Bitcoin Forum

Hello, so with the whole ledger recovery service that was introduced not too long ago many people went to other hardware wallets. I did not, I wanted to wait and see what happens. I thought people were blowing this out of proportion and now the dust has settled it seems it may be the case.

What is your verdict? Safe? Avoid?

I believed they lied about not having a back door and now found out they do. And also being closed source who knows what can be taken by them. But any hardware wallet service can deploy a new software update and take your keys as most people do not know how to verify the source even if it is open. And if people do find out they will do by other people who have checked it and by that point a lot of keys may get stolen if something or someone decided to go rogue at the respective hardware company. I believe this cannot be applied to all hardware companies due to the design of the device.


All help and views are appreciated thank you.

It is not safe and it is against what bitcoin is (trustless). Ledger does not also care about users data. It is one of the wallets you can go for if you are not bothered about your privacy and your coin security and safety.

For bitcoin only wallet, go for Passport
For bitcoin and altcoins wallet, go for Trezor.

Note that the coinjoin in Trezor is in association with Wasabi. Wasabi coinjoin are censoring UTXOs and working with chain analytic company to spy on your coinjoin transaction. Do not use Trezor coinjoin.

Unsafe. Avoid.

This is why:
What more do you need? They lied. Who knows what else they lied about.

--Knight Hider

Recovery services offered by hardware wallets are just another idea for them to make money through the subscription fee but for you, it is not safe and never give access to your keys or funds no matter what they say and how reputed their brand is.

So the best alternative for recovery service but in non-custodial way is Shamir's Secret Sharing^[1].

1. https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing

Ledger is not open source and they recently reveal that they are untrusted after their announcement of the possibility of key recovery using their service which means the company can access all account connected to ledger device that will kill the anonymity and safety of your asset.

Choose open source hardware wallet and forget about the popular brand that is close source code such as Ledger. I use Keep key now and use only my ledger as keychain to my bag for decoration purposes.  :D

The backup option of Ledger has raised so many doubts among many users and this is not something new instead I think you asked this question just because you may want to buy a new hardware wallet for you. So, the best choice is to remain anonymous and decentralized. As many other members mentioned to avoid it but I would not say it is not totally safe because every person has there own set of rules to accept or reject something so you must also have some rules or requirements in your mind which you want to be included in your specific hardware wallet.

I suggest you to avoid spending money on Ledger wallet and instead go for other options. If you do not know what wallet is good for you. Then I have seen a website here on BTT which comprised all the hardware wallets with good comparison options. You must check it out too.
https://www.crypto-hardware.com/

Less safer than fully open-source hardware wallets like Coldcard due to the huge question mark with concerning software upgradability, but still more secure than your typical software-wallet-on-your-personal-device setup. If you have a Ledger, just don't use Ledger Live — that itself removes a good chunk of the uncertainty risk.

imo: Coldcard > Ledger > BlueWallet on personal mobile device > Electrum on personal device

Avoid if you are just about buying a new hardware wallet. As for safe, if you were already using Ledger before they announced the Ledger recovery service, you might just continue using it as you have been doing so, but of course without 'subscribing' to the new Ledger recovery service, but whenever you decide to get a new hardware wallet, you should ditch Ledger for a different brand; because there is then no reason to continue using it.
If it is open source and you can't verify the code yourself, i think you should at least wait for others who can to verify it and see if there are complaints about bugs/malicious lines before you update yours.

The recovery service that they've got is applicable to the newer versions of their hardware wallet.

This is right, if you own the old Ledger Nano S version, it's not part of that recovery feature. As for the choice, I guess that on these times the favor goes to Trezor.

Well, up to some extent, you still have to trust your hardware wallet provider and there are plenty of manufacturers that did not BS'd their way like ledger. In short there are better options.

I do hope most of the community haven't succumbed back to ledger as that wouldn't send a good message. It's safe to assume other manufacturers are also watching the scene unfold and imagine if ledger recovered + gained more market especially on their cloud backup side business, what does that say?  :-\

My verdikt?
Stay away from a closed-source hardware (or software) wallet, regardless if it's Ledger or someone else. I dispise the way they did their marketing on "security by obscurity" and lying about "your secrets can't leave the secure element". Well, it turns out that's only true as long as they don't program it to be able to leave the secure element on purpose. Trust us, we (Ledger) are the good guys! Sure, f*** u!!

The corporate executives look to me completely nuts with their decisions and public behavior, before and after the "Ledger Recovery" desaster. I wouldn't use a Ledger even if they'd pay me for it. Don't buy, support and use such crap. My opinion, period. You do yours!

 One thing you should have at the back of your mind is that no wallet is 100% secure, no matter how secure as possible developers try to make it, there are still criminals who will find a way to exploit and hack it and Ledger is not free from this.
After the incidence from the Ledger Recovery, CEO of Ledger announced there's no back door, trying to allay the fears of users but we all know these company owners will say shit just to cover their lies.
Some people prefer to use Ledger because it offers invaluable security and helps prevent your digital assets from entering the wrong hands and also it's affordable and convenient for use. My advice? It's best to avoid it. You can try some of the options other users suggested tho.

First, Ledger is closed source.
Second, with their Ledger Recovery Service (https://www.ledger.com/recover), you will give three pieces of your mnemonic seeds to three entities including – Ledger, Coincover, and EscrowTech. You have to trust those entities that they won't leak pieces of your seed or do combined shady things to steal your seed and your coins.

It is unsafe even they claim they are using Shamir Secret Sharing Algorithm (https://www.geeksforgeeks.org/shamirs-secret-sharing-algorithm-cryptography/) and I don't trust Ledger as they had some data breaches ^[1] and they are closed source.

^[1] Ledger Wallet Customer Info Hack (2020) (https://buybitcoinworldwide.com/ledger-hack/)

I mean I have been using Ledger previously the only thing I don't like about it is that it's not open source. I would prefer a Hardware Wallet which is tested by the whole community, a project being open sourced surely allows more security tests to be done on it and most of the time, white hat hackers simply provide the test result/report to the developers instead of exploiting it. This is where Trezor leads the way. AND In the end, it comes to your personal preference to be honest.

Ever since I watched that Joe Grand guy crack that trezor wallet with 2 million inside on youtube I've been turned off. There's no perfect solution right now but I still think using hardware wallets as a 2FA approach is a good thing.

Your seed phrase should be private and only known to you but entrusting your seed phrase to third party agencies for safe keeping is risky. Also, subscribers of the Ledger recovery service would need to give up their privacy by undergoing KYC, all these raised security concerns. This is not some firmware update, this is different. The fact that many persons have come out to speak against it should clearly tell you that many heads are better than one and they cannot not be wrong. The dust hasn't settled yet because sooner or later people who still have trust for Ledger will suffer for their choices. I would advise you look for a recommendable hardware wallet like Trezor or Passport, as Ledger is not safe.

If only it were that simple, but for those who buy Ledger HW for the first time, using Ledger Live is mandatory for the initial setup of the device, and for those who have been using it before if they want to upgrade the firmware or add/upgrade any coin app. In addition, regardless of which software you use with the device, you still connect to the Ledger servers for every incoming/outgoing transaction, which means that you still take certain risks, at least as far as privacy is concerned.

For anyone who can afford it, it would be wise to find an alternative, or to pretend that nothing has happened and will not happen.

The issue was resolved according to the Trezor and the hack issue is only possible through physical attack. The hacker spend 12 weeks to hack the device which is already too long for the owner to import his backup seedphrase on a software wallet to recover his fund safely.

Hardware wallet security is improving as time pass by. There's no need to worry much about hack if you are purchasing a hw with open source code and from trusted company.

While I do agree that Ledger Live is a shit app that shouldn't be used for more than its needed, isn't it open souce and same goes for those coin apps meaning ppl probably tested it?. The main problem with Ledger is that its firmware is closed source and imho that's way more dangerous because you can't simply avoid it like you can Ledger Live.

---

@OP Ledger  owes is market dominance thanks to the fact that at the time they launched their HW there was no many competitions like it is now so people simply buy it by innertion but luckily nowadays there are many quality options that doesn't cost a fortune so there's no need really to get Ledger if you want a safe wallet to store your bitcoin.

I have the same version so I would prefer this kind of model than those that supports recovery feature. But to be honest, I really do not like the decision of Ledger to include the recovery feature for the updated versions.

It clearly not defining them anymore as a true cold hardware wallet. I don’t have any plans to buy future versions of Ledger Nano like the X or so because of the controversial recovery feature.

I would not use and trust that crap at all, and it's not only because of ledger recover service.
They are pretty much trying to be shitcoin wallet that don't care about customer privacy for a long time, they leaked private information, they have terrible battery for model X, and they have worst quality control ever.
It's just junk made in China, than later assembled in some French village garage, and graveyard of old ledger wallet models is getting bigger every day.
I would not be surprised if they have some hidden government backdoor code with bunch of signed NDA's, but this is just my speculation.

The old version still works perfectly and good thing that it isn't supported by the recovery feature. But for those that are thinking that they should buy a new hardware wallet, you're free to do it as that feature they've added really sucks and is against the community's liking.
Before this feature came out, I had plans to buy the X version because of its feature that allows you to view your portfolio on mobile, I haven't tried yet with S version. But when they've released the recovery part, that's where I have removed that plan.

It is more or less known that Ledger is a good wallet but no one can guarantee it 100% that there will be no problems. Since it is a wallet there will be some risk but there have been no reports of Ledger hardware wallet. And huge amount of users are seen using this wallet and they are using it very happily and carefree. Hardware wallet is a private wallet and you will have full access to it so there is not much risk involved there. So you can use it to store your bitcoins there if you want. Hope it will give you a good satisfaction. However, since there are many alternative hardware wallets in the market, you can research them and use the one that you feel is the most secure. however, Ledger wallet is still very popular in the market

There have been reports of ledger hack, anti privacy, ledger recovery which is a security issue, etc!
What is a private wallet? However Ledger is closed source and even though it is non-custodial, ledger recovery proves that it is possible for your seed phrase to leave the 'secure element', so that will definitely be a problem for any customer who is conscious of their security.
Exactly, there are so many better alternatives, and Ledger is popular because it was one of first hardware wallets that quite a lof of people bought and recommended.

I have ledger nano S, despite all the fiasco lately I consider it to be more attack proof than at least software wallets, so am still using it.


Recovery service was opt-in, people were more worried about it being closed source and having a backdoor. Recovery thing just threew light on it's weaknesses which were prior overlooked.

If you care about how your wallet is generating seed phrase, if you can care about your privacy, do not use Ledger Nano again. Bitcoin is not close source, that is why it is not good to use it on a close source wallets.

Probably other people, because I can not use a wallet that has a close source secure element, or a wallet that breach their buyers information to bad people to make use of.