Ledger, safe or not? - page 2. | Bitcointalksearch.org

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: mk4 on August 23, 2023, 01:54:31 PM

~snip~
If you have a Ledger, just don't use Ledger Live — that itself removes a good chunk of the uncertainty risk.

If only it were that simple, but for those who buy Ledger HW for the first time, using Ledger Live is mandatory for the initial setup of the device, and for those who have been using it before if they want to upgrade the firmware or add/upgrade any coin app. In addition, regardless of which software you use with the device, you still connect to the Ledger servers for every incoming/outgoing transaction, which means that you still take certain risks, at least as far as privacy is concerned.

For anyone who can afford it, it would be wise to find an alternative, or to pretend that nothing has happened and will not happen.

sokani

sr. member

Activity: 616

Merit: 440

DAKE.GG - CASINO AND SLOTS | UP TO 230% BONUS

Quote from: Why you bully me on August 23, 2023, 11:46:08 AM

Hello, so with the whole ledger recovery service that was introduced not too long ago many people went to other hardware wallets. I did not, I wanted to wait and see what happens. I thought people were blowing this out of proportion and now the dust has settled it seems it may be the case.

What is your verdict? Safe? Avoid?

I believed they lied about not having a back door and now found out they do. And also being closed source who knows what can be taken by them. But any hardware wallet service can deploy a new software update and take your keys as most people do not know how to verify the source even if it is open. And if people do find out they will do by other people who have checked it and by that point a lot of keys may get stolen if something or someone decided to go rogue at the respective hardware company. I believe this cannot be applied to all hardware companies due to the design of the device.

All help and views are appreciated thank you.

Your seed phrase should be private and only known to you but entrusting your seed phrase to third party agencies for safe keeping is risky. Also, subscribers of the Ledger recovery service would need to give up their privacy by undergoing KYC, all these raised security concerns. This is not some firmware update, this is different. The fact that many persons have come out to speak against it should clearly tell you that many heads are better than one and they cannot not be wrong. The dust hasn't settled yet because sooner or later people who still have trust for Ledger will suffer for their choices. I would advise you look for a recommendable hardware wallet like Trezor or Passport, as Ledger is not safe.

Frank_Holo

copper member

Activity: 15

Merit: 3

Ever since I watched that Joe Grand guy crack that trezor wallet with 2 million inside on youtube I've been turned off. There's no perfect solution right now but I still think using hardware wallets as a 2FA approach is a good thing.

ImThour

copper member

Activity: 1442

Merit: 1522

Bitcoin Bottom was at $15.4k

I mean I have been using Ledger previously the only thing I don't like about it is that it's not open source. I would prefer a Hardware Wallet which is tested by the whole community, a project being open sourced surely allows more security tests to be done on it and most of the time, white hat hackers simply provide the test result/report to the developers instead of exploiting it. This is where Trezor leads the way. AND In the end, it comes to your personal preference to be honest.

dzungmobile

sr. member

Activity: 840

Merit: 422

I stand with Ukraine!

Quote from: Majestic-milf on August 23, 2023, 06:44:57 PM

After the incidence from the Ledger Recovery, CEO of Ledger announced there's no back door, trying to allay the fears of users but we all know these company owners will say shit just to cover their lies.

First, Ledger is closed source.
Second, with their Ledger Recovery Service, you will give three pieces of your mnemonic seeds to three entities including – Ledger, Coincover, and EscrowTech. You have to trust those entities that they won't leak pieces of your seed or do combined shady things to steal your seed and your coins.

It is unsafe even they claim they are using Shamir Secret Sharing Algorithm and I don't trust Ledger as they had some data breaches ^[1] and they are closed source.

^[1] Ledger Wallet Customer Info Hack (2020)

Majestic-milf

hero member

Activity: 896

Merit: 612

One thing you should have at the back of your mind is that no wallet is 100% secure, no matter how secure as possible developers try to make it, there are still criminals who will find a way to exploit and hack it and Ledger is not free from this.
After the incidence from the Ledger Recovery, CEO of Ledger announced there's no back door, trying to allay the fears of users but we all know these company owners will say shit just to cover their lies.
Some people prefer to use Ledger because it offers invaluable security and helps prevent your digital assets from entering the wrong hands and also it's affordable and convenient for use. My advice? It's best to avoid it. You can try some of the options other users suggested tho.

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

My verdikt?
Stay away from a closed-source hardware (or software) wallet, regardless if it's Ledger or someone else. I dispise the way they did their marketing on "security by obscurity" and lying about "your secrets can't leave the secure element". Well, it turns out that's only true as long as they don't program it to be able to leave the secure element on purpose. Trust us, we (Ledger) are the good guys! Sure, f*** u!!

The corporate executives look to me completely nuts with their decisions and public behavior, before and after the "Ledger Recovery" desaster. I wouldn't use a Ledger even if they'd pay me for it. Don't buy, support and use such crap. My opinion, period. You do yours!

Potato Chips

hero member

Activity: 2786

Merit: 902

yesssir! 🫡

Quote from: Why you bully me on August 23, 2023, 11:46:08 AM

I believed they lied about not having a back door and now found out they do. And also being closed source who knows what can be taken by them. But any hardware wallet service can deploy a new software update and take your keys as most people do not know how to verify the source even if it is open. And if people do find out they will do by other people who have checked it and by that point a lot of keys may get stolen if something or someone decided to go rogue at the respective hardware company. I believe this cannot be applied to all hardware companies due to the design of the device.

Well, up to some extent, you still have to trust your hardware wallet provider and there are plenty of manufacturers that did not BS'd their way like ledger. In short there are better options.

I do hope most of the community haven't succumbed back to ledger as that wouldn't send a good message. It's safe to assume other manufacturers are also watching the scene unfold and imagine if ledger recovered + gained more market especially on their cloud backup side business, what does that say? Undecided

passwordnow

hero member

Activity: 3066

Merit: 577

Leading Crypto Sports Betting & Casino Platform

The recovery service that they've got is applicable to the newer versions of their hardware wallet.

Quote from: Coyster on August 23, 2023, 02:43:20 PM

Avoid if you are just about buying a new hardware wallet. As for safe, if you were already using Ledger before they announced the Ledger recovery service, you might just continue using it as you have been doing so, but of course without 'subscribing' to the new Ledger recovery service, but whenever you decide to get a new hardware wallet, you should ditch Ledger for a different brand; because there is then no reason to continue using it.

This is right, if you own the old Ledger Nano S version, it's not part of that recovery feature. As for the choice, I guess that on these times the favor goes to Trezor.

Coyster

legendary

Activity: 2058

Merit: 1270

Play Poker on Telegram

Quote from: Why you bully me on August 23, 2023, 11:46:08 AM

What is your verdict? Safe? Avoid?

Avoid if you are just about buying a new hardware wallet. As for safe, if you were already using Ledger before they announced the Ledger recovery service, you might just continue using it as you have been doing so, but of course without 'subscribing' to the new Ledger recovery service, but whenever you decide to get a new hardware wallet, you should ditch Ledger for a different brand; because there is then no reason to continue using it.

Quote from: Why you bully me on August 23, 2023, 11:46:08 AM

But any hardware wallet service can deploy a new software update and take your keys as most people do not know how to verify the source even if it is open.

If it is open source and you can't verify the code yourself, i think you should at least wait for others who can to verify it and see if there are complaints about bugs/malicious lines before you update yours.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Less safer than fully open-source hardware wallets like Coldcard due to the huge question mark with concerning software upgradability, but still more secure than your typical software-wallet-on-your-personal-device setup. If you have a Ledger, just don't use Ledger Live — that itself removes a good chunk of the uncertainty risk.

imo: Coldcard > Ledger > BlueWallet on personal mobile device > Electrum on personal device

Faisal2202

sr. member

Activity: 1232

Merit: 475

The backup option of Ledger has raised so many doubts among many users and this is not something new instead I think you asked this question just because you may want to buy a new hardware wallet for you. So, the best choice is to remain anonymous and decentralized. As many other members mentioned to avoid it but I would not say it is not totally safe because every person has there own set of rules to accept or reject something so you must also have some rules or requirements in your mind which you want to be included in your specific hardware wallet.

I suggest you to avoid spending money on Ledger wallet and instead go for other options. If you do not know what wallet is good for you. Then I have seen a website here on BTT which comprised all the hardware wallets with good comparison options. You must check it out too.
https://www.crypto-hardware.com/

Wapfika

hero member

Activity: 1288

Merit: 564

Bitcoin makes the world go 🔃

Quote from: Why you bully me on August 23, 2023, 11:46:08 AM

All help and views are appreciated thank you.

Ledger is not open source and they recently reveal that they are untrusted after their announcement of the possibility of key recovery using their service which means the company can access all account connected to ledger device that will kill the anonymity and safety of your asset.

Choose open source hardware wallet and forget about the popular brand that is close source code such as Ledger. I use Keep key now and use only my ledger as keychain to my bag for decoration purposes. Cheesy

jrrsparkles

sr. member

Activity: 2436

Merit: 272

Hire Bitcointalk Camp. Manager @ r7promotions.com

Recovery services offered by hardware wallets are just another idea for them to make money through the subscription fee but for you, it is not safe and never give access to your keys or funds no matter what they say and how reputed their brand is.

So the best alternative for recovery service but in non-custodial way is Shamir's Secret Sharing^[1].

1. https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing

Quote

Shamir's Secret Sharing is a cryptographic method that allows you to split a secret (like your recovery seed) into multiple parts, called shares. You can distribute these shares to different locations or trusted individuals. To recover your wallet, you need a certain number of these shares. If one location or person becomes inaccessible, you can still recover your wallet using the remaining shares. This method gives you control over your recovery while providing redundancy.

Knight Hider

member

Activity: 239

Merit: 59

a young loner on a crusade

Quote from: Why you bully me on August 23, 2023, 11:46:08 AM

What is your verdict? Safe? Avoid?

Unsafe. Avoid.

This is why:

Quote

I believed they lied about not having a back door

What more do you need? They lied. Who knows what else they lied about.

--Knight Hider

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Quote from: Why you bully me on August 23, 2023, 11:46:08 AM

What is your verdict? Safe? Avoid?

It is not safe and it is against what bitcoin is (trustless). Ledger does not also care about users data. It is one of the wallets you can go for if you are not bothered about your privacy and your coin security and safety.

For bitcoin only wallet, go for Passport
For bitcoin and altcoins wallet, go for Trezor.

Note that the coinjoin in Trezor is in association with Wasabi. Wasabi coinjoin are censoring UTXOs and working with chain analytic company to spy on your coinjoin transaction. Do not use Trezor coinjoin.

Why you bully me

member

Activity: 148

Merit: 13

Hello, so with the whole ledger recovery service that was introduced not too long ago many people went to other hardware wallets. I did not, I wanted to wait and see what happens. I thought people were blowing this out of proportion and now the dust has settled it seems it may be the case.

What is your verdict? Safe? Avoid?

I believed they lied about not having a back door and now found out they do. And also being closed source who knows what can be taken by them. But any hardware wallet service can deploy a new software update and take your keys as most people do not know how to verify the source even if it is open. And if people do find out they will do by other people who have checked it and by that point a lot of keys may get stolen if something or someone decided to go rogue at the respective hardware company. I believe this cannot be applied to all hardware companies due to the design of the device.

All help and views are appreciated thank you.

Topic: Ledger, safe or not? - page 2. (Read 408 times)