Pages:
Author

Topic: Ledger, safe or not? - page 2. (Read 485 times)

hero member
Activity: 2282
Merit: 659
Looking for gigs
August 24, 2023, 09:37:56 AM
#20
The recovery service that they've got is applicable to the newer versions of their hardware wallet.

Avoid if you are just about buying a new hardware wallet. As for safe, if you were already using Ledger before they announced the Ledger recovery service, you might just continue using it as you have been doing so, but of course without 'subscribing' to the new Ledger recovery service, but whenever you decide to get a new hardware wallet, you should ditch Ledger for a different brand; because there is then no reason to continue using it.
This is right, if you own the old Ledger Nano S version, it's not part of that recovery feature. As for the choice, I guess that on these times the favor goes to Trezor.

I have the same version so I would prefer this kind of model than those that supports recovery feature. But to be honest, I really do not like the decision of Ledger to include the recovery feature for the updated versions.

It clearly not defining them anymore as a true cold hardware wallet. I don’t have any plans to buy future versions of Ledger Nano like the X or so because of the controversial recovery feature.
legendary
Activity: 1722
Merit: 5937
August 24, 2023, 09:29:41 AM
#19
If you have a Ledger, just don't use Ledger Live — that itself removes a good chunk of the uncertainty risk.
While I do agree that Ledger Live is a shit app that shouldn't be used for more than its needed, isn't it open souce and same goes for those coin apps meaning ppl probably tested it?. The main problem with Ledger is that its firmware is closed source and imho that's way more dangerous because you can't simply avoid it like you can Ledger Live.



@OP Ledger  owes is market dominance thanks to the fact that at the time they launched their HW there was no many competitions like it is now so people simply buy it by innertion but luckily nowadays there are many quality options that doesn't cost a fortune so there's no need really to get Ledger if you want a safe wallet to store your bitcoin.

hero member
Activity: 2716
Merit: 698
Dimon69
August 24, 2023, 09:08:57 AM
#18
Ever since I watched that Joe Grand guy crack that trezor wallet with 2 million inside on youtube I've been turned off. There's no perfect solution right now but I still think using hardware wallets as a 2FA approach is a good thing.

The issue was resolved according to the Trezor and the hack issue is only possible through physical attack. The hacker spend 12 weeks to hack the device which is already too long for the owner to import his backup seedphrase on a software wallet to recover his fund safely.

Hardware wallet security is improving as time pass by. There's no need to worry much about hack if you are purchasing a hw with open source code and from trusted company.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
August 24, 2023, 08:54:52 AM
#17
~snip~
If you have a Ledger, just don't use Ledger Live — that itself removes a good chunk of the uncertainty risk.

If only it were that simple, but for those who buy Ledger HW for the first time, using Ledger Live is mandatory for the initial setup of the device, and for those who have been using it before if they want to upgrade the firmware or add/upgrade any coin app. In addition, regardless of which software you use with the device, you still connect to the Ledger servers for every incoming/outgoing transaction, which means that you still take certain risks, at least as far as privacy is concerned.

For anyone who can afford it, it would be wise to find an alternative, or to pretend that nothing has happened and will not happen.
sr. member
Activity: 658
Merit: 441
August 24, 2023, 08:07:05 AM
#16
Hello, so with the whole ledger recovery service that was introduced not too long ago many people went to other hardware wallets. I did not, I wanted to wait and see what happens. I thought people were blowing this out of proportion and now the dust has settled it seems it may be the case.

What is your verdict? Safe? Avoid?

I believed they lied about not having a back door and now found out they do. And also being closed source who knows what can be taken by them. But any hardware wallet service can deploy a new software update and take your keys as most people do not know how to verify the source even if it is open. And if people do find out they will do by other people who have checked it and by that point a lot of keys may get stolen if something or someone decided to go rogue at the respective hardware company. I believe this cannot be applied to all hardware companies due to the design of the device.


All help and views are appreciated thank you.
Your seed phrase should be private and only known to you but entrusting your seed phrase to third party agencies for safe keeping is risky. Also, subscribers of the Ledger recovery service would need to give up their privacy by undergoing KYC, all these raised security concerns. This is not some firmware update, this is different. The fact that many persons have come out to speak against it should clearly tell you that many heads are better than one and they cannot not be wrong. The dust hasn't settled yet because sooner or later people who still have trust for Ledger will suffer for their choices. I would advise you look for a recommendable hardware wallet like Trezor or Passport, as Ledger is not safe.
copper member
Activity: 15
Merit: 3
August 24, 2023, 05:34:03 AM
#15
Ever since I watched that Joe Grand guy crack that trezor wallet with 2 million inside on youtube I've been turned off. There's no perfect solution right now but I still think using hardware wallets as a 2FA approach is a good thing.
copper member
Activity: 1470
Merit: 1609
Bitcoin Bottom was at $15.4k
August 24, 2023, 02:10:32 AM
#14
I mean I have been using Ledger previously the only thing I don't like about it is that it's not open source. I would prefer a Hardware Wallet which is tested by the whole community, a project being open sourced surely allows more security tests to be done on it and most of the time, white hat hackers simply provide the test result/report to the developers instead of exploiting it. This is where Trezor leads the way. AND In the end, it comes to your personal preference to be honest.
sr. member
Activity: 854
Merit: 424
I stand with Ukraine!
August 23, 2023, 09:56:04 PM
#13
After the incidence from the Ledger Recovery, CEO of Ledger announced there's no back door, trying to allay the fears of users but we all know these company owners will say shit just to cover their lies.
First, Ledger is closed source.
Second, with their Ledger Recovery Service, you will give three pieces of your mnemonic seeds to three entities including – Ledger, Coincover, and EscrowTech. You have to trust those entities that they won't leak pieces of your seed or do combined shady things to steal your seed and your coins.

It is unsafe even they claim they are using Shamir Secret Sharing Algorithm and I don't trust Ledger as they had some data breaches [1] and they are closed source.

[1] Ledger Wallet Customer Info Hack (2020)
hero member
Activity: 966
Merit: 620
August 23, 2023, 05:44:57 PM
#12
 One thing you should have at the back of your mind is that no wallet is 100% secure, no matter how secure as possible developers try to make it, there are still criminals who will find a way to exploit and hack it and Ledger is not free from this.
After the incidence from the Ledger Recovery, CEO of Ledger announced there's no back door, trying to allay the fears of users but we all know these company owners will say shit just to cover their lies.
Some people prefer to use Ledger because it offers invaluable security and helps prevent your digital assets from entering the wrong hands and also it's affordable and convenient for use. My advice? It's best to avoid it. You can try some of the options other users suggested tho.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
August 23, 2023, 04:33:53 PM
#11
My verdikt?
Stay away from a closed-source hardware (or software) wallet, regardless if it's Ledger or someone else. I dispise the way they did their marketing on "security by obscurity" and lying about "your secrets can't leave the secure element". Well, it turns out that's only true as long as they don't program it to be able to leave the secure element on purpose. Trust us, we (Ledger) are the good guys! Sure, f*** u!!

The corporate executives look to me completely nuts with their decisions and public behavior, before and after the "Ledger Recovery" desaster. I wouldn't use a Ledger even if they'd pay me for it. Don't buy, support and use such crap. My opinion, period. You do yours!
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
August 23, 2023, 04:20:14 PM
#10
I believed they lied about not having a back door and now found out they do. And also being closed source who knows what can be taken by them. But any hardware wallet service can deploy a new software update and take your keys as most people do not know how to verify the source even if it is open. And if people do find out they will do by other people who have checked it and by that point a lot of keys may get stolen if something or someone decided to go rogue at the respective hardware company. I believe this cannot be applied to all hardware companies due to the design of the device.

Well, up to some extent, you still have to trust your hardware wallet provider and there are plenty of manufacturers that did not BS'd their way like ledger. In short there are better options.

I do hope most of the community haven't succumbed back to ledger as that wouldn't send a good message. It's safe to assume other manufacturers are also watching the scene unfold and imagine if ledger recovered + gained more market especially on their cloud backup side business, what does that say?  Undecided
hero member
Activity: 3136
Merit: 591
Leading Crypto Sports Betting & Casino Platform
August 23, 2023, 02:11:15 PM
#9
The recovery service that they've got is applicable to the newer versions of their hardware wallet.

Avoid if you are just about buying a new hardware wallet. As for safe, if you were already using Ledger before they announced the Ledger recovery service, you might just continue using it as you have been doing so, but of course without 'subscribing' to the new Ledger recovery service, but whenever you decide to get a new hardware wallet, you should ditch Ledger for a different brand; because there is then no reason to continue using it.
This is right, if you own the old Ledger Nano S version, it's not part of that recovery feature. As for the choice, I guess that on these times the favor goes to Trezor.
legendary
Activity: 2184
Merit: 1302
August 23, 2023, 01:43:20 PM
#8
What is your verdict? Safe? Avoid?
Avoid if you are just about buying a new hardware wallet. As for safe, if you were already using Ledger before they announced the Ledger recovery service, you might just continue using it as you have been doing so, but of course without 'subscribing' to the new Ledger recovery service, but whenever you decide to get a new hardware wallet, you should ditch Ledger for a different brand; because there is then no reason to continue using it.
But any hardware wallet service can deploy a new software update and take your keys as most people do not know how to verify the source even if it is open.
If it is open source and you can't verify the code yourself, i think you should at least wait for others who can to verify it and see if there are complaints about bugs/malicious lines before you update yours.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
August 23, 2023, 12:54:31 PM
#7
Less safer than fully open-source hardware wallets like Coldcard due to the huge question mark with concerning software upgradability, but still more secure than your typical software-wallet-on-your-personal-device setup. If you have a Ledger, just don't use Ledger Live — that itself removes a good chunk of the uncertainty risk.

imo: Coldcard > Ledger > BlueWallet on personal mobile device > Electrum on personal device
hero member
Activity: 1386
Merit: 513
Payment Gateway Allows Recurring Payments
August 23, 2023, 11:25:34 AM
#6
The backup option of Ledger has raised so many doubts among many users and this is not something new instead I think you asked this question just because you may want to buy a new hardware wallet for you. So, the best choice is to remain anonymous and decentralized. As many other members mentioned to avoid it but I would not say it is not totally safe because every person has there own set of rules to accept or reject something so you must also have some rules or requirements in your mind which you want to be included in your specific hardware wallet.

I suggest you to avoid spending money on Ledger wallet and instead go for other options. If you do not know what wallet is good for you. Then I have seen a website here on BTT which comprised all the hardware wallets with good comparison options. You must check it out too.
https://www.crypto-hardware.com/

hero member
Activity: 1288
Merit: 564
Bitcoin makes the world go 🔃
August 23, 2023, 11:14:15 AM
#5
All help and views are appreciated thank you.

Ledger is not open source and they recently reveal that they are untrusted after their announcement of the possibility of key recovery using their service which means the company can access all account connected to ledger device that will kill the anonymity and safety of your asset.

Choose open source hardware wallet and forget about the popular brand that is close source code such as Ledger. I use Keep key now and use only my ledger as keychain to my bag for decoration purposes.  Cheesy
sr. member
Activity: 2520
Merit: 280
Hire Bitcointalk Camp. Manager @ r7promotions.com
August 23, 2023, 11:08:20 AM
#4
Recovery services offered by hardware wallets are just another idea for them to make money through the subscription fee but for you, it is not safe and never give access to your keys or funds no matter what they say and how reputed their brand is.

So the best alternative for recovery service but in non-custodial way is Shamir's Secret Sharing[1].

1. https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing

Quote
Shamir's Secret Sharing is a cryptographic method that allows you to split a secret (like your recovery seed) into multiple parts, called shares. You can distribute these shares to different locations or trusted individuals. To recover your wallet, you need a certain number of these shares. If one location or person becomes inaccessible, you can still recover your wallet using the remaining shares. This method gives you control over your recovery while providing redundancy.
member
Activity: 239
Merit: 59
a young loner on a crusade
August 23, 2023, 10:53:42 AM
#3
What is your verdict? Safe? Avoid?
Unsafe. Avoid.

This is why:
Quote
I believed they lied about not having a back door
What more do you need? They lied. Who knows what else they lied about.

--Knight Hider
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
August 23, 2023, 10:52:27 AM
#2
What is your verdict? Safe? Avoid?
It is not safe and it is against what bitcoin is (trustless). Ledger does not also care about users data. It is one of the wallets you can go for if you are not bothered about your privacy and your coin security and safety.

For bitcoin only wallet, go for Passport
For bitcoin and altcoins wallet, go for Trezor.

Note that the coinjoin in Trezor is in association with Wasabi. Wasabi coinjoin are censoring UTXOs and working with chain analytic company to spy on your coinjoin transaction. Do not use Trezor coinjoin.
member
Activity: 148
Merit: 13
August 23, 2023, 10:46:08 AM
#1
Hello, so with the whole ledger recovery service that was introduced not too long ago many people went to other hardware wallets. I did not, I wanted to wait and see what happens. I thought people were blowing this out of proportion and now the dust has settled it seems it may be the case.

What is your verdict? Safe? Avoid?

I believed they lied about not having a back door and now found out they do. And also being closed source who knows what can be taken by them. But any hardware wallet service can deploy a new software update and take your keys as most people do not know how to verify the source even if it is open. And if people do find out they will do by other people who have checked it and by that point a lot of keys may get stolen if something or someone decided to go rogue at the respective hardware company. I believe this cannot be applied to all hardware companies due to the design of the device.


All help and views are appreciated thank you.
Pages:
Jump to: