Bitcoin Forum

I've been hodling in a Ledger wallet. With Ledger's reputation going down the drain after introducing the controversial recovery feature, I planned on moving to Trezor. I procrastinated for a while. Lately, I found out I can't anymore sign from my hardware device because of screen issues. That's the deadline! Finally, I need to act.

My Trezor hasn't arrived yet. But even if I have one ready, I still won't use it to recover my wallet. I'm generating new keys with that one. Now, I'm confused how to move my funds. Surely, however, I won't enter my backup on anything except on another hardware device.

Luckily, I have a KeepKey lying around for years. I'm planning to use it for the recovery. When my Trezor arrives, I'll be sending all my funds to that new wallet.

Am I good to go with this plan? Am I doing this right? Or am I committing an unsafe step with my KeepKey recovery plan?

Thanks in advance!

As far as I can tell, both Ledger and Keepkey uses BIP44 derivation path. If you're able to import and retrieve your address from KeepKey, then that would be fine. I don't see any security issues with it. IIRC, older versions of Keepkey has certain vulnerabilities but they require physical access. Make sure that your device is out of reach and safe.

Ledger Nano is supporting BIP44, BIP84 and BIP86. I think KeepKey is supporting BIP44 and BIP84. I do not think KeepKey is supporting BIP86 which pay-to-taproot.

This is a good idea if he is certain of the derivation path and also if he wants to abandon KeepKey for Trezor. He posted already that he wants to generate new seed phrase on Trezor, which is good. But if he is not sure of the derivation path, I think he can use airgapped wallet to send the coins to KeepKey. Mempool fee is not more than 4 sat/vbyte.

There's no issue in your "Keepkey method".
But in case you've used a script type in Ledger that KeepKey doesn't support, your best choice would be offline Bitcoin Core.

It can import your "Master Private Key" inside descriptors which represents each of your Ledger accounts.
To spend, you can either create an online Bitcoin Core with watch only wallet containing the public descriptor versions of the ones you've imported to your offline Bitcoin Core wallet.
Or import the addresses or extended public keys to an SPV wallet that supports such import.

I'll try to provide instructions if you decided to do this.
Or refer to these to try if you can figure it out yourself:

• https://github.com/bitcoin/bitcoin/blob/master/doc/descriptors.md#examples (https://github.com/bitcoin/bitcoin/blob/master/doc/descriptors.md#examples)
• https://bitcoincore.org/en/doc/27.0.0/rpc/wallet/importdescriptors/ (https://bitcoincore.org/en/doc/27.0.0/rpc/wallet/importdescriptors/)
• https://bitcoincore.org/en/doc/27.0.0/rpc/wallet/listdescriptors/ (https://bitcoincore.org/en/doc/27.0.0/rpc/wallet/listdescriptors/)

My understanding that your screen is not displaying the pixels. In the past I had to change my device twice because the display stopped working. Looks like it was a common problem for Ledger. When first time the display was not working, I had to restore my bitcoin wallet using the word phrase. I was using a device which was offline, signed the transaction then broadcasted it from an online device.

A million thanks, everybody!



I hope this won't be as complicated as going through the other options that you provided. Not a problem that KeepKey doesn't support BIP86 either. This wallet has 6 accounts only, 4 of which Bitcoin accounts, of which 3 are in P2WPKH formats and 1 in P2PSH. No Taproot account. No Multisig either. The other 2 are Ethereum and Litecoin with an M SegWit address.

The only thing that's stopping me from proceeding further is that Microsoft Defender SmartScreen has flagged the KeepKey app (unfortunately, yes, I'm not running Linux). I think I need to know why as this involves my main wallet, or should I just "run anyway"?


Yeah, it seems Ledger has a bunch of screen problems on their devices. The pixels in mine actually show up, but the characters on screen overlap with the characters at the background, so you can no longer tell which is which.

At this time, unfortunately, an airgapped wallet isn't an option for me.

Hardware wallet is your best choice if in the waiting time of your Trezor wallet, you can move your fund to a multisig wallet and wait for your Trezor wallet to move your fund to a hardware wallet for final storage there.

It's not too complicated and multisig wallet is safer than single signature wallet. If you create it in an offline device, it can help more in security. I know risk of non hardware wallets and understand your concern.

Creating a multisig wallet (https://bitcoinelectrum.com/creating-a-multisig-wallet/) with Electrum wallet.

I believe that importing Ledger to Trezor is not good choice too. When you have your Trezor wallet, you need to move your fund from a wallet in Ledger to your new wallet with Trezor.

Then, it's not big deal to move your fund to an Electrum multisig wallet and move it next to your Trezor. I will do it with different round, and not make a single transaction to move all my fund.

Confirming the problem with ledger's screen , mine has took a breath after 4 years but the good thing is that it can  can easily replaced it by the  new display.  I have replaced it more than a year ago (https://bitcointalk.org/index.php?topic=5123722.msg62184557#msg62184557) and my device is alive right now though knocks around as I have bought Passport 2 thus I have no regrets that is why I support OP's decision to change hie old broken Ledger to new wallet of Trezor.

That's great news then, Ledger's "accounts" works the same as Keepkey,
Both use the standard; succeeding accounts are derived by incrementing the "account_index" of the selected script type's standard derivation path.

Keepkey may not automatically generate your second and third accounts.
But you can easily re-create those in the client's account tab.

That's to be expected to AV Software, even famous bitcoin-related clients like Electrum is being flagged by some AVs.

In any case, the client software has no control to the private keys stored in your hardware wallet.
The worst thing a fake app can do is: create a transaction that has a different recipient but you can check it in your Keepkey during the signing process.

I'd been using mine for more than 4 years, and yet I was still surprised it ended up like that because it was seldom taken out of its storage. I maintain hot wallets for small transactions every now and then.

I've read what you've shared. That's interesting, but I wonder where you bought the replacement. I'm sure Ledger doesn't sell it. While there are some sold on eBay and Amazon and even much cheaper ones on AliExpress, is this advisable in terms of security? I surely would want to restore my old device, even keep a little amount there, but it's kind of hard to trust these products. Where are they even coming from? China?

Yeah, it's relatively easy to dismantle and put back together a Ledger Nano S Plus. I didn't even need a toothpick. ;D I did it a few days ago hoping I'd magically understand what's wrong inside. Ended up just blowing on the tiny parts. LOL! After putting it back together and tried it, the display got worse.

It's advisable to know your ground in the system before making back to back plans, having our potentials that will become useful for our ends in the system. Advices are everywhere in the system, some will help one and most of them will definitely ruined our promising existence in the gambling sector. We're not perfect and nothing but humans that suffers from imperfections.

Not a technical person but form the basic I assume it's just a display component, not the cheap itself so I do not think there are anything to worry about it.
You can check YouTube videos so that you don't destroy anymore device LOL

If it's just a screen, then possibly yeah it wouldn't be insecure. If you're thinking of purchasing an entire Ledger device, then definitely not.

I got mine from AliExpress, a few bucks though I don't remember exactly the price, very cheap. Regarding the safety. It is safe because display itself  doesn't have the chips inside , only the latter could wear malicious code. There was no practical reason for me  to replace display and  I have repaired Ledger just because I wanted to test my skills.

I use old laptop for cold storage, just boot it offline from live linux USB drive to access my encrypted drive from iStorage.
If I want to move some funds to my hot wallet I sign a transaction and move it to USB flash drive.

Just be sure the USB flash drive is clean and your live distro and wallet software have matching checksums. (use only official wallet)

I also have paper copy of my seed words encrypted with a strong password and printed in hexadecimal system for recovery if something happens to my encrypted digital copies.
Multiple copies in multiple places (couple not connected to me at all).

I don't trust dedicated cryptocurrency solutions.

There is no safer method and I advice to use it if you have substantial amounts of cryptocurrency.

With paper copy (backup) of your seed words, could you share how did you encrypt it, please.

You need to store your wallet backups at locations where you can access when you need it for wallet recovery. If you can not access it at many locations of your wallet backup storage, you're done with losing your bitcoin.

There are many methods to back up your wallet seed phrase, just do it simple, safe and secure. Don't complicate the back up process and self make troubles for yourself in recovery process later.

How to back up a seed phrase? (https://blog.lopp.net/how-to-back-up-a-seed-phrase/)
Seed splitting is a bad idea (https://www.youtube.com/watch?v=p5nSibpfHYE)

You will see one important step: test your back up.
Many people simply make backup but don't test it to see whether it is written down correctly and can be used for recovery that wallet later.

Just write down your seed phrase into a text file and put it in RAR archive with password and file names encryption turned on, be sure to use latest RAR5 version which uses more secure AES256 encryption.
Then just open the encrypted file with hex editor and do a screenshot, then print it.
You must destroy all data on the drive you were doing this process, best method is to boot from live linux distro, mount the disk and delete all files then execute multiple times this command:
The command will stop executing when the disk is full of random data, you then execute it again (just make a loop) multiple times, it will automatically remove the old file and start writing again.
I suggest doing it also every time to the live USB you're using to boot into cold wallet.
Using this command is better than dedicated software shredders because firmware on your SSD drive can prevent from actually writing to certain memory locations so it's better to fill it up 100% at least 5 times with random data.

Looped version:
If it takes 1 hour to fill up whole space, just leave it running for a night.

You need to have your copies in multiple places in case your house gets robbed, at least one of them must not be connected to you at all.

Yes there are plenty methods but the one I am using are the most secure and very simple.


Yes, I always test my backups.

NEVER have your seed phrase stored in plain-text and NEVER write down your password.

I just told you guys how I stay secure, I am not changing my methods because they worked well for me for years and I know enough about security to not trust other methods.

It's too complicated and I don't go with too intricate process that is risky to lose along the way of recovery.

I would like to use a strong password to secure a digital file of my wallet backup. It's enough. Complicate the process too much can result in nightmare in recovery later.

[GUIDE] How to Create a Strong/Secure Password (https://bitcointalk.org/index.php?topic=5132378.0)

With this risk, I'd like to use more than one backup method and make more than one back up. If one method does not work, I have other ones and if one backup is no longer usable, I still have other backups to use for recovery.

You're asking about security of Ledger crap that is closed-source firmware and a company run by some french ring wielding shenanigans that come up with such "great monthly subscription ideas" and lie about their product (...your private key can never leave the device...)? (Dear other french people: don't feel offended, no grudges against french!) I needed this rant...
What do you think where Ledger buys its cheap and crappy screens?

If your Ledger screen is terribly dark but still displays something very faintly, have you tried to amplify that by looking at the screen with a mobile phone camera? I've seen some examples of this intermediate partial remedy of the dying screen issue on Youtube. Try this in a dark environment, of course turn off the mobile phone camera's flashlight.

Maybe worth a try to move your coins from the Ledger wallet if the view by mobile phone camera makes the faint display visible for you. As others said, nothing wrong to use your KeepKey as recovery target device for your Ledger wallet, unless you can't recover all properly.

When you were able to transfer your coins to a new Trezor wallet, do not throw away your recovery details of your Ledger wallet. Do not use the Ledger wallet any further, but keep the recovery details with lower storage security, just in case you need it for whatever purpose may surprise you in the future. (General advise: never completely destroy a wallet you ever used. You never know when you might need it ever again and it doesn't hurt to keep it at low storage security.)

If archiving a file is too complicated for you then you should probably stay away from cryptocurrencies altogether  :D :D :D

Password on a file is not enough if you don't know how to operate cold wallet and left your seed phrase for malwares to recover from your partitions  ;)
I have never implied you should have one copy  ;D
I tried to describe my process as simple as possible but it's still too complicated for you.

Do you even understand what I'm saying right now   ???  

Next time I will prepare images in mspain to describe it visually, it should be understandable for kids over 5 yr old  ;D

I've actually tried both, using my phone camera with and without the flashlight and opening it in the dark, all to no avail. That's why I finally decided to make use of my unopened KeepKey. This is all temporary anyway, while I'm waiting for my Trezor. But I don't mind leaving little amounts to both my KeepKey and Ledger if I finally get the screen replacement. God forbid, but should a $5 wrench attack happens, these 2 might save my main wallet.