It's just an idiotic option they give you. I wonder why the Nano S Plus isn't mentioned? Maybe we can expect that in the release notes for the new S Plus firmware.   

All secure elements are closed-source. Trezor and Tropic Square are the first ones that began experimenting with an almost 100% open-source secure element chip. 

I guess you are talking about Foundation Passport. Foundation is relatively new in this business, so you couldn't have recommended them 5 years ago, at a time while Trezor and Ledger were the best, because they weren't around at that time. Second thing, does Foundation use an open-source secure element? If Trezor is the first one that's planning to develop one, it means Foundation doesn't have one either.   

Yes. if approve it and pay the monthly fees.

No, you subscribe there for them to back up 2 out of 3 shards of your recovery phrase. If you lose your own, the 2 shards stored by 3rd-parties are supposed to allow you to backup your wallet.

It's still unsafe.

The whole point of a hardware wallet is to store your seed phrase and private keys safely and securely inside and prevent them from being extracted. The whole point of Ledger's secure element is that there is no possible way to extract the seed phrase from it. Now we have just discovered that a simple firmware update will permit the secure element to start sending your seed phrase across the internet. Ledger have just admitted that their entire design is deeply flawed.

We conveniently already have a name for a hardware wallet which can expose your seed phrase to the internet. It's called a hot wallet.

Pf.... that's relieving. Why did they expose themselves like that ?
So it's that subscription that is exposing the keys ? You subscribe there in order to backup your keys? I rather save them in my place to be honest and noone has access in them. As long as i dont buy this sub i'm fine right ?

You can't fix stupid.
But beyond that, take everything else away.
Say it's done 100% perfectly, secure, safe and everything else. You are now paying $120 a year to save your seed. Fine, great.

What happens in 3 or 8 or 15 years if they go out of business and properly purge all their data. It's just as useless as not having it in the 1st place.

Seed plate in a secure spot and done. Is it really that difficult?

Not your keys, not your coins. Give your keys to someone else....not your keys anymore.

-Dave

This is a paid feature so it's not sending your seed phrase anywhere unless you pay $9.99 per month for it (which is a dumb subscription).

Wait.... Just bought a Ledger wallet a week ago. I have some ETh inside. Should i take them off? Is it unsafe ?

While these particular release notes do not appear on Ledger website, you can find them in Ledger Servers API[1] and, most importantly, /u/btchip - Ledger Co-Funder - has already admitted that this will indeed happen[2] setting a dangerous attack vector as o_e_l_e_o previously explained about:
I wonder until how long will someone find an exploit to this "encrypted backup export system"? If this doesn't spell the depreciation of Ledger as a company, for sure that event will.

---

[1]https://manager.api.live.ledger.com/api/firmware_osu_versions
[2]https://safereddit.com/r/ledgerwallet/comments/13itm7u/is_there_a_backdoor_yes_or_no/jkbyyfp/

Just wait until quantum computers take the industry by storm, and suddenly the Ledger company has to scramble to shut down that service and delete all
backups before the encryption is cracked by a hacker.

This basically means: "Here, you can get your coins back, but first we need to perform an automated KYC check" - most likely with some stupid and flawed 3rd party identification software that can't even recognize a passport if you shove it under your camera lens. To say nothing about the risk of identity theft.

I do not know why some people like telling people that Ledger Nano wallets are good, they should not have been trusted from the first day they created wallets in the past, because all their wallets are having close source secure elements. If you can not verify, why trust the company when there are some alternatives that everything about their wallet makeup are open source.

Another thing is that Ledger proved themselves not to care about their customers personal information. This two are enough not to use Ledger wallet again. I use to tell people to use the wallet before, but as I found about the wallet more on this forum, I know it is one of the wallets that I can not point people to again to use.

What I saw today is not surprising me, Ledger do not care before about how bitcoin should be, as it should be of no trust. Not taking care of users data and now they have promoted to a level where privacy will be no more. People should avoid Ledger wallets.

So the very fact that this exists, even if you don't sign up for it, means that the next firmware update for Ledger devices will create a process by which your seed phrase is extracted from your hardware device, downloaded on to your computer, and then sent across the internet. That is a massive attack vector. It negates literally the entire point of a hardware wallet to keep your seed phrase and private keys isolated from computers and the internet. Not to mention this gives governments a very easy path to seizing all your assets, if they want, and allows all your coins to be stolen with some very basic social engineering. If you have completed KYC anywhere ever, then you've given away all an attacker needs to recover your seed phrase and empty your wallets.

Remember when Trezor and Ledger were the two best hardware wallets out there, and every thread had people (me included!) recommending either/both of them. How the mighty have fallen! Both are complete and utter trash now, completely ruined by awful decisions such as this one. Seriously, do the management teams behind both wallets understand nothing about bitcoin?

More and more I am glad that I have moved pretty much exclusively to airgapped, encrypted, cold storage for the bulk of my bitcoin. I know that my wallets will never suddenly pose a massive security and/or privacy risk out of the blue because of some absolutely moronic decision by a third party trying to squeeze more and more profits out of their customers.

This is so bad that i might give them negative feedback if they have account on this forum. And considering this "feature" require ID verification where Ledger already leak user data in past, it feels like disaster waiting to happen. By disaster, i mean your legal document will be leaked and misused by criminal to perform identity theft.