Author

Topic: The best way to by ledger wallet (Read 240 times)

legendary
Activity: 1624
Merit: 2481
January 06, 2021, 12:00:33 PM
#20
I wouldn’t call the 272 000 full dataset a small number

Neither would i.
I said the number is smaller than the amount of email addresses leaked. It's ~273.000 full addresses leaked vs. ~1.075.000 email accounts.

None of these numbers is small.
legendary
Activity: 2268
Merit: 18748
January 06, 2021, 10:33:18 AM
#19
until this happened with Ledger and showed us all that no one should be trusted with your personal information.
Emphasis mine. Some of us have been saying this for years and not been listened to. The problem is people don't pay attention until it affects them directly, by which point it is too late. If you haven't already, now would be a good time to contact every exchange, every service, every provider, etc. where you have left personal details and request their deletion.

No cryptos where at risk.
Sure, you can argue that no cryptocurrency was directly placed at risk since there was no vulnerability in the hardware wallet itself, but the fact remains that many people have lost funds as a direct consequence of this leak. Yes, I accept that these people were at fault and careless for clicking on random links and entering their seed phrases in to random websites, but without this leak then those things would not have happened to many users. You could use the same logic to say that clipboard malware doesn't put coins at risk since it cannot steal your coins without the user also being at fault for not double checking their transaction.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
January 06, 2021, 08:53:46 AM
#18
The data breach "only" affected customer data (huge dataset of emails and a smaller dataset including names, mobile numbers and full address).
No cryptos where at risk. No vulnerability has been found. No one except you has access to the funds on your hardware wallet.

I wouldn’t call the 272 000 full dataset a small number, that’s significantly more than the initial 9500. While no one has literally lost their crypto with this data leak, everyone whose public data has been released is exposed not only to daily phishing messages, but also to possible physical attack at any time in the future. Although Ledger is officially trying to minimize the possible consequences, all those who are victims of this hacking certainly cannot sleep peacefully when they know that all criminals in the world have been given information about those who keep cryptocurrencies in this way.



But your comment is more perfect, going to store, buying it physically will be the best.

And if that option doesn't exist, it doesn't cost anything to send a request to certain stores in your area to put such devices in their offer. Of course, I am thinking primarily of IT equipment stores that have a good reputation.
legendary
Activity: 1624
Merit: 2481
January 06, 2021, 06:51:49 AM
#17
But we can see the recent ledger breach that have stolen bitcoin from many ledger wallet users, it is not only bitcoin that was only stolen altcoins were included.

The data breach "only" affected customer data (huge dataset of emails and a smaller dataset including names, mobile numbers and full address).
No cryptos where at risk. No vulnerability has been found. No one except you has access to the funds on your hardware wallet.



There are many stories I have read online, another one is that a hardware wallet can be cloned, that means it is included with malware or vulnerabilities that will make people use the hardware and later lost their bitcoin to hackers that cloned it, I only read it but it is what is happening that is included which make it very true that there are cloned hardware wallet.

You can read tons of stories online.. you shouldn't believe them.

Further, "cloning" a hardware wallet would not mean to compromise it with malware.
If you were talking about creating an identically-looking copy with a completely different hardware/firmware... then be assured that the person who wrote this does not have any clue..
The firmware is signed from ledger. An identically-looking copy would not be accepted as genuine with ledger live.



Now how can people buy ledger wallet, the official site now make people panic and afraid to buy. Are resllers the safe way to buy ledger wallet and hardware wallet generally because the official site that keeps data of buyers can be hacked which makes it not safe for ledger buyers.

The best way would probably be to order from their website using a throwaway email and some PO box.
legendary
Activity: 1624
Merit: 1200
Gamble responsibly
January 06, 2021, 06:49:17 AM
#16
It was quite a logical course of action if you wanted to buy a hardware wallet, until this happened with Ledger and showed us all that no one should be trusted with your personal information. Therefore, if you cannot make a purchase directly from the manufacturer without compromising your personal information, the best and safest option is to buy such a device directly in a physical store with cash.

I had this option for both (Ledger&Trezor), but I believed more in buying directly from the manufacturer which turned out to be completely wrong. The lesson has been learned, unfortunately in a difficult way - but it is a warning to anyone who is just planning to buy such devices, do everything you can to protect your privacy.
Some people have the option to give fake name, disposable emails and P.O Box like the one from the company someone work from, I see it not appropriate but can be good to avoid such mistake too. But your comment is more perfect, going to store, buying it physically will be the best. I see it as a way data breach of a thing may not occur, and even if it occured, it will not centralized it on ledger wallet only unlike data breach of the ledger wallet site which makes hackers to focus on the people that their data where breached, this is more recommendable for people in a way to avoid hackers.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
January 06, 2021, 06:24:20 AM
#15
If to ask before from people the best way to buy ledger nano, almost every expert will recommend people to buy it directly from ledger official site because the wallet will be directly from them and shipped directly to the buyer's address.

It was quite a logical course of action if you wanted to buy a hardware wallet, until this happened with Ledger and showed us all that no one should be trusted with your personal information. Therefore, if you cannot make a purchase directly from the manufacturer without compromising your personal information, the best and safest option is to buy such a device directly in a physical store with cash.

I had this option for both (Ledger&Trezor), but I believed more in buying directly from the manufacturer which turned out to be completely wrong. The lesson has been learned, unfortunately in a difficult way - but it is a warning to anyone who is just planning to buy such devices, do everything you can to protect your privacy.

legendary
Activity: 2730
Merit: 7065
January 06, 2021, 05:10:29 AM
#14
But we can see the recent ledger breach that have stolen bitcoin from many ledger wallet users, it is not only bitcoin that was only stolen altcoins were included. It has lead to many phishing attacks and also threatening emails that make hackers to promise of visiting ledger wallet people at their homes.
There hasn't been any breach that has led to users having their Ledger wallets hacked and funds stolen from them. Ledger databases got leaked and their customers started receiving phishing emails, just like you said. Those emails included fake Ledger Live wallets that requested the users to import their 24-word seeds. Those that did, had their coins stolen.

To sum up.
1. Ledger got it's database hacked that contained personal information on their customers. This is Ledger's fault.
2. Users got their crypto stolen because they installed fake wallets and inserted their recovery phrases in them. This is the user's fault.  

I was personally partially affected by #1, but not by #2.

There are many stories I have read online, another one is that a hardware wallet can be cloned, that means it is included with malware or vulnerabilities that will make people use the hardware and later lost their bitcoin to hackers that cloned it,
Don't you think that the possibility of this happening increases if more people are part of the supply chain?
If you buy the wallet from Ledger directly, you have the Ledger people being in contact with the wallet, you have the shipping agents who distributes it, and possibly customs officers.

If you buy from a reseller, you are making this circle bigger. Besides the subjects I already mentioned, you are also introducing the resellers and their people who could have access to the wallets.  
legendary
Activity: 1134
Merit: 1598
January 06, 2021, 04:47:24 AM
#13
Purchase it using a fictive name, use a disposable phone number and use a temporary PO box as the delivery address. Pay with BTC if you can and there you go. The only risk you really get is not receiving the package.

Whether you purchase through official store or resellers doesn't really matter when it comes to handing out personally-identifiable information. There's always a risk of being the victim of a database hack.
legendary
Activity: 2268
Merit: 18748
January 06, 2021, 03:34:35 AM
#12
But even considering these negative things about Ledger, buying it from official store is much safer option than buying from random unknown seller.
I see this repeated a lot, and indeed, I've probably said it myself in the past, but now I'm not so sure. Has there ever been a proven supply chain attack on a Ledger device outside of pre-initializing it with a compromised seed phrase (which can trivially be reversed by simply resetting the device)? As far as I am aware, there has never been a successful attack which involved inserting malicious code in to the device, and by connecting to Ledger Live and updating the firmware when you first receive the device, it will remove any malicious code anyway as well as verify that all the hardware has not been tampered with. Assuming there have not been successful attacks of which I am unaware, I am now probably of the opinion that overall the risk of such an attack is smaller than the risk of having all your information publicly leaked in a database hack, and so you would actually be better buying from a local electronics store in person, using cash, anonymously.

To be fair though, the same could also happen to Trezor if they aren't careful. There's always risks with AML/KYC with literally any platform, not only with Ledger.
Emphasis added. The risk exists for every hardware wallet manufacturer in existence, every official or unofficial reseller, every shipping company, every depot, every casino, every exchange, anywhere you give your details to. The only 100% safe approach is to never give out your personal information.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
January 06, 2021, 01:33:30 AM
#11
Well, now buying even from official Ledger store isn't completely safe after these database leaks.

To be fair though, the same could also happen to Trezor if they aren't careful. There's always risks with AML/KYC with literally any platform, not only with Ledger.
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
January 05, 2021, 06:56:55 PM
#10
Well, now buying even from official Ledger store isn't completely safe after these database leaks. I suggest to check link posted by @o_e_l_e_o, there is some good tips how you can buy hardware wallet safely and protect your sensitive personal data.
But even considering these negative things about Ledger, buying it from official store is much safer option than buying from random unknown seller. Another option is is buying it from authorized reseller. But before buying, you must check is it this store is listed on official Ledger or Trezor website to avoid any problems.
BTW, can you share some links about Ledger breach and stolen crypto from it, because I haven't saw it. Yeah, database of their customers was leaked, but hardware wallet itself is safe. I think it's more about people who weren't careful enough and had fallen in these phishing scams.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
January 05, 2021, 11:37:53 AM
#9
OP, I think you need to edit the thread.
Quote
The best way to by buy ledger wallet

Now come to the topic, in the crypto market scam attempt is everywhere. Even Electrum was a victim multiple times such as attempt even its open source and noncustodial wallet. A ledger use should detect pre-generated recovery seeds. It's not the fault of Ledger. We always say use a different email on every sensitive site where you have a risk of your privacy. So, still, I think buying Ledger from the official source.
legendary
Activity: 2268
Merit: 18748
January 05, 2021, 04:35:56 AM
#8
As far as I know, the safest way to purchase a hardware wallet is by going thru their official website and provide a false information to fill your real name, home address, email, phone number and what not upon purchasing. You can even provide a PO/ PO Box (Post Office) as the drop-off location for your parcel -- it would not be a problem tracking your package since Leger provides a tracking number upon purchase.
This is the best option, but could also be quite tricky depending on what country/state you live in.

You want to buy directly from Ledger to minimize the risk of supply chain attacks, but you also do not want to give away any personal information since companies cannot be trusted to look after it. You should access their website via Tor, give an alternative name and address (options include a PO Box, a local shop which will accept a delivery on your behalf (but make sure you do not need ID in the alternative name you have given to collect it), a work address (although this is also not ideal), general delivery or poste restante, a drop off point, etc.), use a burner email address and phone number, and pay using anonymized bitcoin.

Another good option is buying in cash in person from a local reseller, making sure to not hand over any personal information and covering your face while you do so (which shouldn't be difficult thanks to the pandemic and mandates to wear masks).

Alternatively, don't buy a hardware wallet at all and instead use airgapped cold storage on an old computer or laptop or a Raspberry Pi.

OP, you might also want to take a look at this thread: [GUIDE] How to buy a Hardware Wallet the right way
legendary
Activity: 1904
Merit: 1563
January 05, 2021, 04:06:49 AM
#7
Are resllers the safe way to buy ledger wallet and hardware wallet generally because the official site that keeps data of buyers can be hacked which makes it not safe for ledger buyers.
Isn't it that this method would just do more harm than good as there is a greater possibility that they are selling tampered or compromised hardware wallet products? Although I am aware that they have a list of authorized resellers.

As far as I know, the safest way to purchase a hardware wallet is by going thru their official website and provide a false information to fill your real name, home address, email, phone number and what not upon purchasing. You can even provide a PO/ PO Box (Post Office) as the drop-off location for your parcel -- it would not be a problem tracking your package since Leger provides a tracking number upon purchase.

Moreover, as a customer, you also have the right to request in removing all the personal information you have provided in their website. Unfortunately, it's too late for me to able to request a deletion appeal on their website since their database has now been compromised  Roll Eyes

If you wish to access, correct, modify or delete the personal information we have about you, object to their processing, exercise your right to portability, file a complaint, exercise any of the above-mentioned rights or simply obtain more information about the use of your personal data, please contact Ledger and its privacy Team at : [email protected]
legendary
Activity: 1624
Merit: 1200
Gamble responsibly
January 05, 2021, 03:49:18 AM
#6
Ledger wallet is safe if you deal on a legit site, I just bought a new one for my friend and after weeks we've received the package and was sealed properly.
I am not saying your ledger wallet is not the real one, but because it is sealed does not mean it has not been preconfigured. There are hackers that can preconfigure hardware wallet and seal it back. Or is there a way someone can know legit seal from hackers seal?

I think it will be good to know how new ledger wallet will start after it is opened in a way it will first generate seed phrase and pin. There have been people that bought hardware wallet that started immediately to work with already generated seed phrase which has been known to hackers that generated it, I am not sure if this fake ones will come with a seal but very possible it comes with a seal. 
sr. member
Activity: 2422
Merit: 357
January 05, 2021, 03:42:57 AM
#5
Ledger wallet is safe if you deal on a legit site, I just bought a new one for my friend and after weeks we've received the package and was sealed properly.
Scammers are everywhere mate, they are targeting every corner of this market just make sure to do your own research first before you make a decision, for me Ledger is still safe.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 05, 2021, 03:32:45 AM
#4
If to ask before from people the best way to buy ledger nano, almost every expert will recommend people to buy it directly from ledger official site

I also recommend you buy from the official website.
Also you can think it over, Trezor and Ledger are basically as good. Maybe Trezor is also fine for you. (But I also have Ledger.)
Then there's a well-written post with the right guidelines, you should start by reading that: https://bitcointalksearch.org/topic/--5288201
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
January 05, 2021, 03:32:08 AM
#3
What makes you think, all resellers are:
1. Not looking to traffic your personal information in search for more profits.
2. Are not people who are actually interested in your personal information.
3. Takes sufficient precautions and ensures the security of your data.

I have no doubts that some people would fit at least one of the three. The only story that I've heard about Ledger is that people sold pre-configured Ledgers to trick the users. Not sure about cloning, certainly haven't heard about anything like that.
sr. member
Activity: 854
Merit: 424
I stand with Ukraine!
January 05, 2021, 03:31:01 AM
#2
There are phishing sites to steal your keys, seeds, passwords. There are faked Ledger wallets to do the same.

It is the key rule to avoid risks:
Visiting official websites and download apps, wallets, softwares.
Buying products for your cyptocurrency, buy them from official stores.

You would never take risks to get some % of discount. You must accept higher risks if you want tk enjoy discounts from unknown sources.
legendary
Activity: 1624
Merit: 1200
Gamble responsibly
January 05, 2021, 03:24:52 AM
#1
If to ask before from people the best way to buy ledger nano, almost every expert will recommend people to buy it directly from ledger official site because the wallet will be directly from them and shipped directly to the buyer's address. There has been few complains about buying from resellers that they sell used hardware wallet, many people think the best is to buy it directly instead of resellers. But we can see the recent ledger breach that have stolen bitcoin from many ledger wallet users, it is not only bitcoin that was only stolen altcoins were included. It has lead to many phishing attacks and also threatening emails that make hackers to promise of visiting ledger wallet people at their homes.

There are many stories I have read online, another one is that a hardware wallet can be cloned, that means it is included with malware or vulnerabilities that will make people use the hardware and later lost their bitcoin to hackers that cloned it, I only read it but it is what is happening that is included which make it very true that there are cloned hardware wallet.

Now how can people buy ledger wallet, the official site now make people panic and afraid to buy. Are resllers the safe way to buy ledger wallet and hardware wallet generally because the official site that keeps data of buyers can be hacked which makes it not safe for ledger buyers.
Jump to: