Pages:
Author

Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 7. (Read 5399 times)

legendary
Activity: 2730
Merit: 7065
It's impossible to use ledger wallet without ever using ledger crap app.
First you need this crap app to install and update device firmware
Ledger sends their hardware wallets with already installed firmware, and very often it's the latest version. So, you don't need the app to install the firmware.

There is no way around to generate new ledger account with electrum or any other third party wallet if you have new ledger device.
That's true. You have to install the Ledger crypto apps before you can use any software wallet, be it Electrum, Ledger Live, or something else.

Technical question about this update since I just receive this notification about firmware update for ledger recovery. Will my ledger will be safe if I don't update my firmware to current latest version?
Do not update the firmware if you intend to keep using your Ledger HW. The update doesn't fix any vulnerabilities, but adds the Ledger Recover vulnerability which you shouldn't have. 


Ledger is now advertising their pathetic Ledger Recover feature with a discount. Instead of $120/year, it's possible to get it for $99.99 if the subscription is purchased together with the Nano X hardware wallet, the only HW that currently has the code and supports this vulnerability.
legendary
Activity: 1722
Merit: 4711
**In BTC since 2013**
What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.
It's impossible to use ledger wallet without ever using ledger crap app.
First you need this crap app to install and update device firmware, so you need to install and use it minimum one time or more.
There is no way around to generate new ledger account with electrum or any other third party wallet if you have new ledger device.

Clear! What I said is for those who have an old Ledger and who are not going to do a reset now. This is no longer recommended.



How safe is that against a thief who steals your Ledger and uses "Recover" to extract your seed phrase from the "secure" element?
They need to have physical access your device first, than anything is possible.
If they can't extract it, maybe they can sign up for Recover instead of owner   Cheesy

You had to have some access data, such as a PIN, to validate enrollment in this recovery program. And if you have the PIN, it doesn't make sense for the thief to sign up for this program.

Well, at least that's what they say.  Roll Eyes



We all have to go back to the famous paper or metal sheet, so we don't have these types of worries.  Tongue
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.
How safe is that against a thief who steals your Ledger and uses "Recover" to extract your seed phrase from the "secure" element?
In this case, owning a Ledger loses any meaning. This is precisely the trick with hardware wallets, that no one except you (even physically) can access the contents of the wallet.


What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.
How safe is that against a thief who steals your Ledger and uses "Recover" to extract your seed phrase from the "secure" element?

My ledger is from before this firmware update. Furthermore, the service was never active. Now, the observation is valid, and therefore requires the person to be very attentive to how they use things - like not walking around with the Ledger in their pocket.

If you have not updated firmware, this doesn't mean you are “immune” to ledger Recover. They can force you to update, for example, by limiting the functionality of older firmware versions or making them inoperable. Not necessarily directly, but for example, with the help of Ledger Live, which will stop “seeing” devices with old firmware or something like that. I’m sure Ledger will be able to figure out how to force an update.


What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.
It's impossible to use ledger wallet without ever using ledger crap app.
First you need this crap app to install and update device firmware, so you need to install and use it minimum one time or more.
There is no way around to generate new ledger account with electrum or any other third party wallet if you have new ledger device.
Already at this stage a devilish cunning was laid down, which for some reason was not noticed for a long time.

Such dependence of ledger on ledger live completely deprives the device of autonomy and independence. This is already a serious reason to doubt.


I am not afraid of Ledger stealing the keys.
Stealing will land them in prison, so that's not my biggest worry. But leaking the keys is a real risk.
Not every thief attacker goes to prison.

Ledger becomes vulnerable to both online and offline attacks. Why is this device needed at all if it doesn't do its job?
hero member
Activity: 1400
Merit: 623
Technical question about this update since I just receive this notification about firmware update for ledger recovery. Will my ledger will be safe if I don't update my firmware to current latest version? I’m thinking that my ledger will stay as is which ledger doesn't have the ability to recover my seed phrase if I didn't install the latest firmware which they implements this recovery feature.

Their recovery feature sucks because they charge fee for an extra centralized service which defeat the purpose of hardware wallet.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
I am not afraid of Ledger stealing the keys.
Stealing will land them in prison, so that's not my biggest worry. But leaking the keys is a real risk.

It will only land them in prison if it can be traced back to them. Otherwise it's indiscernible whether the keys leaked or an inside job happened.

But yes, andy.arden is right that in the big picture government control is probably the largest risk.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I am not afraid of Ledger stealing the keys.
Stealing will land them in prison, so that's not my biggest worry. But leaking the keys is a real risk.
legendary
Activity: 2212
Merit: 7064
What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.
It's impossible to use ledger wallet without ever using ledger crap app.
First you need this crap app to install and update device firmware, so you need to install and use it minimum one time or more.
There is no way around to generate new ledger account with electrum or any other third party wallet if you have new ledger device.

i also read about the 'recover start' yesterday. what i find even more outrageous is that Ledger charges the user €10 for this service (after the first month is free) from the second month on.
will advise everyone in my circle of acquaintances and also here in the form against this service!
Someone has to be crazy or ignorant to pay for this crap $110 to $120 per year, just to have false sense of security.

How safe is that against a thief who steals your Ledger and uses "Recover" to extract your seed phrase from the "secure" element?
They need to have physical access your device first, than anything is possible.
If they can't extract it, maybe they can sign up for Recover instead of owner   Cheesy

legendary
Activity: 1722
Merit: 4711
**In BTC since 2013**
What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.
How safe is that against a thief who steals your Ledger and uses "Recover" to extract your seed phrase from the "secure" element?

My ledger is from before this firmware update. Furthermore, the service was never active. Now, the observation is valid, and therefore requires the person to be very attentive to how they use things - like not walking around with the Ledger in their pocket.
jr. member
Activity: 40
Merit: 1
I am not afraid of Ledger stealing the keys.

I am afraid that in case the government will issue different laws against crypto, then our devices will be locked and the keys will be in the governement hands to be returned to us or not.

It would be a perfect case to control everyone's crypto, to verify how much anybody has in order to pay taxes, etc.

So i dont think it will be used to steal it from us, only to control.

So yes, DO NOT use Ledger.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.
How safe is that against a thief who steals your Ledger and uses "Recover" to extract your seed phrase from the "secure" element?
legendary
Activity: 3304
Merit: 8633
icarus-cards.eu
Ledger just launched and started ledger Recover


i also read about the 'recover start' yesterday. what i find even more outrageous is that Ledger charges the user €10 for this service (after the first month is free) from the second month on.
will advise everyone in my circle of acquaintances and also here in the form against this service!
full member
Activity: 128
Merit: 190
What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.

At least that's what I do with my wallet Ledger.

If Ledger's key extraction firmware is on your device, you have no way of knowing what that firmware can do when you turn the device on.  For all you know, Ledger already has access to your keys.  Maybe the companies they're working with too.  Ledger says your device needs you to press the buttons to confirm any actions, but they admit can't prove it, because their code is closed.

If you only have a few hundred bucks worth of Bitcoin on your Ledger and you wouldn't be too angry if it gets stolen, then yeah, stick with Ledger.  But then again, if that's the case, why bother with the Ledger at all?  Go with a software wallet instead.

But if you own enough Bitcoin that you'd be upset if it gets stolen, why are you trusting a company that lies to their customers and lowers the security of your device after you bought it?

Ledger told you this, for years:

Quote
Your keys are always stored on your device and never leave it

Then they wrote key extraction firmware and put it on users' devices.

They even kept repeating that lie as recently as May 2023 even after spending months if not years working on adding a key extraction scheme to their hardware wallets.

"Your keys are always stored on your device and never leave it."

...uhm, how does Ledger Recover work?

Your keys are extracted from your device over the internet.  They say only if you authorize it, but they can't prove that to be true.

I think it's funny how people stick with companies because they feel a tribal sense of commitment.  Look at all of the examples of companies, especially in crypto, where we saw signs of danger, but some people stayed and went down with the ship.  Voyager is one of my favorite examples, but there are so many others.  I got out as soon as I had doubts.  Others stuck around and lost most of what they had.  It's easy to say "Oh, come on.  Ledger is different."  Nope.  Ledger has been lying to their customers while making customers devices less secure.  It doesn't take a genius to see problems there.

Sure, it's annoying having to buy another hardware wallet, make a new seed, and move your coins.  But owning Bitcoin means being your own bank.  It's up to you to keep your coins safe.

I bailed on Ledger.  I feel foolish for having trusted them in the first place, but I didn't double down on my mistake.  I admitted it and moved on.
legendary
Activity: 1722
Merit: 4711
**In BTC since 2013**
Ledger just launched and started ledger Recover, that is provided by Coincover,and I urge everyone NOT to use this crap!

What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.

At least that's what I do with my wallet Ledger.
full member
Activity: 128
Merit: 190
Ledger just launched and started ledger Recover, that is provided by Coincover,and I urge everyone NOT to use this crap!
If you sign up for this you basically agree that your coins can be seized willingly or unwillingly, because ledger partners all have to comply with governments.
Additional danger is sending your personal ID and ledger is well known as leaker wallet.
https: //www.ledger.com/recover/

It's even worse than that.  In fact, it's much worse.  Ledger's KYC will connect your coins to your identity and personal information, and it will be held by multiple companies.  If it gets hacked, anyone who uses it is more screwed than screwed.  Thieves be able to steal your coins, but that's only the beginning.  If they have reason to believe you have more coins hidden behind a passphrase, they've got your name and home address.  Knock knock.  "Who's at the door?"  You won't know them, but they'll know you.

This whole Ledger Recover thing is so poorly thought-through, but Ledger doesn't care because, to them, it's just a grift.
legendary
Activity: 2212
Merit: 7064
Ledger just launched and started ledger Recover, that is provided by Coincover,and I urge everyone NOT to use this crap!
If you sign up for this you basically agree that your coins can be seized willingly or unwillingly, because ledger partners all have to comply with governments.
Additional danger is sending your personal ID and ledger is well known as leaker wallet.
https: //www.ledger.com/recover/
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
I can't say to feel any sorrow for such a Reddit moderator moron like BTChip was. I remember too well his stupid contributions to discussions on Reddit when people complained that Ledger doesn't properly and reliably publish cryptographic hashes of new versions of Ledger Live. Why would people want to check if their download of Ledger Live is genuine? (Sarcasm)

If such "high level guys" at Ledger don't even understand very basic and necessary verification steps for software, then sanity of the management team of Ledger isn't at its necessary level, if not worse.

Just go down the drain, Ledger, I don't cry a single tear. Let's see how bad it can go with the remaining moron overlord Pascal Gauthier. When he spins freely, I think I'll have to stock up my popcorn supply.
legendary
Activity: 2212
Merit: 7064
Nicolas Bacca cio and co-founder of Ledger, will leave the company following the recent recover scandal. he follows former ceo and co-founder Eric Larchevêque, who stepped down in 2019.
ceo Pascal Gauthier blamed an 'unintentional communication mistake' for the Recover melee, but also stressed the importance of key recovery for users who feel overwhelmed by key management.
Shitcoin hardware wallet is falling down, falling down...  Cheesy
I wonder if this co-founder Nicolas Bacca is one of the reddit moderators with nickname BTChip that banned and silenced a bunch of people a while ago.

EDIT:
Yeah he is!
This guy was a real poison for ledger reddit community.

sr. member
Activity: 616
Merit: 314
CONTEST ORGANIZER
Nicolas Bacca cio and co-founder of Ledger, will leave the company following the recent recover scandal. he follows former ceo and co-founder Eric Larchevêque, who stepped down in 2019.
ceo Pascal Gauthier blamed an 'unintentional communication mistake' for the Recover melee, but also stressed the importance of key recovery for users who feel overwhelmed by key management.

https://en.thebigwhale.io/article-en/EXCLUSIVE-Nicolas-Bacca-leaves-Ledger
https://cryptomode.com/co-founder-nicolas-bacca-to-exit-ledger-amidst-recover-feature-controversy/

Nicolas Bacca cio and co-founder of Ledger, will leave the company following the recent recover scandal. he follows former ceo and co-founder Eric Larchevêque, who stepped down in 2019.
ceo Pascal Gauthier blamed an 'unintentional communication mistake' for the Recover melee, but also stressed the importance of key recovery for users who feel overwhelmed by key management.

It's really not a good sign when all the founders of a company decide to leave the company, when apparently it is not having any problems.

Are there any other founders left at this point? Or have they all left?

Yes, its not a good sign like you said, but when you have this kind of massive blows, no matter if its a company or a state, you allways needs to have a fuse, and this kind of move its that, a fuse making his job, so to the outside everyone can see some change (not really).

Still sad to see the founders went out. I hope if they made all with good intentions at least they walk away with some good money.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
All those who left and those who are now leaving are irrelevant, it is known who pulls the main strings in the company and who invented a new service that once again put the company in an uncomfortable position. This is nothing new in the business world, when the CEO does something stupid, then he shifts the responsibility to those below him for what they say is the "welfare of the company".



~snip~
ceo Pascal Gauthier blamed an 'unintentional communication mistake' for the Recover melee, but also stressed the importance of key recovery for users who feel overwhelmed by key management.

He calls his stupid decision an "unintentional communication mistake", which means that he is actually saying that they were not capable of presenting a bad business move (from the perspective of anyone who knows what kind of risk we are talking about) as something revolutionary that will allow their mothers and grandmothers to use cryptocurrencies on "safe way".
legendary
Activity: 1722
Merit: 4711
**In BTC since 2013**
Nicolas Bacca cio and co-founder of Ledger, will leave the company following the recent recover scandal. he follows former ceo and co-founder Eric Larchevêque, who stepped down in 2019.
ceo Pascal Gauthier blamed an 'unintentional communication mistake' for the Recover melee, but also stressed the importance of key recovery for users who feel overwhelmed by key management.

It's really not a good sign when all the founders of a company decide to leave the company, when apparently it is not having any problems.

Are there any other founders left at this point? Or have they all left?
Pages:
Jump to: