Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Hardware wallets
Pages:
Author

Topic: Ledger's laying off employees. Thoughts? - page 2. (Read 787 times)

Pmalek
legendary
Activity: 2730
Merit: 7065
Farewell, Leo. You will be missed!
Re: Ledger's laying off employees. Thoughts?
October 16, 2023, 11:25:07 AM
#62
Quote from: Meuserna on October 15, 2023, 04:17:03 PM
It's even worse than that.  The thief would get your coins AND your personal info, because Ledger's system connects your KYC directly to your coins.  So, if the thief has reason to suspect that you have even more coins hidden behind a passphrase, he knows who you are and where to find you, all thanks to Ledger.
That is a possibility. However, the data leaks we saw from Ledger and other companies never included any addresses or xpubs. The amount of coins never leaked anywhere which means those who still have those databases can't know who owns what. But since their names are on a list of hardware wallet users, it's reasonable to assume they have coins whose keys they believe are worth protecting with such devices. 

Quote from: satscraper on October 16, 2023, 03:41:50 AM
In my view the best setup for your stash is a multisig wallet with at least two airgapped co-signers, say Passport and ColdCard MK4 (or coming ColdCard Q1).
Wasn't there talk about hardware wallets not always being the best choice in multisig systems? I think I have heard both Ledger and Trezor being mentioned as problematic. Or perhaps I am thinking of a specific multisig use case and not all of them Huh
o_e_l_e_o
legendary
Activity: 2268
Merit: 18509
Re: Ledger's laying off employees. Thoughts?
October 16, 2023, 11:03:46 AM
#61
Quote from: satscraper on October 16, 2023, 03:41:50 AM
This is true  until fake and/or back-door firmware will not modify the data immunity inside Passport device otherwise they have the option to leave this wallet despite it is airgapped device.
This would require you to install said fake firmware first. Given Passport's firmware is entirely open source, and can be download and verified against multiple Passport keys prior to being installed, then the chance of this is extremely low. And even if you did install the fake firmware, you would still have to make further mistakes to transfer private keys or other sensitive information off the device and on to your computer.

Quote from: satscraper on October 16, 2023, 03:41:50 AM
I would not put all trust on a single manufacturer. In my view the best setup for your stash is a multisig wallet with at least two airgapped co-signers, say Passport and ColdCard MK4 (or coming ColdCard Q1).
That's certainly a very good option, but if I was doing this I would prefer to use a multi-sig between a Passport and an airgapped computer, rather than two different hardware wallets.

Quote from: Lucius on October 16, 2023, 08:36:58 AM
sometimes leaking data that includes the physical addresses of HW customers can have even more serious consequences, because apart from what you have stored on HW, you can endanger the life of yourself and your family.
Completely agree. If the seed phrase from one of my hardware wallets leaked, I would lose absolutely nothing. Every coin I own is further protected by either a multi-sig or an additional passphrase, and so I would casually move everything to fresh wallet and have no ongoing concerns. If on the other hand my KYC data leaked (which obviously it never would, since I've never given it away) I would consider that a complete disaster with lifelong implications.
Lucius
legendary
Activity: 3220
Merit: 5634
Blackjack.fun-Free Raffle-Join&Win $50🎲
Re: Ledger's laying off employees. Thoughts?
October 16, 2023, 08:36:58 AM
#60
Quote from: Pmalek on October 15, 2023, 09:10:17 AM
~snip~
A security leak is more dangerous than a privacy leak. I mean, leaking names, emails, and addresses is bad, but leaking seeds or private keys and having your device manipulated equals the loss of coins.

So far (as far as I know) no HW company has been part of a scandal that involved seed being compromised in a way that could be hacked remotely/online, but Ledger will go down in history as the first company to allow hackers that possibility. Although I generally agree that leaking seeds/private keys is a complete disaster financially, sometimes leaking data that includes the physical addresses of HW customers can have even more serious consequences, because apart from what you have stored on HW, you can endanger the life of yourself and your family.


Quote from: satscraper on October 16, 2023, 03:41:50 AM
This is true until fake and/or back-door firmware will not modify the data immunity inside Passport device otherwise they have the option to leave this wallet despite it is airgapped device.

I wonder how likely it is that something like that would happen and do you think that someone from that company or some hacker would do it? However, I think that the majority of people who buy such HW are not so naive as to fall for such a trick.

