Pages:
Author

Topic: My worries with ledger - page 2. (Read 422 times)

hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
June 14, 2023, 03:02:01 AM
#14
The next big scandal will be this: Breaking news! Ledger Recover data leak! Millions of users lost their coins.

Assuming that millions will use this option, which in my opinion is somewhat unrealistic to expect, although Pascal and comrades obviously expect at least 100 million users to appear from somewhere who will be "intelligent" enough not only to buy their HW, but also to share their seed + KYC with companies they have never heard of.

It is amazing that after all the time BTC has existed, some people for quite evident financial reasons are starting to promote custodial services implying that the average man is incapable of being his own bank. If nothing else, if (when) the next scandal happens, at least we will be able to say that we warned people not to use such options, and that the HW itself of this manufacturer is not something they should trust.
Pascal indirectly said that average Joe is so stupid that he is incapable to take care of his crypto wallet and will lose his seed phrases. So, since average Joe is such a stupid, he came up with an idea to offer them Recover service. I don't wanna sound offensive but absolutely every person who uses or will use Ledger Recover service, is and will be a very dumb person who somehow got some money.

To be honest, I'm really interested in how this Ledger Recover service goes, if Ledger sees good success by running this service, then my perception about humanity will change and if Ledger goes bankrupt, I'll remain positive and hopeful. If Ledger doesn't go bankrupt but will still remain top in this business, then I'll be more sure that average Joe is stupid and they'll believe what you want them to believe.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
June 13, 2023, 09:34:08 AM
#13
The next big scandal will be this: Breaking news! Ledger Recover data leak! Millions of users lost their coins.

Assuming that millions will use this option, which in my opinion is somewhat unrealistic to expect, although Pascal and comrades obviously expect at least 100 million users to appear from somewhere who will be "intelligent" enough not only to buy their HW, but also to share their seed + KYC with companies they have never heard of.

It is amazing that after all the time BTC has existed, some people for quite evident financial reasons are starting to promote custodial services implying that the average man is incapable of being his own bank. If nothing else, if (when) the next scandal happens, at least we will be able to say that we warned people not to use such options, and that the HW itself of this manufacturer is not something they should trust.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
June 13, 2023, 05:10:03 AM
#12
Just to be clear, I wouldn't recommend buying a Ledger device to anyone, especially after the major data leak from their ecommerce database last year and this latest fiasco with the Ledger recover service. However, if he's comfortable with his current hardware device and doesn't plan on getting a new one, there doesn't seem to be any immediate danger (at least as far as we know) that would require him to stop from continuing to use it.
You can't be comfortable with Ledger anymore because they totally lied about everything related to their hardware wallet, especially about Secure Element because as it seems, it's possible to get seeds from SE via hardware changes and the most dangerous part here is that Ledger is closed source, so, you actually don't know if they have ever taken your seeds without your permission at past. I would immediately move coins from Ledger Hardware into another wallet.

I completely agree, the leaking of all that data along with what they have done now is more than enough warning that this company should not be trusted. Accordingly, I don't think anyone should feel comfortable (safe) using this HW to store large values, because when it comes to Ledger, the only question is what will be the next big scandal. Of course, I don't think that anyone should be in a panic and make hasty decisions, but everyone should start looking for other solutions, whether it's a new HW or using an old PC/laptop as an airgapped device.
The next big scandal will be this: Breaking news! Ledger Recover data leak! Millions of users lost their coins.
legendary
Activity: 3500
Merit: 6981
Top Crypto Casino
June 09, 2023, 07:23:48 AM
#11
Third, at the time when your fund is still relying on Ledger Nano S create multisig  wallet, using  say two of two quorum.
Cool, thanks for dropping some knowledge here--and I mean that sincerely.  Not being the most technical-minded person, I'm always impressed by the expertise of the community.

OP, my advice to you would be that if your Ledger is creating a lasting paranoia you'd best ditch that piece of shit wallet as fast as you can throw it into a meat grinder.  I've heard various things about the safety of the Nano S, but at this point I'm not sure what to believe (nor do I care since I'm not using one).  What is clear is that Ledger done told some lies, got caught, got egg in their face that still won't wash off, and justifiably lost a lot of trust that they worked hard to earn.  I've got some suspicions about what they're up to, but I've got no data to back those suspicions up so I won't even go there. 

But you ought to look into one of the HW wallets with open-source code, because that turned out to be the issue with Ledger and the backdoor they rammed up the buttholes of their customers.  At least with something like a BitBox, you can check the code if you're savvy enough.  Good luck.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
June 09, 2023, 06:54:56 AM
#10
Just to be clear, I wouldn't recommend buying a Ledger device to anyone, especially after the major data leak from their ecommerce database last year and this latest fiasco with the Ledger recover service. However, if he's comfortable with his current hardware device and doesn't plan on getting a new one, there doesn't seem to be any immediate danger (at least as far as we know) that would require him to stop from continuing to use it.

I completely agree, the leaking of all that data along with what they have done now is more than enough warning that this company should not be trusted. Accordingly, I don't think anyone should feel comfortable (safe) using this HW to store large values, because when it comes to Ledger, the only question is what will be the next big scandal. Of course, I don't think that anyone should be in a panic and make hasty decisions, but everyone should start looking for other solutions, whether it's a new HW or using an old PC/laptop as an airgapped device.
hero member
Activity: 406
Merit: 443
June 09, 2023, 05:23:59 AM
#9

If he keeps using the Ledger Nano with Electrum software, he won't need to upgrade the firmware unless he chooses to do so. Firmware updates are exclusively carried out via Ledger Live.

Sometimes there are vulnerability here that must be updated, and if they are not obligatory, the user will panic as soon as he hears such vulnerability, and it is not wise not to update the firmware, especially with the popularity of Bitcoin, and it has become the target of hackers and even traditional thieves.

last one: ledger vulnerability: Invalid addresses for certain miniscript policies

Again losing trust is the last thing you need to think about if you are a paranoid so moving to a better wallet would be better, losing part of the money is more important than wasting your health on something not worth it.
legendary
Activity: 2212
Merit: 7064
June 08, 2023, 04:31:49 PM
#8
What will be your suggestions?
Suggestion about what exactly?
It's silly to check your wallet all the time and be paranoid about this, instead of just moving your coins and getting a new hardware wallet device.
There are many alternative options for open source hardware wallets and if you are only using bitcoin you can also use some of your old offline laptop with electrum wallet.
if you want to have extra security for larger amount of coins than you can create multisig setup, but this will add some additional complexity with your transactions.

legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
June 08, 2023, 12:06:52 PM
#7
If he keeps using the Ledger Nano with Electrum software, he won't need to upgrade the firmware unless he chooses to do so. Firmware updates are exclusively carried out via Ledger Live.

Except in the case that for some reason it is necessary to update the Bitcoin app on Ledger, and the condition for this is the latest firmware. What I want to say is that there are ways with which Ledger could perhaps go in the direction of somehow forcing users to the new firmware.

Besides, after all, who can claim that even the current firmware is not capable of performing some things that we thought were not possible at all. It all boils down to the fact that you believe that the other side has no malicious intentions, and by all accounts, their intentions are not very logical, to say the least.

Just to be clear, I wouldn't recommend buying a Ledger device to anyone, especially after the major data leak from their ecommerce database last year and this latest fiasco with the Ledger recover service. However, if he's comfortable with his current hardware device and doesn't plan on getting a new one, there doesn't seem to be any immediate danger (at least as far as we know) that would require him to stop from continuing to use it.
member
Activity: 115
Merit: 314
June 08, 2023, 11:03:26 AM
#6
My recommendation if you don't trust 100% in Ledger but you want to continue using it because you can't buy another hardware wallet would be:
- Avoid using the Ledger companion app. Use any other third-party software like Electrum, Nunchuk or Sparrow.
- Create a new private key, so you guarantee it never touched the Ledger companion app.
- Create a multi-sig so you reduce your trust in Ledger. You could create a 2 of 3, with 1 ledger and two different software wallets
- Use a passphrase for the 3 private keys
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
June 08, 2023, 09:39:06 AM
#5
If he keeps using the Ledger Nano with Electrum software, he won't need to upgrade the firmware unless he chooses to do so. Firmware updates are exclusively carried out via Ledger Live.

Except in the case that for some reason it is necessary to update the Bitcoin app on Ledger, and the condition for this is the latest firmware. What I want to say is that there are ways with which Ledger could perhaps go in the direction of somehow forcing users to the new firmware.

Besides, after all, who can claim that even the current firmware is not capable of performing some things that we thought were not possible at all. It all boils down to the fact that you believe that the other side has no malicious intentions, and by all accounts, their intentions are not very logical, to say the least.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
June 08, 2023, 04:06:16 AM
#4
I feel paranoid.

Paranoia can cloud your judgment. It's good to be cautious, though.

What will be your suggestions?

There is no direct threat to your Ledger Nano S at this time. Nevertheless, if you feel uneasy or don't feel safe with your current storage solution, it's always a good idea to explore other options.



According to what I read, you are safe if you do not update the firmware, but after several months you will reach a point where you have to update the firmware, and then you can fear, until that thing happens, start thinking about a suitable alternative instead of worrying.

If he keeps using the Ledger Nano with Electrum software, he won't need to upgrade the firmware unless he chooses to do so. Firmware updates are exclusively carried out via Ledger Live.
hero member
Activity: 714
Merit: 1298
June 08, 2023, 02:11:12 AM
#3
I have a ledger nano s but I don't feel secure anymore with it after their recent update about subscription for wallet recovery. The only use of the leger is for Bitcoin and I use it with electrum.

I understand their new update does not effect Ledger Nano S but I still feel unsafe, I feel paranoid. Everyday I wake up and check my phone where I have a watch only installed and before the wallet loads I feel I will see an outbound transaction is just loading but it does not and my coins are there. I feel better.

What will be your suggestions?

First, don't panic.

Second, do research on available  open source, air-gapped HW and evaluate your own prospect of acquiring one of them to  move your stash there.

Third, at the time when your fund is still relying on Ledger Nano S create multisig  wallet, using  say two of two quorum. This means that  two of your keys will be required  to sign transaction. (Any of them alone will not capable to do that) One  of that key may belong to open sorce software wallet (say Sparrow or Electrum or any  of your choice)  the other one to Ledger nano s.The probability to break multisig wallet is equal to   P=  ∏i=1...n(pi)  where pi is the such probability for each individual item from the quorum  set of n items, so if one of pi=0 then P=0. That said, the large the quorum the better but I think 2 of 2 will be enough in your case.  

Further, move you stash from Ledger Nano S to created multisig wallet.

And then, after the purchasing of open source air-gapped HW  create multisig wallet using your new HW  (instead of  Ledger Nano S )and move your stash from old multisig to new one.
hero member
Activity: 406
Merit: 443
June 07, 2023, 11:34:02 PM
#2
Your use of the hardware wallet depends on trust. If you lose this trust, it is better to buy another hardware wallet. You can consider any open source alternatives or DIY hardware wallet, and if you wait, you will get better recommendations, since I prefer cold storage using Electrum.

Here is a good list for more than 30 HW https://wallets.thebitcoinhole.com

What will be your suggestions?

According to what I read, you are safe if you do not update the firmware, but after several months you will reach a point where you have to update the firmware, and then you can fear, until that thing happens, start thinking about a suitable alternative instead of worrying.
member
Activity: 119
Merit: 38
Yo! Member
June 07, 2023, 11:07:05 PM
#1
I have a ledger nano s but I don't feel secure anymore with it after their recent update about subscription for wallet recovery. The only use of the leger is for Bitcoin and I use it with electrum.

I understand their new update does not effect Ledger Nano S but I still feel unsafe, I feel paranoid. Everyday I wake up and check my phone where I have a watch only installed and before the wallet loads I feel I will see an outbound transaction is just loading but it does not and my coins are there. I feel better.

What will be your suggestions?
Pages:
Jump to: