My worries with ledger - page 2. | Bitcointalksearch.org

Synchronice

hero member

Activity: 854

Merit: 772

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: Lucius on June 13, 2023, 09:34:08 AM

Quote from: Synchronice on June 13, 2023, 05:10:03 AM

The next big scandal will be this: Breaking news! Ledger Recover data leak! Millions of users lost their coins.

Assuming that millions will use this option, which in my opinion is somewhat unrealistic to expect, although Pascal and comrades obviously expect at least 100 million users to appear from somewhere who will be "intelligent" enough not only to buy their HW, but also to share their seed + KYC with companies they have never heard of.

It is amazing that after all the time BTC has existed, some people for quite evident financial reasons are starting to promote custodial services implying that the average man is incapable of being his own bank. If nothing else, if (when) the next scandal happens, at least we will be able to say that we warned people not to use such options, and that the HW itself of this manufacturer is not something they should trust.

Pascal indirectly said that average Joe is so stupid that he is incapable to take care of his crypto wallet and will lose his seed phrases. So, since average Joe is such a stupid, he came up with an idea to offer them Recover service. I don't wanna sound offensive but absolutely every person who uses or will use Ledger Recover service, is and will be a very dumb person who somehow got some money.

To be honest, I'm really interested in how this Ledger Recover service goes, if Ledger sees good success by running this service, then my perception about humanity will change and if Ledger goes bankrupt, I'll remain positive and hopeful. If Ledger doesn't go bankrupt but will still remain top in this business, then I'll be more sure that average Joe is stupid and they'll believe what you want them to believe.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Synchronice on June 13, 2023, 05:10:03 AM

The next big scandal will be this: Breaking news! Ledger Recover data leak! Millions of users lost their coins.

Assuming that millions will use this option, which in my opinion is somewhat unrealistic to expect, although Pascal and comrades obviously expect at least 100 million users to appear from somewhere who will be "intelligent" enough not only to buy their HW, but also to share their seed + KYC with companies they have never heard of.

It is amazing that after all the time BTC has existed, some people for quite evident financial reasons are starting to promote custodial services implying that the average man is incapable of being his own bank. If nothing else, if (when) the next scandal happens, at least we will be able to say that we warned people not to use such options, and that the HW itself of this manufacturer is not something they should trust.

Synchronice

hero member

Activity: 854

Merit: 772

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: FatFork on June 08, 2023, 12:06:52 PM

Just to be clear, I wouldn't recommend buying a Ledger device to anyone, especially after the major data leak from their ecommerce database last year and this latest fiasco with the Ledger recover service. However, if he's comfortable with his current hardware device and doesn't plan on getting a new one, there doesn't seem to be any immediate danger (at least as far as we know) that would require him to stop from continuing to use it.

You can't be comfortable with Ledger anymore because they totally lied about everything related to their hardware wallet, especially about Secure Element because as it seems, it's possible to get seeds from SE via hardware changes and the most dangerous part here is that Ledger is closed source, so, you actually don't know if they have ever taken your seeds without your permission at past. I would immediately move coins from Ledger Hardware into another wallet.

Quote from: Lucius on June 09, 2023, 06:54:56 AM

I completely agree, the leaking of all that data along with what they have done now is more than enough warning that this company should not be trusted. Accordingly, I don't think anyone should feel comfortable (safe) using this HW to store large values, because when it comes to Ledger, the only question is what will be the next big scandal. Of course, I don't think that anyone should be in a panic and make hasty decisions, but everyone should start looking for other solutions, whether it's a new HW or using an old PC/laptop as an airgapped device.

The next big scandal will be this: Breaking news! Ledger Recover data leak! Millions of users lost their coins.

The Sceptical Chymist

legendary

Activity: 3332

Merit: 6809

Cashback 15%

Quote from: satscraper on June 08, 2023, 02:11:12 AM

Third, at the time when your fund is still relying on Ledger Nano S create multisig wallet, using say two of two quorum.

Cool, thanks for dropping some knowledge here--and I mean that sincerely. Not being the most technical-minded person, I'm always impressed by the expertise of the community.

OP, my advice to you would be that if your Ledger is creating a lasting paranoia you'd best ditch that piece of shit wallet as fast as you can throw it into a meat grinder. I've heard various things about the safety of the Nano S, but at this point I'm not sure what to believe (nor do I care since I'm not using one). What is clear is that Ledger done told some lies, got caught, got egg in their face that still won't wash off, and justifiably lost a lot of trust that they worked hard to earn. I've got some suspicions about what they're up to, but I've got no data to back those suspicions up so I won't even go there.

But you ought to look into one of the HW wallets with open-source code, because that turned out to be the issue with Ledger and the backdoor they rammed up the buttholes of their customers. At least with something like a BitBox, you can check the code if you're savvy enough. Good luck.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: FatFork on June 08, 2023, 12:06:52 PM

Just to be clear, I wouldn't recommend buying a Ledger device to anyone, especially after the major data leak from their ecommerce database last year and this latest fiasco with the Ledger recover service. However, if he's comfortable with his current hardware device and doesn't plan on getting a new one, there doesn't seem to be any immediate danger (at least as far as we know) that would require him to stop from continuing to use it.

I completely agree, the leaking of all that data along with what they have done now is more than enough warning that this company should not be trusted. Accordingly, I don't think anyone should feel comfortable (safe) using this HW to store large values, because when it comes to Ledger, the only question is what will be the next big scandal. Of course, I don't think that anyone should be in a panic and make hasty decisions, but everyone should start looking for other solutions, whether it's a new HW or using an old PC/laptop as an airgapped device.

Yamane_Keto

sr. member

Activity: 406

Merit: 443

Quote from: FatFork on June 08, 2023, 04:06:16 AM

If he keeps using the Ledger Nano with Electrum software, he won't need to upgrade the firmware unless he chooses to do so. Firmware updates are exclusively carried out via Ledger Live.

Sometimes there are vulnerability here that must be updated, and if they are not obligatory, the user will panic as soon as he hears such vulnerability, and it is not wise not to update the firmware, especially with the popularity of Bitcoin, and it has become the target of hackers and even traditional thieves.

last one: ledger vulnerability: Invalid addresses for certain miniscript policies

Again losing trust is the last thing you need to think about if you are a paranoid so moving to a better wallet would be better, losing part of the money is more important than wasting your health on something not worth it.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: T3PR00T on June 07, 2023, 11:07:05 PM

What will be your suggestions?

Suggestion about what exactly?
It's silly to check your wallet all the time and be paranoid about this, instead of just moving your coins and getting a new hardware wallet device.
There are many alternative options for open source hardware wallets and if you are only using bitcoin you can also use some of your old offline laptop with electrum wallet.
if you want to have extra security for larger amount of coins than you can create multisig setup, but this will add some additional complexity with your transactions.

FatFork

legendary

Activity: 1596

Merit: 2588

Top Crypto Casino

Quote from: Lucius on June 08, 2023, 09:39:06 AM

Quote from: FatFork on June 08, 2023, 04:06:16 AM

If he keeps using the Ledger Nano with Electrum software, he won't need to upgrade the firmware unless he chooses to do so. Firmware updates are exclusively carried out via Ledger Live.

Except in the case that for some reason it is necessary to update the Bitcoin app on Ledger, and the condition for this is the latest firmware. What I want to say is that there are ways with which Ledger could perhaps go in the direction of somehow forcing users to the new firmware.

Besides, after all, who can claim that even the current firmware is not capable of performing some things that we thought were not possible at all. It all boils down to the fact that you believe that the other side has no malicious intentions, and by all accounts, their intentions are not very logical, to say the least.

Just to be clear, I wouldn't recommend buying a Ledger device to anyone, especially after the major data leak from their ecommerce database last year and this latest fiasco with the Ledger recover service. However, if he's comfortable with his current hardware device and doesn't plan on getting a new one, there doesn't seem to be any immediate danger (at least as far as we know) that would require him to stop from continuing to use it.

maxirosson

member

Activity: 115

Merit: 314

My recommendation if you don't trust 100% in Ledger but you want to continue using it because you can't buy another hardware wallet would be:
- Avoid using the Ledger companion app. Use any other third-party software like Electrum, Nunchuk or Sparrow.
- Create a new private key, so you guarantee it never touched the Ledger companion app.
- Create a multi-sig so you reduce your trust in Ledger. You could create a 2 of 3, with 1 ledger and two different software wallets
- Use a passphrase for the 3 private keys

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: FatFork on June 08, 2023, 04:06:16 AM

If he keeps using the Ledger Nano with Electrum software, he won't need to upgrade the firmware unless he chooses to do so. Firmware updates are exclusively carried out via Ledger Live.

Except in the case that for some reason it is necessary to update the Bitcoin app on Ledger, and the condition for this is the latest firmware. What I want to say is that there are ways with which Ledger could perhaps go in the direction of somehow forcing users to the new firmware.

Besides, after all, who can claim that even the current firmware is not capable of performing some things that we thought were not possible at all. It all boils down to the fact that you believe that the other side has no malicious intentions, and by all accounts, their intentions are not very logical, to say the least.

FatFork

legendary

Activity: 1596

Merit: 2588

Top Crypto Casino

Quote from: T3PR00T on June 07, 2023, 11:07:05 PM

I feel paranoid.

Paranoia can cloud your judgment. It's good to be cautious, though.

Quote from: T3PR00T on June 07, 2023, 11:07:05 PM

What will be your suggestions?

There is no direct threat to your Ledger Nano S at this time. Nevertheless, if you feel uneasy or don't feel safe with your current storage solution, it's always a good idea to explore other options.

Quote from: Yamane_Keto on June 07, 2023, 11:34:02 PM

According to what I read, you are safe if you do not update the firmware, but after several months you will reach a point where you have to update the firmware, and then you can fear, until that thing happens, start thinking about a suitable alternative instead of worrying.

If he keeps using the Ledger Nano with Electrum software, he won't need to upgrade the firmware unless he chooses to do so. Firmware updates are exclusively carried out via Ledger Live.

satscraper

hero member

Activity: 714

Merit: 1298

Cashback 15%

Quote from: T3PR00T on June 07, 2023, 11:07:05 PM

I have a ledger nano s but I don't feel secure anymore with it after their recent update about subscription for wallet recovery. The only use of the leger is for Bitcoin and I use it with electrum.

I understand their new update does not effect Ledger Nano S but I still feel unsafe, I feel paranoid. Everyday I wake up and check my phone where I have a watch only installed and before the wallet loads I feel I will see an outbound transaction is just loading but it does not and my coins are there. I feel better.

What will be your suggestions?

First, don't panic.

Second, do research on available open source, air-gapped HW and evaluate your own prospect of acquiring one of them to move your stash there.

Third, at the time when your fund is still relying on Ledger Nano S create multisig wallet, using say two of two quorum. This means that two of your keys will be required to sign transaction. (Any of them alone will not capable to do that) One of that key may belong to open sorce software wallet (say Sparrow or Electrum or any of your choice) the other one to Ledger nano s.The probability to break multisig wallet is equal to P= ∏_i=1...n(p_i) where p_iis the such probability for each individual item from the quorum set of n items, so if one of p_i=0 then P=0. That said, the large the quorum the better but I think 2 of 2 will be enough in your case.

Further, move you stash from Ledger Nano S to created multisig wallet.

And then, after the purchasing of open source air-gapped HW create multisig wallet using your new HW (instead of Ledger Nano S )and move your stash from old multisig to new one.

Yamane_Keto

sr. member

Activity: 406

Merit: 443

Your use of the hardware wallet depends on trust. If you lose this trust, it is better to buy another hardware wallet. You can consider any open source alternatives or DIY hardware wallet, and if you wait, you will get better recommendations, since I prefer cold storage using Electrum.

Here is a good list for more than 30 HW https://wallets.thebitcoinhole.com

Quote from: T3PR00T on June 07, 2023, 11:07:05 PM

What will be your suggestions?

According to what I read, you are safe if you do not update the firmware, but after several months you will reach a point where you have to update the firmware, and then you can fear, until that thing happens, start thinking about a suitable alternative instead of worrying.

T3PR00T

member

Activity: 119

Merit: 38

Yo! Member

I have a ledger nano s but I don't feel secure anymore with it after their recent update about subscription for wallet recovery. The only use of the leger is for Bitcoin and I use it with electrum.

I understand their new update does not effect Ledger Nano S but I still feel unsafe, I feel paranoid. Everyday I wake up and check my phone where I have a watch only installed and before the wallet loads I feel I will see an outbound transaction is just loading but it does not and my coins are there. I feel better.

What will be your suggestions?

Topic: My worries with ledger - page 2. (Read 381 times)