Quote from: satscraper on October 16, 2023, 03:41:50 AM
I would not put all trust on a single manufacturer. In my view the best setup for your stash is a multisig wallet with at least two airgapped co-signers, say Passport and ColdCard MK4 (or coming ColdCard Q1).

For those extra paranoid, maybe even that wouldn't be enough, but it's certainly better than the option of completely trusting only one manufacturer.
satscraper
hero member
Activity: 714
Merit: 1298
Cashback 15%
Re: Ledger's laying off employees. Thoughts?
October 16, 2023, 03:41:50 AM
#59
Quote from: o_e_l_e_o on October 15, 2023, 04:44:10 AM
Quote from: Pmalek on October 15, 2023, 04:29:12 AM
All hardware wallet manufacturers have lied to their customers that sensitive data can't leave the secure element.
Then stick to permanently airgapped hardware wallets such as Passport, and your data can't leave the device at all.

This is true  until fake and/or back-door firmware will not modify the data immunity inside Passport device otherwise they have the option to leave this wallet despite it is airgapped device. I would not put all trust on a single manufacturer. In my view the best setup for your stash is a multisig wallet with at least two airgapped co-signers, say Passport and ColdCard MK4 (or coming ColdCard Q1).
Meuserna
member
Activity: 99
Merit: 153
Re: Ledger's laying off employees. Thoughts?
October 15, 2023, 04:17:03 PM
#58
Quote from: Pmalek on October 15, 2023, 09:10:17 AM
But the other element of the story is privacy vs security. A security leak is more dangerous than a privacy leak. I mean, leaking names, emails, and addresses is bad, but leaking seeds or private keys and having your device manipulated equals the loss of coins.

It's even worse than that.  The thief would get your coins AND your personal info, because Ledger's system connects your KYC directly to your coins.  So, if the thief has reason to suspect that you have even more coins hidden behind a passphrase, he knows who you are and where to find you, all thanks to Ledger.
Pmalek
legendary
Activity: 2730
Merit: 7065
Farewell, Leo. You will be missed!
Re: Ledger's laying off employees. Thoughts?
October 15, 2023, 09:10:17 AM
#57
Quote from: Lucius on October 15, 2023, 06:44:32 AM
Of course, when we buy things like this online, we should always keep in mind what happened with the Ledger database, and avoid such a situation in the future. This means either buying the device directly in a physical store and paying in cash, or using a PO box.
Each individual must decide what the biggest possible threat is: database leaks from centralized entities or supply chain attacks that increase more and more if you add new people to the chain that come in contact with the device. Judging by how many hacks and leaks we have had (not just crypto related), I personally think the former is more likely to happen than the latter. But the other element of the story is privacy vs security. A security leak is more dangerous than a privacy leak. I mean, leaking names, emails, and addresses is bad, but leaking seeds or private keys and having your device manipulated equals the loss of coins.

Quote from: Lucius on October 15, 2023, 06:44:32 AM
There is another option, and that is if you have someone who travels to the US to buy you that device, you save some money and don't have to worry about possible data leaks and privacy threats.
That's possible, yes. One more option that works for us in the Balkans is that we usually have friends and family all over the world who could be the recipients of physical goods. If you explain to them the threat model and privacy implications and they don't mind, it's also doable. But that involves putting them in the line of fire which is far from ideal. 
Lucius
legendary
Activity: 3220
Merit: 5634
Blackjack.fun-Free Raffle-Join&Win $50🎲
Re: Ledger's laying off employees. Thoughts?
October 15, 2023, 06:44:32 AM
#56
Quote from: Pmalek on October 15, 2023, 04:59:11 AM
It's quite an expensive device to get in Europe despite their price reduction. I think you are still looking at around €250 if you buy it from an official reseller. But yeah, Passport definitely deserves one of the top spots now.
~snip~

The price is really around that amount (even a little more) with the addition that the costs of sending the package should be added to the total price. However, I don't think that amount should be an obstacle for anyone who has any amount of BTC that they feel is of great value to them. For some it may be 1 BTC, for others it may be half as much, but considering the security provided by the device, it is a small price to pay.

Of course, when we buy things like this online, we should always keep in mind what happened with the Ledger database, and avoid such a situation in the future. This means either buying the device directly in a physical store and paying in cash, or using a PO box.

There is another option, and that is if you have someone who travels to the US to buy you that device, you save some money and don't have to worry about possible data leaks and privacy threats.
Pmalek
legendary
Activity: 2730
Merit: 7065
Farewell, Leo. You will be missed!
Re: Ledger's laying off employees. Thoughts?
October 15, 2023, 05:27:02 AM
#55
Quote from: NeuroticFish on October 15, 2023, 05:06:54 AM
From what I've seen on websites, yes. Just afaik there's more to read about SeedSigner, for example I think that it doesn't work with Electrum (it may do with Sparrow) and you have to generate the seed separately yourself.
I know that it works with Sparrow, Blue Wallet, and some other less-known bitcoin-wallet. I think you are right about the Electrum.
Yeah, the seed has to be generated on the Seedsigner. For example, with dice rolls. There is another option to do it using images you take with the device's camera, but I am not sure how this works exactly. I am sure it's not difficult to learn if it comes to that.
NeuroticFish
legendary
Activity: 3500
Merit: 6205
Looking for campaign manager? Contact icopress!
Re: Ledger's laying off employees. Thoughts?
October 15, 2023, 05:06:54 AM
#54
Quote from: Pmalek on October 15, 2023, 04:59:11 AM
Something draws me to the Seedsigner as well.

Me too  Cheesy

Quote from: Pmalek on October 15, 2023, 04:59:11 AM
Can these devices be bought fully assembled?

From what I've seen on websites, yes. Just afaik there's more to read about SeedSigner, for example I think that it doesn't work with Electrum (it may do with Sparrow) and you have to generate the seed separately yourself.
Pmalek
legendary
Activity: 2730
Merit: 7065
Farewell, Leo. You will be missed!
Re: Ledger's laying off employees. Thoughts?
October 15, 2023, 04:59:11 AM
#53
Quote from: o_e_l_e_o on October 15, 2023, 04:44:10 AM
Then stick to permanently airgapped hardware wallets such as Passport, and your data can't leave the device at all.
It's quite an expensive device to get in Europe despite their price reduction. I think you are still looking at around €250 if you buy it from an official reseller. But yeah, Passport definitely deserves one of the top spots now. Something draws me to the Seedsigner as well. But I don't like the DYI nature of it. Can these devices be bought fully assembled?   

I have no intention of moving my short list of alts that I need from my Ledger. Without going into too many details of what I have there, why move something that is centralized in nature and freezable regardless of where it is!? My Ledger-Trezor combo will work fine for that. One part of my BTC will be going elsewhere, though.
NeuroticFish
legendary
Activity: 3500
Merit: 6205
Looking for campaign manager? Contact icopress!
Re: Ledger's laying off employees. Thoughts?
October 15, 2023, 04:47:06 AM
#52
Quote from: Pmalek on October 15, 2023, 04:29:12 AM
You have to set up your wallet when you first get it. You have to install the crypto apps from the Account Manager and upgrade the firmware, which also requires installing a certain version of the Ledger Live. After that, you can avoid using the LL, unless it's time for another round of upgrades.

Actually I had a situation last summer, I had only the phone with me abroad and I needed to use my Ledger on a let's say unexpected setup and after trying the two Android wallets that I knew they support Ledger HW and they both gave error, I had no other choice than to use LL. Maybe I'll recheck the steps of what I've done and I'll write it detailed some day.
The point is that LL can be needed in other cases too, as wallet, and in the light of that seed recovery crap, ... it's somewhat unsettling.

Quote from: o_e_l_e_o on October 15, 2023, 04:44:10 AM
Quote from: Pmalek on October 15, 2023, 04:29:12 AM
All hardware wallet manufacturers have lied to their customers that sensitive data can't leave the secure element.
Then stick to permanently airgapped hardware wallets such as Passport, and your data can't leave the device at all.

I strongly agree with both statements from here  Cheesy
o_e_l_e_o
legendary
Activity: 2268
Merit: 18509
Re: Ledger's laying off employees. Thoughts?
October 15, 2023, 04:44:10 AM
#51
Quote from: Pmalek on October 15, 2023, 04:29:12 AM
All hardware wallet manufacturers have lied to their customers that sensitive data can't leave the secure element.
Then stick to permanently airgapped hardware wallets such as Passport, and your data can't leave the device at all.
Pmalek
legendary
Activity: 2730
Merit: 7065
Farewell, Leo. You will be missed!
Re: Ledger's laying off employees. Thoughts?
October 15, 2023, 04:29:12 AM
#50
Quote from: The Sceptical Chymist on October 06, 2023, 08:10:51 PM
OK, so it is true then that if you use Electrum (or Sparrow I heard?) and just stay away from any coin that doesn't have a 3rd party wallet that can interact with the Ledger in place of Ledger Live, Ledger can't see your IP address?
If you are a Ledger user, you can't stay away from Ledger Live entirely. You have to set up your wallet when you first get it. You have to install the crypto apps from the Account Manager and upgrade the firmware, which also requires installing a certain version of the Ledger Live. After that, you can avoid using the LL, unless it's time for another round of upgrades.

But yeah, connecting to Ledger servers is a privacy leak. They will surely know your IP address and your balance. But it's an equal privacy leak to connect to someone else's Electrum server except yours. The only difference is that there isn't a company like Ledger receiving this information (publicly known at least), it's the subject running the Electrum server. Take note, though, that anyone can be behind those servers including chain analysis or government agencies. Nothing stops them from owning nodes the same way you can.

Quote from: Z-tight on October 08, 2023, 06:42:58 AM
I think another reason is that the BTC community (not just on this forum alone) has promoted Ledger (and Trezor too) for a very long time as recommended hardware wallets, i am talking of before the community knew they were lying about wallets secrets never leaving the secure element and a lot of other lies and security flaws from Ledger.
You are missing something far worse that doesn't concern only Ledger. All hardware wallet manufacturers have lied to their customers that sensitive data can't leave the secure element. Ledger was just stupid/smart enough to tell the public about it. That's the worrying part. 
satscraper
hero member
Activity: 714
Merit: 1298
Cashback 15%
Re: Ledger's laying off employees. Thoughts?
October 14, 2023, 05:54:26 AM
#49
In fact the laying off employees from company that makes hardware wallets with  the hidden room ( which can be known  to some of those employees)   to access  users' SEED is a dangerous bearing. What  if  those who have been fired would like to take out on Ledger  for their  kick off and put company in the line of fire by using that hidden room? End result is quite possible, why not.

That your coins are still in your wallet is Ledger's omission rather than  your credit .   Smiley
The Sceptical Chymist
legendary
Activity: 3332
Merit: 6809
Cashback 15%
Re: Ledger's laying off employees. Thoughts?
October 13, 2023, 06:47:42 PM
#48
Quote from: Meuserna on October 13, 2023, 04:32:19 PM
Could you imagine if the owner of a restaurant said "Our recipes don't contain poison, but I obviously can't prove it"?
That would be a very honest thing for a restaurateur to say--and every one of them should say that if they haven't explicitly done tests for poisons.  Even if they said they did, there are a lot of poisons that standard tests wouldn't pick up on.  Personally if I got that answer from our theoretical restaurant owner, I'd still feel comfortable eating at his establishment.

But when it comes to everything Ledger has said and the risk you're comparing to being poisoned at a restaurant....I'm not reassured in the least by anything they've said after they announced the Recover thing, and I just don't understand all of the support they're still getting in their subreddit.  Some of those people have to realize the gravity of Ledger being able to get access to their customers' private keys at will. 

Still have my fingers crossed that their company goes down in a bright, flaming ball of wreckage and is never to be seen again.
Meuserna
member
Activity: 99
Merit: 153
Re: Ledger's laying off employees. Thoughts?
October 13, 2023, 04:32:19 PM
#47
Quote from: m2017 on October 13, 2023, 01:42:43 PM
Why take unnecessary risk when there are so many hardware wallet devices on the market to which you can transfer your coins at the earliest opportunity.

This.

Why would anyone risk their coins by sticking with Ledger?  Even Ledger says they can't prove their code is safe.

Quote
There's no backdoor and I obviously can't prove it

Could you imagine if the owner of a restaurant said "Our recipes don't contain poison, but I obviously can't prove it"?

The good thing about this whole Ledger debacle is that they taught you why open source code is so important.

Code that can't be verified can't be trusted.  Wallets with code that can't be verified shouldn't be used.  Period.
m2017
legendary
Activity: 1792
Merit: 1296
keep walking, Johnnie
Re: Ledger's laying off employees. Thoughts?
October 13, 2023, 01:42:43 PM
#46
Quote from: o_e_l_e_o on October 13, 2023, 06:30:22 AM
Quote from: so98nn on October 12, 2023, 11:29:20 PM
Should I be worried about its ongoing operations?
It does not matter if Ledger go bankrupt or disappear. You can always pair your device with Electrum or Sparrow to access your coins, and as long as you have your seed phrase you can still restore it to another hardware wallet or airgapped device.
This option will only work if, in the process of bankruptcy or disappearance, none of the former employees of ledger wants to take away before leaving “what belongs to him by right of having worked so hard for this company for so many years”, after looking into your wallet. Of course, if ledger contains any backdoor or loophole in its closed source code.

Quote from: o_e_l_e_o on October 13, 2023, 06:30:22 AM
The bigger concern is the risk of your seed phrase leaving your device, or indeed, if it has already left your device since the ability for that to happen has been there all along, despite Ledger lying and saying the opposite. Ideally you should purchase another hardware wallet or move to using a permanently airgapped computer. If you don't want to do this then there are a few steps you could take to reduce your risk, but they are not a guarantee by any means, make no difference to what might already have happened in the past. and they will limit how you can use your hardware wallet.
Why take unnecessary risk when there are so many hardware wallet devices on the market to which you can transfer your coins at the earliest opportunity.

The guarantee will only be available if you completely switch to a device from another manufacturer. For example, Trezor announced its new device with a new protective element - Trezor Safe 3 New Hardware Wallet .
LoyceV
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Re: Ledger's laying off employees. Thoughts?
October 13, 2023, 08:43:19 AM
#45
Quote from: so98nn on October 13, 2023, 07:02:32 AM
Ok task accepted.

But I’m dead scared by just reading the process itself. Lolz. I think I will have to right down the step by step workflow for this since I am not very much experienced with this stuff.
In that case, let's start a bit easier: create a new Electrum wallet. Then go through the "workflow" to reproduce the addresses air-gapped from seed using Ian Coleman's site. No need to fund this wallet, so no risk of messing up, but it will be a good exercise.

Quote
If I am going to do anything like this then I will first move my coins to other address temporarily off course.
To think about: How are you going to verify restoring the seed for that new address before funding it? Wink
Ziskinberg
hero member
Activity: 2926
Merit: 636
For campaign management look for Little Mouse!
Re: Ledger's laying off employees. Thoughts?
October 13, 2023, 07:18:42 AM
#44
It's likely due to a decrease in demand. As per @Yamane_Keto's post, Ledger sold over 6.5 million Ledger Nano devices, raking in at least $650 million by my rough calculations, considering the price range of $79 to $149. That's a substantial number of people securing their assets with Ledger wallets. A quick Google search tells me there are already '460 million Bitcoin wallets' out there, so it's possible that 6.5 million hardware wallets might be close to the maximum for total users. Of course, there's still room for growth if some positive news shakes up the market, as demand is often driven by market conditions.

However, this recent update is significant. They've had to lay off a lot of employees, which is unfortunate but understandable given their situation. It does, however, does not project a better image for the company. I wouldn't be surprised if we hear more news related to their situation if things continue to worsen.
so98nn
hero member
Activity: 2072
Merit: 603
Re: Ledger's laying off employees. Thoughts?
October 13, 2023, 07:02:32 AM
#43
Quote from: LoyceV on October 13, 2023, 05:53:23 AM
Quote from: so98nn on October 12, 2023, 11:29:20 PM
That doesn't seem good to me considering the fact that I am having Ledger bought in late 2018. Since then I have never explored other wallets considering I will have to invest more money in my wallet than I could save up in it. Instead, I am using the same wallet to date. In the past, I even lost it once due to home shifting and careless handling of the same (learned lesson already).

Now is not the time for this company to shit around like that.

Should I be worried about its ongoing operations?
From your worries, it's good to differentiate between two things: "Ledger disappearing", and "Ledger lying about the seed phrase never leaving the hardware wallet". I'd worry about the latter, but that's something for another topic. As for the former: If you're worried about relying on Ledger's servers, you shouldn't have used them in the first place.
I like to test my backups before funding a wallet. So here's a test: get an offline air-gapped system without storage and running from a Linux Live DVD, copy Ian Coleman's site, and see if you can reproduce the private keys and addresses that you have in your Ledger from it's seed. Be careful of course not to do dumb things with your seed, and wipe the system's memory (by turning it off) when you're done. I've done this in the past, and it gives me peace of mind that I can restore my funds without any hardware wallet.

Ok task accepted.

But I’m dead scared by just reading the process itself. Lolz. I think I will have to right down the step by step workflow for this since I am not very much experienced with this stuff.

If I am going to do anything like this then I will first move my coins to other address temporarily off course. Then I will do the dummy run as mentioned above. I don’t want to be victim of things that I don’t know. Even when I am normally using ledger I would triple check the shit.

But thanks for the info, reminds me that I have revise and recall my deed phrases in my photographic memory.  Tongue
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Hardware wallets
Jump to: