Pages:
Author

Topic: Trezor or Ledger !! (Read 382 times)

hero member
Activity: 491
Merit: 1259
Nihil impunitum
December 22, 2021, 07:55:18 AM
#39
Please give me the reference to research on the possible vulnerability and "phone-like"-design of     Ellipal Titan but  not of the  old model dubbed as Ellipal. Thanks.
I've not seen any in depth analysis of the Titan and its hardware, good or bad. However, I have little faith in a company which puts a new cover on an Android phone and calls it a hardware wallet. Even if the new Titan has addressed many of the issues raised, their past behavior is very amateurish and I wouldn't trust their new device, especially given it is closed source.



Fair answer, I must confess.  What about the coming Ledger nano s+? Would you trust it knowing that  a few years ago the 15-years-olf kid has managed to breach the security of  that wallet pretended to be safe? I think both old cases  are similar. For me the design of Ledger nano is much worse than that one of Lilipall Titan which I'm intended to buy to replace my old Ledger nano s.
legendary
Activity: 2212
Merit: 7064
December 22, 2021, 03:35:57 PM
#38
To be honest, they claimed the same thing a few years ago when they were selling a PCB based on a MediaTek SoC from a cheap smartphone disguised as a "most secure" hardware wallet. That was long before Ellipal Titan was developed.
It's the safest device in the universe since the beginning of time... and now they have it inside metallic cage like in medieval times, so it must be 1000% safe and secure (not).

I've not seen any in depth analysis of the Titan and its hardware, good or bad. However, I have little faith in a company which puts a new cover on an Android phone and calls it a hardware wallet. Even if the new Titan has addressed many of the issues raised, their past behavior is very amateurish and I wouldn't trust their new device, especially given it is closed source.
For the sake of experiments, I propose that we all make a donation (popular topic nowadays) to purchase one of this Titan device and pay someone to open it, just so that we can see what's inside.
I think it's totally worth the effort, even if that means device will self destruct, or maybe only delete something from it's memory.
Imagine opening this metal case and we find inside exact same android components and more interesting stuff to report, hack we maybe we even get paid by Ellipal team.  Cheesy


legendary
Activity: 2268
Merit: 18771
December 22, 2021, 08:44:55 AM
#37
Would you trust it knowing that  a few years ago the 15-years-olf kid has managed to breach the security of  that wallet pretended to be safe?
The difference is the attack on the Ledger device did not allow someone to extract the private keys or steal the coins on the device unless the owner unlocked the device, unlike the attack on the Ellipal device. It has also long been patched and is no longer a concern. Still, I don't trust Ledger devices either now given their also very amateurish behavior as a company, their disregard for the safety of their customers' information, and their willingness to compromise security and privacy in the name of making profits.
legendary
Activity: 2268
Merit: 18771
December 22, 2021, 05:12:16 AM
#36
Please give me the reference to research on the possible vulnerability and "phone-like"-design of     Ellipal Titan but  not of the  old model dubbed as Ellipal. Thanks.
I've not seen any in depth analysis of the Titan and its hardware, good or bad. However, I have little faith in a company which puts a new cover on an Android phone and calls it a hardware wallet. Even if the new Titan has addressed many of the issues raised, their past behavior is very amateurish and I wouldn't trust their new device, especially given it is closed source.

To be fair, they (or Baanx) will have your KYC details if you submit your KYC details. You don't have to, and you don't have to use their upcoming debit card either.
No, but I don't trust a company which is supposed to be focused on privacy and security and wants to risk both by collecting KYC data. It's completely antithetical to what they are supposed to stand for. And even if you don't want to use the card, you still have to use Ledger Live and submit to all the third party data sharing which comes with it.
legendary
Activity: 2730
Merit: 7065
December 22, 2021, 03:44:10 AM
#35
Now Ledger are trying to turn themselves in to a KYC collecting bank/exchange/debit card provider, which is terrible for the privacy and security of your coins.
To be fair, they (or Baanx) will have your KYC details if you submit your KYC details. You don't have to, and you don't have to use their upcoming debit card either.

So now I say go Trezor but make sure you use a long a complex passphrase to mitigate against the above attack.
That would be my choice If I needed a new hardware wallet tomorrow. Although, that tomorrow won't come before February 2022 when the pre-orders will start to be shipped out. That's the idea anyway. The passphrase adds an additional security layer and it's recommended to use one no matter if there is a Trezor seed extraction vulnerability or not.
legendary
Activity: 1526
Merit: 1359
December 21, 2021, 03:31:01 PM
#34
Sorry, but I'm not convinced. You have referred to the old model and those investigation in the distant past are known for me.  Now they have completely new model i.e. Ellipal Titan which is recognized widely as the most secure HW wallet (DYOR).  They clearly indicated that
~

To be honest, they claimed the same thing a few years ago when they were selling a PCB based on a MediaTek SoC from a cheap smartphone disguised as a "most secure" hardware wallet. That was long before Ellipal Titan was developed.

Quote
The Most Secure Crypto Hardware Wallet with Mobile App Support to Protect Your Crypto Assets.
source: https://web.archive.org/web/20180918182353/http://www.ellipal.com:80/ (18 Sep 2018)
legendary
Activity: 2212
Merit: 7064
December 21, 2021, 01:45:02 PM
#33
Sorry, but I'm not convinced. You have referred to the old model and those investigation in the distant past are known for me.
I am not trying to convince anyone thick skull about anything, and if you are happy with closed source phone lookalike crap, with totally unknown components hidden inside, no secure element, coming from Hong Kong, with fake most-secure label, than go ahead and use it.
Btw old Ellipal is not some 100 years old device from distant past, it was developed and sold just two years ago, and new device is exactly the same shit in new metal package.
I also found some interesting reviews:

Quote
!!!AVOID ELLIPAL AT ALL COST!!! Over 2.5 months waiting for this. WORST costumer service EVER. They answer questions with answers that don’t answer the question. In the EU they send it to Germany storage to send it around the EU. So no import costs for EU ppl, as they import it to there location in Germany. And we order it from Germany, not Hong Kong. First package arrived they said, but it did not. Now they send my package, that got lost in the mail (there private delivery service mail), from Hong Kong. Result, import is 1/3 of the total price for import. And they don’t want to pay that. Despite import being in the item price if they distribute it from Germany. So not gone pay that cost on top of everything i already paid. They don’t want to pay it, instead saying i need to pay it and they will pay it back. So that is a big red flag for scamming. Also, they said they would pay 25$ back for the import. But the import is 76,79$. They are just faking delivery with there own transport services. And then asking you to pay even more if the package does not arrive. Seems like they are having some delivered just to seem legit. Immens amount of reviews of ppl getting nothing, not getting refunds. And a lot of review that are pos that seem like paid reviews. Keeping all mails of conversation for legal reasons. They said i would get a refund, but i am pretty sure i wont or it will be a refund waaay lower then the price i paid.
Quote
I bought my Titan in late 2019 – at first I was happy about the build quality, but this changed according to problems updating the firmware – the ellipal support first sent a second magnet-adapter, because my wallet could not find the sdcard to update the firmware – after months of back and forth the support send a new Titan where they already had done the firmware update and I sent my first one back – now – a year later I again tried to make a firmware-update – and again I have troubles – this time my Titan finds the sdcard, but it tells me, the firmware is up to date, even if it is NOT …. The Magnets from one of the adapters are falling out of the adapter itself since 3 weeks ago, so this adapter is now broke too … sadly I purchased a Ledger, and I transfered my holdings to the Ledger device ….. really disapointed … great concept, but this type of trouble is nothing to HODL long term … sorry – I CAN NOT REDOMMEND it any longer
https://www.hardware-wallets.net/ellipal-titan-review/

Ellipal = Zero transparency.
End of discussion for me about this Ellipal Junk.
legendary
Activity: 952
Merit: 1386
December 21, 2021, 01:15:49 PM
#32
This is probably one of the worst junk I ever saw used in hardware wallets, and I am sure nothing much is changed from inside with their new ''Titan'' version with metal enclosure.
Cellular technology EDGE; GPRS!?, HSPA+, Bluetooth, Wi-fi, GPS.... all inside Ellipal wallet, even FM radio if you get bored and want to listen some music on Ellipal  Roll Eyes


LOL!
Incredible...
My guess is it was easier (cheaper) to buy something like that (maybe old stock) than project and order a new board. And probably firmware, drivers comes for free ;-)

Always look at the bright side of life - maybe it will be possible to play Doom at your hardware wallet.

legendary
Activity: 2268
Merit: 18771
December 21, 2021, 10:06:47 AM
#30
Can you prove your statement?  Without it  I would consider your   words as empty ones.
Ledger Donjon did an indepth analysis here: https://donjon.ledger.com/Ellipal-Security/

Not only is it an Android phone underneath, but many of the capabilities of an Android phone, such as WiFi and booting to factory testing mode were only prevented by Ellipal's software and were easily re-enabled. They could dump the flash, which included the private data of the user which could then be bruteforced for their private keys. It would also be trivial to replace the software with something malicious which uses pre-generated seed phrases or leaks data over the now-enabled WiFi chip. All things considered, I wouldn't touch this device.

Good alternative option is always doing cold storage with your old computer/laptop that has fresh Linux OS and disabled any internet connection.
Yeah, this is pretty much what I'm doing now, and I can't see myself moving back to hardware wallets for any significant amounts of funds for a long time yet.
legendary
Activity: 2212
Merit: 7064
December 21, 2021, 10:04:50 AM
#29
Can you prove your statement?  Without it  I would consider your   words as empty ones.
I have proof from 2019 made by Ledger Donjon team (they said this device is quite similar to a low-end mobile phone) when they extracted seed from old Ellipal wallet, and you can see how it looks inside .
This is probably one of the worst junk I ever saw used in hardware wallets, and I am sure nothing much is changed from inside with their new ''Titan'' version with metal enclosure.
Cellular technology EDGE; GPRS!?, HSPA+, Bluetooth, Wi-fi, GPS.... all inside Ellipal wallet, even FM radio if you get bored and want to listen some music on Ellipal  Roll Eyes


https://donjon.ledger.com/Ellipal-Security/

PS
To be as objective as possible, I am posting reply written by Ellipal developers in December 2019:
https://www.ellipal.com/blogs/news/ledger-donjon-vulnerability-study-and-the-development-of-the-ellipal-titan?_pos=1&_sid=47f3caf51&_ss=r
legendary
Activity: 2212
Merit: 7064
December 21, 2021, 08:56:49 AM
#28
Ideally, I would say get neither and start exploring other options. Personally, I've pretty much abandoned hardware wallets for the time being until I find a device and company which don't have significant flaws/bugs/vulnerabilities as above (or until Trezor release a new device which fixes the above vulnerability).
I would also choose neither of them at this moment, ledger because of known reasons you mentioned and many other issues with their devices.
I wouldn't buy Trezor know until they release new device with secure element, and I would buy it only if the price is somehow reasonable.
Good alternative option is always doing cold storage with your old computer/laptop that has fresh Linux OS and disabled any internet connection.

And what about Ellipal Titan
Ellipal is just a smartphone repackaged into hardware wallet, I think that someone even found inside device there is all elements for wi-fi, bluetooth, and internet connection.  Cheesy
Besides that, Ellipal is closed source, it's not supporting multisig setup, not supporting 3rd party wallets like Electrum, and I am not sure if they even started to support Segwit addresses...  Roll Eyes
legendary
Activity: 2268
Merit: 18771
December 21, 2021, 03:59:49 AM
#27
For a while I would have said either Trezor or Ledger is fine.

Then it was discovered that Trezor devices have an unfixable vulnerability which allows someone with physical access to the device to extract the seed phrase. So I would have said go Ledger.

Then Ledger leaked a million customers' personal information and were less than forthcoming with the details. So I would have said go Ledger only if you can buy anonymously (which, to be fair, has always been good advice).

Now Ledger are trying to turn themselves in to a KYC collecting bank/exchange/debit card provider, which is terrible for the privacy and security of your coins. So now I say go Trezor but make sure you use a long a complex passphrase to mitigate against the above attack.

Ideally, I would say get neither and start exploring other options. Personally, I've pretty much abandoned hardware wallets for the time being until I find a device and company which don't have significant flaws/bugs/vulnerabilities as above (or until Trezor release a new device which fixes the above vulnerability).

legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
December 21, 2021, 02:35:06 AM
#26
Which one is best to buy in 2021?

Trezor is legacy wallet as well Ledger is most integrated & preferred wallet.

According to me, Long Holders usually prefer Trezor & ledger is preferred for everyday transactions.

Now, let share information what you like to buy and why?
 

Why do you choose between Trezor and Ledger, discarding other options?

At the moment, a lot of companies produce hardware wallets that can satisfy the needs of every customer.

I would not buy Trezor, because they have never lost data of users and they still have to do it Smiley

I would choose Ledger as they have already leaked their users' data and have now taken every precaution to prevent this from happening again. Oops, they did it 2 times, which means that now their protection is super reliable  Smiley

I'm kidding, of course. You will have to make the choice yourself from the list of those devices that are on the market now. Above already gave you a link to a topic on this forum. Just study.
HCP
legendary
Activity: 2086
Merit: 4363
December 02, 2021, 03:55:29 PM
#25
This is really a "Coke or Pepsi?", "PC or Mac?", "X or Y?" type question... with no real right or wrong answer.

You're going to fine proponents of both... and users that dislike both, for a variety of reasons. I have both, and find that they're pretty much equally capable, and cost about the same when I originally bought them. They both had their pros and cons.

At the end of the day, you'll need to look at all the features of both, and likely the price point + shipping and make a determination as to which works best for you personal situation. While I would struggle to currently recommend Ledger due to the quality issues they have had of late, if the choice is between no hardware wallet or a Ledger, then I'd say, get the Ledger.

But don't necessarily ignore other wallets like Coldcard or BitBox either.

We are really spoiled for choice these days... and that is always a good thing!
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
November 29, 2021, 08:31:22 AM
#24

You have a point, but based on my limited knowledge of the field in question, most of the ones I've seen were limited to POS [with the exception of a few (e.g. Kraken)].


Those are already Centralized Exchanges (CEX), when the risks are higher but you get to stake POW coins which is not possible on hardware wallets Smiley
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
November 29, 2021, 05:09:55 AM
#23
Color me surprised as well! That's a selling point, but if your coins are POW (e.g. Bitcoin) then 😅
You have a point, but based on my limited knowledge of the field in question, most of the ones I've seen were limited to POS [with the exception of a few (e.g. Kraken)].

I wonder how their staking platform performs when compared to other staking options in terms of rewards, and if Ledger gets a percentage of each sum that is paid out? If you use their swaps platform for example, you get worse rates than if you visited the official website and performed the swap there.   
I can't give you a definitive answer, but I did manage to find a Reddit link [Ledger staking, higher fees?] and judging by "its last comment", they have the exact same fees.
- Assuming that it's true, then that could be one of its advantages over Trezor, but I still wouldn't recommend getting one in 2021!
legendary
Activity: 2730
Merit: 7065
November 28, 2021, 02:35:58 PM
#22
He is probably thinking of this: Blockchain Open Ledger Operating System.
I have heard about BOLOS but I have to admin that I never took the time to look up what it meant. Undecided When I saw the user mention the term, I thought it was just a bunch of words he put together my mistake. My bad!

You could've achieved that with Ledger as well: EARN MONEY BY HOLDING CRYPTO ASSETS
- I'm not sure when they've introduced that feature exactly!
I wonder how their staking platform performs when compared to other staking options in terms of rewards, and if Ledger gets a percentage of each sum that is paid out? If you use their swaps platform for example, you get worse rates than if you visited the official website and performed the swap there.   
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
November 28, 2021, 09:59:49 AM
#21

Mostly online transactions, but when I want to sell BTC then I visit one of the physical exchanges available to me - unfortunately I don't have any physical store nearby that accepts BTC.

When I started 2014 and the price was below $1000 and then it fell below $200 - it was possible to collect very nice amounts on faucets, and so I earned my first BTC. It was a time of opportunity, and the waste of time as some called it paid off Smiley

I have to admit that it was a completely different time, because given the price of BTC most people didn’t care too much about the safety of coins, although the Trezor made its first model just in early 2014. It took years for hardware wallets to become interesting to the wider crypto community, and I think I only bought the first device in 2018.

At least you have a physical exchange. I have to trade mine online Grin

Yea man, back then we were busy mining on laptops and PCs, they weren't taken "seriously" as they are now. I remembered buying some BTCs but didn't really think of the price appreciation. Simply chucked some chump change out of curiosity and somewhat forgot about them until the end of 2017.


You could've achieved that with Ledger as well: EARN MONEY BY HOLDING CRYPTO ASSETS
- I'm not sure when they've introduced that feature exactly!

Color me surprised as well! That's a selling point, but if your coins are POW (e.g. Bitcoin) then 😅
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
November 28, 2021, 09:25:25 AM
#20
Which one is best to buy in 2021?
Trezor [@dkbit98 already covered the details]!

Ledger is most integrated & preferred wallet.
That part sounded like you're a shill!

According to me, Long Holders usually prefer Trezor & ledger is preferred for everyday transactions.
As a Trezor user who has never hodled intentionally, I have to disagree with how you've generalized users, solely by their hardware wallet choices!

I'm aware of the risks, but I'd rather earn interests aside from price appreciation.
You could've achieved that with Ledger as well: EARN MONEY BY HOLDING CRYPTO ASSETS
- I'm not sure when they've introduced that feature exactly!
Pages:
Jump to: