Bitcoin Forum

I would read this article about the man in the middle attack!

https://news.bitcoin.com/ledger-addresses-man-in-the-middle-attack-that-threatens-millions-of-hardware-wallets/ (https://news.bitcoin.com/ledger-addresses-man-in-the-middle-attack-that-threatens-millions-of-hardware-wallets/)

https://ledgerwallet.us2.list-manage.com/track/click?u=bcc2126fb4bf3e02256d6c188&id=271fdbe596&e=d0d7444049 (https://ledgerwallet.us2.list-manage.com/track/click?u=bcc2126fb4bf3e02256d6c188&id=271fdbe596&e=d0d7444049)




Dear Ledger user,

Protecting your security is of paramount importance to us. The Ledger Wallet Bitcoin Chrome application has just been updated to give you more control over the security of your transactions. The update is automatic and enables an essential new feature: verification of the reception address directly on the device.
  
 

This new feature is addressing a specific issue known in the crypto-community as the "Man in the Middle Attack". There has been a recent announcement of a malware proof of concept that could potentially infect the user’s computer - including, the Ledger Chrome application. In this scenario, an attacker could theoretically change the ‘receive’ address displayed on the (infected) computer’s screen within the Ledger Chrome application.

By enabling you to verify the receive address on your device (the only source you can trust), the updated Chrome app provides an additional peace-of-mind.  Always verify the receive address on your device before communicating it to a third party.

Your current funds are not at risk and do not require any action.

Besides this important software update, we are taking 3 specific actions to make sure our users are safe and secure, while remaining alert:  
•   Software updates: the Ledger Wallet Bitcoin Chrome application is the first to benefit from the on device receive address verification feature. It is available for Bitcoin and all other coins managed by the Chrome app. ETH and XRP apps will benefit from that new feature in the upcoming desktop global release.
•   Upgraded Bug Bounty program: we are growing quickly - and we are still developing and strengthening some of our behind the scenes processes. We value contributions from security researchers and the community, and will be making our Bug Bounty programs faster and more efficient.
•   Prevention: we are continuously working on developing resources and materials to help our user base better understand the threats they face and how they can best secure their assets. If not done already, we urge you to read our basic security principles ruleset.
Security is an arms race. We’re in it for the long haul and are prepared for it. At Ledger, we take our mission seriously and that mission is to protect you.

Thank you for your trust.

Eric Larcheveque
Ledger, CEO

If Ledger happens to stop by this post I'd like to say hello.  Now I'd like to request a piece of technology not from the 1990's.  My YakBak and TalkBoy are both more impressive pieces of technology and I'm pretty sure I didn't even know what a computer was then.  To anyone reading this and considering buying I highly suggest Trezor as I've heard much better things and I've tested Ledger and it's poo poo..  It does suck that that Trezor doesn't hold as many Alts but besides that I can promise it's better.

I agree Ty! 

Trezor is the best hardware out there IMO.

Cannot wait until the new one comes out by the end of this month.

Didn't Trezor have some issue where it basically exposed all vital information with minimal effort? Of course that would require it being stolen, but still.

Totally different when stolen. And I believe if that happens you can use your seed to reclaim your btc hopefully before thief can crack it

Do you know if Ledger had that issue as well? I've got both just for the heck of it, but I'm not sure which would make the most sense to use for larger stacks.

Not sure bro...for large amount of btc cold storage i use paper wallets...for the rest i use trezor. I use ledger only for alts

So pretty much what I've been doing alright, gotcha. What was that talk about a new Trezor by the way? I can't find it on their website.

Here ya go. https://preorder.trezor.io

Derp, I thought that was for the next batch of old Trezors. Thanks!

Lol..the first batch of around 2000 sodl out in a few hours.

I subscribed for the notification, hope the next batch won't be sodl out just as fast.

Yeah...I hear ya..lots of people bought them as collectable items just like i did

I mostly ended up buying both Trezor and Ledger to support the industry.

Nice gesture..i bought the ledger nano and blue..both trezor in black and white..left them all wrapped never to be used. Then bought nano and trezor again to be used. Now i am awaiting 6 new batch one Trezor T models

Maybe I should pickup some backups in case I need to restore. How is the blue?

I never used...still wrapped up. I only have it as a collectable

I've talked to a techy about Blue and they said they were extremely unimpressed. It looks cool as hell and I almost bought it for more than I should have at one point but thankfully I decided to hold off.  I didn't buy the ledger Nano direct from the manufacturer (like my boy Krogo here taught me to only do) so I won't keep anything on it but I did open it up to play with just for fun and to test out.  I think why I dislike the Nano is why my buddy didn't like the blue and it's just the software and hardware combined.  Ledger needs one platform and not these stupid apps.  The nano hardware, two buttons, doesn't hold a charge..it's just sloppy manufacturing.  I keep 90% on paperwallets and 10% between hardware wallets and hot wallets personally.

Ah, I misread that since you used the nano and trezor.

That really puts me on the fence. On one hand I want to support the industry even if I'm not going to use the hardware wallet. But on the other hand I don't want to support unimaginative products. What a dilemma.

 Aye I hear you.

  But as a collector...I buy anything btc history related. I bought hardware wallets that are known to have been breached with bad reputation...will never use and load..but are part of Bitcoins journey.

They always find a way around security whats safe nowadays.

Correct, even Microsoft somehow gets hacked. They just have an active devs to feed updates. So whats best to do is keep your devices updated.

Yes..however I only keep a very small amount on any of these hardware wallets. I believe any decent size amount of bitcoin should be placed in paper wallets

Paper wallets also carry some risks. It takes quite an elaborate setup to be fully safe. And at that point one would also have to consider how to pass on one's crypto holdings to their family in case of unexpected death, which makes a safe setup even trickier. Makes me wonder how many Bitcoins will actually be accessible by the time the last block is mined.

I agree..they can be tricky. That is why when I started in crypto I took the right steps which I outlined on my website on how to create in a very safe way and also test said paper wallets using outside programs other than what created the wallets.

                                    https://bitcointalk.org/index.php?topic=2862479.msg29377502#msg29377502

   And yes, I think a paper wallet should be BIP32 encrypted and the password given to loved ones in case you do pass away. It cam be left with instructions in a safety deposit box in a bank with an outline of what to do.

  Yes...many bitcoins have been lost. The following shows where we stand at the moment. It says 4 million bitcoins lost forever at the moment. Probably more since nobody really knows

                                    http://fortune.com/2017/11/25/lost-bitcoins/

       

not many thief know what's the f*ck charaters and number in your paper wallet mean :) and I don't think they will take it lol
Just keep in safe enough place likely all other documents is enough and share it with your lover.
I'm keeping all my alt asset in Ledger. I know even NASA got hacked so nothing safe at all with hardware then just keep update and use a safe computer

The security of wallet software (and hardware) will continually be tested as time and the value of cryptos rises.

The new Trezor looks great, it is a shame they had such a small (2,000) allocation for the device. I will be interested to know when there are some reviews of the product to gain a better idea of what advantages it offers over just a nicer interface.

I still think the physical format is less than appealing though - sorry Trezor, looks as if the French win there (Ledger).

That was only a risk if you didn't have any passphrase on your wallet just the PIN code. The passphrase is not saved on the device so even if they steal it and can successfully read the chip, they will only see the seed and PIN, without the passphrase, nobody can steal your stuff.