Bitcoin Forum

Have a nano ledger s plus.  Months ago, I noticed there was a nano ledger s plus firmware but I did not have a chance to do it.  I am on version 1.1.0 and months ago version 1.1.1 came out.  I was planning to update it but did not get a chance.  I now notice version 1.1.2 is out.


I was using an older version of ledger live for a few months and did the ledger live update from the message you get on the top right.  I'm now on ledger live 2.85.1.  When I did this, I notice that it tells me to update to OS 1.1.2?  Can someone explain to me why it will show that?  So ledger live knows my firmware on my nano ledger s plus is old and out of date?  I did not connect my nano ledger s plus during this time when I just did the ledger live update.  I recall you always update the ledger live first before you go and update the ledger firmware.


Now when I check ledger live update, it seems to say ledger live 2.85 has issues and to revert back to 2.84 below?  I believe I was using ledger live 2.65 or so before I did this update so I didn't go from one update to the next update etc.  


https://support.ledger.com/article/Issues-installing-apps-after-updating-to-Ledger-Live-2-85



I am planning on connecting my nano ledger s plus to my laptop to update the firmware from 1.1.0 to 1.1.2 but now should I delete ledger live first because there seems to be issues with ledger live 2.85?  I'm using 2.85.1 though?



Are there any issues with ledger live 2.85.1 at the moment?  Is it fine to just do a firmware update with the nano ledger s plus or revert back to ledger live 2.84 first?  Could I even do this?  I went from ledger live 2.65 or so to 2.85.1?

Can anyone here confirm version 2.85.1 is working fine?  Why does it show a message that says my firmware is out of date if I didn't connect my ledger to it?


I have to update my nano ledger s plus to it as I have to update the firmware from 1.1.0 to 1.1.2.  I didn't do the 1.1.1 update a while back and then a new 1.1.2 came out.

Hello jerry0, I hope that you are ok.

Sadly for you, it may be rather difficult to find people on this forum who are still using Ledger for real.

After they've announced their "great feature" that they can retrieve the seed off the Ledger devices, we, here, have lost all the remaining faith in them (it was not much tbh after their previous mistakes) and switched to... pretty much anything else.

Even when it's working, Ledger Live isn't safe.  Ledger Live tracks everything you do and the coins you have:



Your Nano S has firmware on it that allows Ledger and other companies to extract your keys over the internet.  You're most likely safe in the short term (though even Ledger admitted they can't prove their code doesn't have backdoors), but I strongly encourage you to switch to a safe hardware wallet.  And since there's no way to prove your keys never left your device, you should start over with a new seed on the new device & move your coins there (nothing can be proven to be safe on a Ledger since their code isn't open).

Look for a hardware wallet that is fully open source.  Open source code is published, which means the company can't hide anything sketchy or downright malicious in it.  For example, Ledger probably had key extraction code in their firmware long before it was outed in spring 2023, but since their code isn't open there's no way to know.

Best bets:  Trezor or ColdCard are excellent and open source.  Or better yet, go DIY with SeedSigner or Krux.

When I log into ledger live now and the version 2.85.1, it does say verion 1.1.2 is the latest OS.  Well that is the latest firmware for the nano ledger s plus.  So did it recognize that I last connected a nano ledger s plus to it?  Does it mean the latest OS is 1.1.2 for the nano ledger s plus even if say I somehow had did a firmware update somewhere else though?  I'm still using firmware 1.1.0.


I want to stick with ledger because I used it for a while.

Yes, it has retained that data from the last time you connected your device to one of Ledger Live's previous versions ^{[the same behavior also exists on Trezor Suite, so I'm pretty sure that's the norm]}.

Can you clarify the second part of the question?

Are you going to say the same thing after losing all your assets?
^{- I hope it never happens, but still...}

Edit 2025: Today i notice this user create 5 threads within 36 minute interval.

https://i.ibb.co/C3QNMrRy/a.png (https://ibb.co/xt6Pf4xb)

---

It seems OP is back to re-ask similar question. To other reader, you might want to read his other thread first,
Nano Ledger S Plus Firmware and Ledger Live Update? (https://bitcointalk.org/index.php?topic=5475881.0), November 29, 2023, 04:47:33 AM
Ledger Live Update? (https://bitcointalk.org/index.php?topic=5464924.0), August 29, 2023, 07:09:55 AM
Ledger Live Update? (https://bitcointalk.org/index.php?topic=5459872.0), July 15, 2023, 06:02:05 AM
Ledger Live Update? (https://bitcointalk.org/index.php?topic=5412258.0), September 03, 2022, 07:45:22 PM
Ledger Firmware Update? (https://bitcointalk.org/index.php?topic=5370410.0), November 11, 2021, 07:26:45 PM
Ledger Live Update (https://bitcointalk.org/index.php?topic=5368393.0), October 30, 2021, 05:43:11 PM
Firmware Update Questions (https://bitcointalk.org/index.php?topic=5337368.0), May 14, 2021, 05:25:03 AM
Ledger Live Update (https://bitcointalk.org/index.php?topic=5292053.0), November 22, 2020, 12:25:51 AM
How often Does Nano Ledger Have a Firmware Update?  (https://bitcointalk.org/index.php?topic=5283107.0), October 19, 2020, 07:40:26 PM

Someone even made thread about his behavior on jerry0 case (https://bitcointalk.org/index.php?topic=5336433.0).

---

I'm not sure whether 2.85.1 fixed that problem, since release message for on 2.85.1[1] doesn't mention anything about fixing the issue. But the support page shows the problem have been fixed around date of version 2.85.1 released[2]. You could try install older version from Ledger Live GitHub release page[3], but you can't stop it's auto-update feature[4].

[1] https://github.com/LedgerHQ/ledger-live/releases/tag/%40ledgerhq%2Flive-desktop%402.85.1 (https://github.com/LedgerHQ/ledger-live/releases/tag/%40ledgerhq%2Flive-desktop%402.85.1)
[2] https://support.ledger.com/article/Issues-installing-apps-after-updating-to-Ledger-Live-2-85 (https://support.ledger.com/article/Issues-installing-apps-after-updating-to-Ledger-Live-2-85)
[3] https://github.com/LedgerHQ/ledger-live/releases (https://github.com/LedgerHQ/ledger-live/releases)
[4] https://support.ledger.com/article/4410960111889-zd (https://support.ledger.com/article/4410960111889-zd)

Do you know or anyone know why after the ledger live update to 2.85.1, it shows


OS 1.1.2 is the latest version


So that would mean ledger live last recognized I connected a nano ledger s plus to it then?  So if someone had a nano ledger s plus and an X, what would it show then for the latest OS version?  Would it be the last ledger device whether the s plus or the X then that was last connected to ledger live?



I did not connect the nano ledger s plus to my laptop during the whole ledger live update. 


So that would mean ledger live recognizes the last device I connected to it was nano ledger s plus?  But what if someone uses and s plus and an X then?

SFR10 already answered your question. For once in your stay on Bitcointalk, can you please read and understand it? When you connected your hardware wallet the last time, the software must have noticed that you are running an older firmware. That's why you are seeing those notifications. The last Nano S Plus firmware version is 1.1.2. Upgrade to it or not, your call. I wouldn't perform any upgrades on a Ledger ever again. We have no way of knowing when the seed extraction vulnerability was added in the code, but we know that Ledger (with or without your help) can extract your seed and share it with multiple 3rd-party companies over the internet.

If you were to connect a different Ledger model to your Ledger Live, the software would pick up its firmware version and suggest the same thing it did for your Nano S Plus if there is a new update available. Test it if you are curious. If you don't have other Ledger models, then there is no point in worrying about what would happen in such a situation.

Okay but anyone that is using a nano ledger s plus, you should upgrade to the latest firmware right?


But you are saying some people are still using old ledger firmware because of how ledger has been with the news from a while back?


To people that have a nano ledger s plus or x, are you using the updated firmware?  Doesn't seem like a good idea to not update the firmware because if you use a very old one, you might have issues like how people are stuck with old firmware for their nano ledger s and have issues with that updating it later on because the firmware is very old?

I would NOT trust Ledger firmware.  I was a Ledger user.  I stopped updating my firmware the day their key extraction firmware code was outed.


It's not that Ledger has been "in the news."  Please understand what Ledger has done.  Ledger added the ability to suck your keys out of your device and send them to Ledger and other companies.  If what I just said doesn't scare you, you don't understand what hardware wallets do and you probably shouldn't be using one, and you should buy Bitcoin ETFs instead.  The entire point of a hardware wallet is to give you the ability to sign transactions on a device that can't be reached over the internet, thus keeping you safely out of reach for hackers. 

By giving your device the ability to be reached over the internet, Ledger made your device unsafe.  Period.

Anyone who says otherwise or makes excuses for what Ledger did is someone you should not trust.  Period.


It isn't a good idea to use any firmware that contains key extraction APIs.  Period.

The more you look for reasons why this doesn't matter, the more you set yourself up for disaster in the future.

Owning Bitcoin means being your own bank.  Using a Ledger means the keys to your bank aren't truly safe anymore.  And by the way, this isn't an issue with other hardware wallets.  ONLY LEDGER added key extraction to their firmware (which is especially bad since their firmware isn't open source.  Not open source means you can't prove what's in their firmware, and since they've admitted their firmware has key extraction APIs and they're selling key extraction as a "service"  ...I'm sorry, but you've got to be crazy if you understand this yet stick with them anyway).

My advice to you: Make a commitment to yourself to stop using Ledger hardware by the end of the year, or if this stuff is too complicated to understand, stop buying Bitcoin and buy Bitcoin ETFs instead.

The thing is, this is a flaw in the hardware, so you are actually dealing with a lose-lose situation. First of all, as we all know, the firmware could potentially perform key extraction. But also, the second thing is, by not updating your firmware, you have now exposed your device to other (potentially serious) security flaws that might be discovered and patched.

The best thing to do here I guess would be to not to use Ledger devices at all.

I get what you mean with your posts.  The thing is I learned how to use ledger a while back and I got used to it.  So I prefer to stick with it.  Me using something else like trezor or something else would be completely new.



The nano ledger s plus firmware 1.1.0 software that I am using is after the nano ledger news right with the recovery?  I remember doing 1 firmware update with it I believe.



So if I still want to continue using nano ledger s plus, would you recommend against doing the firmware update from 1.1.0 to 1.1.2?  The thing is I don't want an issue where I have issues with it later on if the firmware is too old to do an update.  When you do send and receive on your ledger, wouldn't you want your firmware to be up to date?   The other thing is if something was to happen with ledger and the backdoor, wouldn't this be the biggest news ever if they have backdoor to everyone's key?  So very few people here are still using their ledger?  From reading online, I would have thought it was an overreaction to it

Don't think about what you prefer.  Think about safety.


Ledger's firmware is not open.

I stopped updating my Ledger firmware while it still predated Ledger Recover, but since Ledger's firmware isn't fully open source, there was no way to PROVE the firmware didn't already have key extraction capability baked into its code..  That was in spring 2023.  Here's what I did:

#1: I stopped using my Ledger immediately.  Can't prove it's safe?  Won't use it.

#2: I made a commitment to myself to start over with a new hardware wallet by the end of the year.

#3: I spent the next few months learning, so I could make the best decision possible.  And then I switched.

Was that inconvenient?  Yes.  Would I have preferred to stick with the device I already knew?  Of course.  But I care more about the security of my coins than I care about the inconvenience of learning something new.  The fact that you don't means you probably shouldn't be buying Bitcoin.  If you can't handle securing it, no worries.  Go with an ETF.  There's no shame in admitting you're not up to the challenge that comes with securing your own coins.  ETFs didn't exist when I was getting started.  If they did, I might have done that instead (though I love owning my own coins).


I recommend never updating or using any Ledger code ever.  It's not safe.


It won't matter if your coins get stolen due to the device being accessed over the internet by hackers or a rogue employee.  And it's not like Ledger employees haven't already been phished.


Not if the update contains code that lets Ledger and other companies extract your keys.



When it happens, nobody will know until wallets start getting drained.  By that point, it'll be too late.


People who understand how hardware wallets work stopped using Ledger.  People who make brand names part of their own identity and use hardware wallets as a cool form of crypto street cred stuck with Ledger, because they're not very bright.  Back in 2021, idiots on Tiktok were wearing Ledgers on a necklace, like a crypto-bro boast.  They stuck with Ledger because they care more about the brand name than they care about what the thing does.


If you read Ledger's sub on reddit, Ledger deletes posts that complain about their key extraction code and they shadowban users who say anything negative about it.  They probably do that on all of their social media.  That creates an echo chamber of dummies cheering on dummies.

Here's the bottom line:

If you're waiting to see Ledger's key extraction code get hacked before you switch to something safe, it'll be too late.  That's not how a Ledger hack will go down.

When Ledger's key extraction scheme gets hacked, the hackers aren't going to empty wallets.  They're going to want to steal as many keys as possible first, because if they drain wallets, they'll let Ledger know the code was hacked, which will cause Ledger to patch it, which will end the hacker's ability to keep stealing keys.

The hackers are going to want to steal as many keys as possible before they start draining wallets.  And you'll never know if yours is one of them.  For all we know, hackers could already be stealing keys & building a giant stockpile of wallets to hit.

But when they do start draining wallets, I'd expect them to drain a ton of them all at once.  They're gonna hit 'em hard and fast, wiping them all out.

Now, think about how long it's going to take for people to figure out what happened.  Their wallets will have been drained, but they won't know why, and Ledger will be quick to deny their code had anything to do with it.  Ledger will start peddling FUD about other devices.  And other devices will get blamed too, because people who didn't know what they were doing switched from Ledger to a new device but kept the same seed phrase, which the hackers already had.

I think it's just a matter of time before it happens - but the real question is, even if it never happens...  do you REALLY want to spend years wondering if somebody accessed your device every time you turn it on?  Do you REALLY want to spend years wondering if somebody already swiped your keys and is waiting for the right time to drain your wallet?  Do you really want to spend years wondering about every firmware update?  By the way, that firmware has tons of trackers and every update probably adds more.

I'm using a seed that has never touched a Ledger device, and my hardware wallet is 100% open source & airgapped.  I have no worries.  My keys are unhackable.  Yours should be too.

Hey, if you don't care you don't care.  But you can't say you weren't warned in explicit detail.

TL;DR:  Dude.  C'mon.  That firmware can't be trusted.

So are you saying like a huge portion of this subforum here stopped using ledger for this reason?  I would have thought less than 50% stopped using it here.


What wallet do you now use?  To me, the simplest one if I had to guess would be a trezor right?  I heard about wallets like coldcard and others but trezor should be the simplest? 


Did you use a passphrase with your nano ledger?  Wouldn't using that make it very secure then or that still isn't enough for you?


If the hack was to happen the way you described, wouldn't this be the biggest news of all time then? 


The thing is I don't even want to bother creating a passphrase account on nano ledger because I had set up nano ledger a while back and concerned about messing it up.


So wouldn't this mean other devices could do the same thing like ledger but they aren't telling you everything?  I mean ledger said a while back they were open source.

The more knowledge the users have, the more of them that stopped using Ledger.


Krux is my main wallet.  I also use SeedSigner and Blockstream Jade.  I recommend Krux and SeedSigner very highly.  Jade is very safe, and if you buy one it's a great choice, but I find the UI to be kind of clunky, so I'm not a fan.


I agree that Trezor is the easiest fully open source hardware wallet.  It's the best choice for newcomers.  It's an excellent choice.


I did use a passphrase with my Ledger - but Ledger uses code that is closed source.

Closed source code is like a black hole.

There's no way to prove what is in it.
There's no way to prove what it does.
There's no way to prove what it doesn't do.
There's. No. Way. To. PROVE. The. Code. Is. SAFE.  There's no way.


When it happens, it will be huge news, yes.  And it'll be too late for everybody who gets caught up in it because the hack won't make the news when it happens.  When it happens, nobody will know.  Nobody will know their keys were extracted and stolen until their wallets get drained.


Oh, dude.  Just buy the ETF.


Other devices publish their code.  OPEN SOURCE.


The difference is, when Trezor, ColdCard, Blockstream Jade and SeedSigner say they're open source, they mean it and they prove it by publishing every single line of their code.  They prove it.

Ledger lies about being open source because they want to use the term in their marketing, but they don't publish every single line of their code.

The fact that Ledger lies to their customers and lies to their users is another reason why you have to be a fool to stick with them.  And you're desperately trying to find reasons to justify sticking with them, which tells me that you shouldn't be buying Bitcoin at all.  Just buy into an ETF.  If you're not ready to take securing your coins seriously, just buy into an ETF.

I don't plan to buy anymore btc or buy ETF.


So who here is still using ledger.  Like a very small percentage then?

I wouldn't recommend you go for a Coldcard or any of the other models that Meuserna recommended. Not because they are bad recommendations, but because you have had your Ledger for years and haven't learned much. You come back every few months and ask the same questions. It's been like that for years. You wouldn't understand the ins and outs of an airgapped hardware wallet. Go for a Trezor. It's as easy to use as a Ledger.

It would still be a passphrase created on a hardware wallet with a closed-source firmware.

It would be major news in the crypto sphere, but so what? That doesn't mean it couldn't happen just because it would create plenty of drama. 

Other manufacturers could introduce a similar key extraction vulnerability. Secure elements allow for such functions to exist. It's possible. But the only company that has done it so far, that we know of, is Ledger.
 
Certain parts of their systems are open-source, others aren't. The Ledger Live is open-source. The apps you have installed on your Nano are open-source. Their development toolkit is open-source. But unfortunately, their firmware is closed-source and could, in theory, contain anything.

How could any of us answer that question precisely? It's not like someone is keeping score. Besides, what does it matter? You have been told why it isn't a good idea to stick with your Ledger, why care what others do? Many people inject heroin into their arms daily even though it isn't good for you.

Okay so trezor would be the best option if I use another hardware wallet.  There seems to be 3 different trezor wallets.  You mean the middle one the trezor 3 then?  The old cheap trezor one seem to be only for btc?  Then there is trezor 5 which is the most updated and new one but that is not necessary?


Well I wanted to know if there are people here that still stick with ledger with all this news.  I got to assume most people didn't make the switch right?  By that I mean overall and not like the people on this subforum.


The thing is I hate going from one hardware wallet to another after using ledger for this long.  The easiest transition would be trezor.



Now what I want to know is if one chooses to continue to use ledger, should one update the firmware or not?  I am still using 1.1.0 on nano ledger s plus which doesn't have the recover option.  I believe 1.1.1 is the version that has it.  If i update the firmware, it would be 1.1.2 and that obviously will have that recovery option.



The thing is if I don't update the firmware, would I have issues now doing a transaction of sending btc?  I got to assume not right since even if I got a trezor now... well I still have to send the btc from ledger to trezor.  But if it requires firmware update, you do that and then send btc immediately to trezor?


Someone mentioned if you don't update the firmware, there could be security issues.  That is true right?  Thus it's always best to have updated firmware than old outdated firmware?  Like people who have the nano ledger s but have that really old firmware, I heard some people can't even update the firmware anymore right?


Ledger says as long as you don't opt in the recovery program, then there is nothing to be concerned.  You don't trust them when they say this?  Now if something was to happen, this would be bigger news than any crypto news out there.

Any Trezor hardware wallet will secure your Bitcoin well.  You don't need the most expensive model.


Of course there are.  The world will never run out of stupid people.  People do reckless things all the time.  Does that mean you should too?  Only you can decide what's right for you.


I agree that it's annoying.  I'm willing to bet I used Ledger longer than you.  I didn't switch because it would be fun or convenient.  I switched to different hardware because I care about keeping my coins safe long term.


How many times can we say no?  Ledger firmware cannot be trusted.


Here's a step by step guide:

Buy a Trezor.

Let the Trezor create a new wallet with a new seed phrase for you.

Send coins from your Ledger wallet to the addresses at your Trezor.


You don't even remember who said what...  but somebody said something on the internet, so it must be true.  Come on, man.  You need to learn the basics so you can understand what you're doing and why things like open source matter.


Ledger also said this:


Then they wrote code to extract your keys from your device.  Ledger lies.  Ledger lies are even on the boxes for their hardware.


The box for Ledger hardware running closed-source firmware says Open Source. That's intentionally misleading if not outright fraud.  Ledger lies.


No.

How much more clearly can we say it?


It will be like when Mt Gox collapsed.  Or when FTX collapsed.  Or when Voyager collapsed.  Or like many other times when people kept coins where they shouldn't have.  And people like us will just shake our heads in disbelief because we explained the risks so crystal clearly.

You're desperately looking for someone to come along and tell you to stick with Ledger.  If that's what you want to do, DO IT.  I assume you're an adult.  Make adult decisions.

How much is your Bitcoin worth?  Don't tell me.  Say it to yourself.

How much does securing your Bitcoin matter?  Don't tell me.  Say it to yourself.

Be an adult.  Make adult decisions.

Okay so if one was to decide to just keep using ledger and ledger live, do you recommend updating the firmware from 1.1.0 to 1.1.2 or don't do that?


The thing is if I continue to use an updated ledger live with older nano ledger s plus firmware 1.1.0, it is still safe then right or not?  The only issue is if I were to send coins, maybe sometime in the future it won't let me send unless I update the firmware?  I recall reading several cases where people say they couldn't send any coins from their hardware wallet because they were using an older firmware.  Do you know what hardware device is that?  I know the old nano ledger s was an example but has this been a case with nano ledger s plus or x? 


I know people said anyone that is using the old nano ledger s is not affected by this because it doesn't have recovery on it.  So if I continue to use nano ledger s plus with older 1.1.0 firmware which doesn't have ledger recovery, it's still safe from this... correct?


So for the time being, just continue using nano ledger s plus as is with ledger live whether I want to send or receive coins... until it gets to the point where ledger live tell me... you can't send coin until you do a firmware update... is that fine?  However, the issue would be if it gets to that point, then what happens?  You would just enter this nano ledger s plus seed in a new trezor?  Or would you update the nano ledger s plus firmware to and then send to a trezor?


If something big like this happens with ledger, wouldn't something like this happening be even bigger than Mt Gox and all those things combined?  I mean those are exchanges though so isn't the risk there much more? 

No.

Ledger firmware cannot be trusted.

Those people are fools.

Ledger's firmware is not fully open source.  There's no way to know what's in it.  There's no way to prove the older Nano firmware has none of the code required for key extraction.  Even though it isn't compatible with Ledger Recover, it may still have some of the key extraction code, making it vulnerable.

If you can't prove it's safe you should not use it unless you don't care what happens to your coins.

Period.

Trezor, Coldcard, Jade, SeedSigner, and others prove their code is safe by publishing every single line of their code, online, where everyone can check it.

Ledger's entire business model is "Trust Me Bro. (https://twitter.com/oskararnarson/status/1659598900473241601)"

Ledger lies.  They can't be trusted.

Ledger uses closed source code.  It can't be trusted.

Ledger Live contains trackers, so you can kiss your privacy goodbye.

I wouldn't recommend the Trezor One because the company may decide to not support it anymore. There is nothing wrong with the wallet, though. I have one myself. All Trezor models support various altcoins, as long as you install the universal firmware on it. If you install the bitcoin-only firmware, you will only be able to engage with bitcoin, regardless of the model. Not all models have the same support for coins/tokens. That's one difference between Ledger and Trezor. With Ledger, all models have the same coin support. To learn more about this, check Supported Coins & Tokens (https://trezor.io/coins) and find the assets you need on that list.

You are again discussing statistics and numbers. I already told you before that there is no way to know about this for sure. It's not like there is a website where people tick that they have abandoned Ledger and moved to a different manufacturer from where we can get such information.

You shouldn't unless you are fine with having key extraction code in your wallet.

You will not have issues making transactions with older firmware versions. But at one point in the future, it might become outdated and cause issues. It can also turn out to be a security risk if a vulnerability is discovered in older firmware versions. 

The recovery/extraction option shouldn't be there in the first place. I see no point in trusting them that you have a choice to opt in/out. They can very well write code that opts you in by default without even asking you. It's possible.

There is no way to tell. It's all down to whether or not you trust what Ledger says. As was mentioned many times, the firmware is closed-source, you have no way to verify whether they are telling the truth or not.

So what if it's bigger? What's your point? Ledger is too big to fail, is that it? Mt.Gox was at its peak to big to fail. The Roman Empire also collapsed.

So if one wants to still keep their btc in their nano ledger s plus, do you recommend update the firmware or not?  The thing is I haven't done a transaction with it in a while.  But when I do a transaction, if my firmware isn't updated, wouldn't it maybe say you can't do a transaction until you update firmware?


Can someone tell me if they ever used an older firmware version of nano ledger s plus or nano ledger x or any of the newer nano ledger if they had this issue?  I know that people had this issue with the older nano ledger s but what about every other ledger besides that one?


So you say you won't have issues making transactions with older firmware versions.  So that issue never came up with any nano device that wasn't the nano ledger s then?  So only that device had this issue especially with people using real old firmware?  Yes the issue with not updating the firmware is it being outdated and be a security risk.  Then should you update the firmware or not?  I guess if you are someone that is going to continue using the nano ledger s plus and do transactions on it, you should?  What about someone that does very few transactions?  Imagine a few in a year.  But if it is someone that doesn't even use their nano ledger s plus much and just hold, then don't update the firmware?  Like imagine the people who just set it and forget it and rarely ever check their device.  The issue though is the people who did this with the old nano ledger s, well if you check it few years down the line, then you might not be able to update the firmware.


The people that say there isn't anything to worry about, you do believe these are regular people right and not bots?


Well Mt. Gox I recalled was an exchange though correct?  Did they insure people like how banks insured your money up to a certain amount?  This would seem bigger than everything it seems?

No.

Firmware updates from Ledger cannot be trusted.


I believe they are foolish.

I also strongly suspect that many of them are low information users, much like yourself.  I'm not saying that to be mean.  I'm saying that because it is very obvious you have no idea what you're doing.  And you are desperately waiting for somebody to tell you not to worry about it, but you came to a forum where people are much more likely to understand security risks.

Let's spell it out.

LEDGER LIES:


That was a lie because Ledger added key extraction firmware to users devices.

Ledger can't prove their code is safe because it isn't fully open source:


Ledger can't be trusted with your privacy.  Their CEO said so:


Ledger's security can't be trusted.  They've been hacked:


Ledger's code has been hacked, and Ledger took a year to fix it, only after it was reported in the media:


Ledger's hardware has been hacked:


Ledger's bounty payments prevent those who've discovered vulnerabilities from reporting them so Ledger can lie and say they've never been hacked.  More lies.

Ledger has been phished:


Why did an ex-employee still have access to the codebase?  Ledger won't say.


How many former Ledger employees still have access to their codebase?  Ledger won't say, not that we could trust any answer they'd give because Ledger lies.

Ledger's been hacked multiple times, and yet...


Ledger Live tracks everything you do and the coins you have:


How much more proof do you need?

Need more?  I can keep going:


Do you need more?


I know you're thinking "But I'm not using Recover!"  It doesn't matter.  The code to extract your keys is on your device whether you use it or not.  That's not safe.

Do you need more proof that Ledger can't be trusted?

I understand what you are saying.  I appreciate everything you have written.  The thing is if I do not want to move the crypto from the nano ledger s plus to another hardware wallet, you are saying do not update the firmware since I still am using the older 1.1.0 firmware which doesn't have the recovery option.


However, if I plan to use the nano ledger s plus to do transactions, you still recommend that I don't do the firmware update correct?  The issue here is if you don't update firmware, it would risk security issues if using older firmware right?  However, by doing that, now you going to have the firmware with the ledger recovery option on it.  The thing is if you are behind 1 firmware update, that is almost never an issue since most people might not be aware of a new firmware update till weeks or months later.  From history, it seems like a ledger device gets a firmware update twice a year at the most.  But if you are like 2 firmware versions behind, that is still not a concern when sending or receiving with any nano device?  What about people who are using the old nano ledger s right now and using an older firmware version?  Do they have issues sending or receiving?  I mean like an older firmware version for nano ledger s but say 1 or 2 versions behind but not like many versions behind.


The thing is what about people who just keep their crypto in their nano ledger s plus or x and just set it and forget it for years and still using old firmware.  Wouldn't that mean few years later, when they want to move their crypto, then they might have an issue if their firmware is too outdated?  So the only way to move the crypto would be either update the firmware or enter their seed phrase in a new hardware wallet?  But then after doing that, they should then transfer it to another seed in the same hardware wallet... say the trezor in this example?  Right now, I want to still use the nano ledger s plus and the thing is I rarely do much transactions on it.  But when I do transactions, my concern is using an old outdated version.  It is likely I could continue using 1.1.0 for a long time like even after it has another 3 firmware updates so say now I'm 5 firmware updates behind on the nano ledger s plus?

DO NOT UPDATE LEDGER FIRMWARE.

DO NOT UPDATE LEDGER LIVE.

DO NOT.

DUDE.

Ledger firmware cannot be trusted.  It has key extraction APIs.

Ledger Live cannot be trusted.  It has tons of trackers.

Ledger, the company, cannot be trusted.
They lie to their users.
They lie to their customers.
They lie to journalists.
Nothing Ledger says can be trusted.


IT DOES NOT HAVE THE OPTION BUT IT STILL MAY HAVE SOME OF THE CODE.

You are assuming it does not have any of the code required for Ledger Recover.  That is dangerous and probably wrong.  Your firmware may not be compatible with Ledger Recover but that does not mean your firmware does not have key extraction APIs already built in.  And since the firmware on your device isn't fully open, you cannot prove that it's safe.

For anyone who understands security, or even cares about security, that's game over.

Just because the firmware on your device isn't compatible with Recover, that does not mean it doesn't have some of the key extraction code.

It is very likely the code for Recover was in the works, at least in testing and possibly on users devices, for a long time before it was made public.

I updated ledger live after not updating it for a while.  I still have not updated the firmware yet and the old firmware I have does not have ledger recovery.


Do you say if I'm going to use my nano ledger s plus anyway, just use the old firmware in the time being then?  That is until I can't send any coin and ledger live tell me to update the firmware?  But wouldn't that mean by then, I have to do the firmware update? 



What about people who rarely check their nano ledger s plus or x then and just check ledger live few times a year then?  Those people should move their coin to another wallet but if they don't, it isn't as bad because they aren't using the new firmware with the ledger recover.  I am surprised not one person here seem to say they are fine with ledger?

That was a mistake.  Ledger Live has trackers.  Tons of them.  And you probably updated it to add even more.


Doesn't matter.  The code is on your device.  And also, the feature is called "Recover," not recovery.


You desperately want to be told it's fine to trust Ledger & update your firmware.  I'm not going to lie and say that.  And I doubt other members of this forum will either.  People here care about securing their Bitcoin.


It doesn't matter if they don't use Ledger Recover.

Hackers don't care if you're using Recover.  Even if you don't use Recover, the code to extract your keys is on your device.  It's part of the firmware.

Reread that paragraph so you can understand it:

Even if you don't use Recover, the code to extract your keys is on your device.  It's part of the firmware.

Key extraction firmware is not safe.  And it's only going to get more dangerous as time goes by, as hackers have more time to crack it. Since hackers have already phished a Ledger employee to gain access to Ledger's codebase, they may already have access to more of the key extraction scheme than just the firmware.


Why would they?

It's not safe.

In the amount of time you've spent trying to convince yourself it's fine to trust Ledger, you could have learned how to use a Trezor, or a ColdCard, or a Jade, or even a SeedSigner.

@Meuserna I must admit you have strong persistence to answer OP circular question.


Comparing Ledger with Mt. Gox doesn't even make sense. Few years ago, Ledger and Trezor was most popular hardware wallet brands, while now there are so many brands of hardware wallet.

Jesus Christ! I forgot what it feels like talking to you. ;D It's like having a severe hangover and head trauma multiplied by 3.

Tell us something with just YES or NO. Do you have any intentions of abandoning Ledger as the hardware service for protecting your keys? YES or NO.
We have tried to point out the potential dangers and explain what could happen. It's a waste of everyone's time to continue doing that and answering the current and upcoming variations of the same type of questions over and over again. If you plan on staying with Ledger, then good luck to you. Update the firmware and keep using your Nanos. If you want to migrate to a different manufacturer, this thread has already provided you with reasons why you should do that.

I know, but jerry0 is hoping that someone is going to say, "You are right. It would cause major headlines if hackers found a way to exploit Ledger via Ledger Recover (or otherwise), and so it's not going to happen. Don't worry". He is not going to get that answer. It feels like he expects a hug and pat on the back and support that he is doing the right thing. In reality, it could turn out to be the exact opposite.

So do people here don't trust ledger then?  If they already made a statement that isn't true, you think they would do this again and make another statement that is untrue?  If this was a big issue, wouldn't they get new firmware to fix this issue as quick as possible?


Do you believe ledger believes in that statement, as long as you don't opt in recovery, everything is fine?  Or do you think they just say that but 100% sure but just want to do that to not get ledger users concerned?  The thing is if something goes wrong, this will probably be the biggest news in history.  What happened with Mt. Gox, that is an exchange though so isn't this much different?


No.  I don't want to abandon the ledger.  I used it for a while and don't want to go to another wallet.  Back then it was either ledger or trezor.  The thing is if I want to keep using my ledger, should I update the firmware or not?  That is my question here.  The pros would be updated firmware so won't be using old outdated software that might have security issues.  The other pro is since it's updated, it won't have issues like you can't send a coin because you need to update the firmware first.  I heard lot of old nano ledger s had this issue.  But does anyone know of cases with ledger nano s plus or the nano ledger x with these issues?  The cons of updating is doing that will mean you wlll have firmware that includes recovery even if you do not use it.  The other thing is how long could you even use the ledger nano s plus until you have to do an update before you can't send any coin?  Like if it gets to firmware 1.1.8, isn't that going to be most likely you have issue sending?  The thing is eventually, you have to update the firmware right? 


So if ledger does a firmware update that removes recovery, you all still won't trust it?


So they can't go from closed source to open source now? 


I'm curious but is there anyone here that used ledger recovery?  The thing is if there are going to be issues, it would be people using ledger recovery first?  The thing is what about people who bought an old nano ledger s and don't even follow the news then about all this.  Not everyone follows the news and someone that used a nano ledger s or s plus or x could just be a holder and don't even update firmware or check it?

[size=120pt]NO.[/size]

Ledger cannot be trusted.


Ledger makes untrue statements all the time.  Ledger even lies on the packaging for their devices:

https://i.redd.it/dysdk6j9516b1.jpg

"WE ARE OPEN SOURCE"

The box for Ledger hardware that runs closed-source firmware says Open Source. That's intentionally misleading if not outright fraud.


NO.

They know they're lying.


You don't even know the name of the feature.  Good grief.  It's not "recovery."  The name of the feature is Ledger Recover, and it is dangerous.  It uses key extraction code in its API which is built into their firmware, which is not fully open source.


They're lying to, as you put it, not get Ledger users concerned, as if to say "Hey everybody in Flint Michigan, don't worry about the toxins in your water.  It's fiiiiiiiiiiiiiiiine."


No, it won't, and I'll tell you why.

The more I think about it, the more I realize something...

People who are serious about safety and security left Ledger last year.  So, when Ledger's key extraction code gets hacked, the hackers are going to get tons of keys belonging to people who don't own much Bitcoin.



Then act like an adult and take responsibility for your decisions.

Stop trying to find somebody who will tell you what you want to hear.  Staying with Ledger is foolish, but you want to do it anyway, so be an adult and take responsibility for that decision.

Write this down on a piece of paper and store it with your Ledger:

"If I get hacked and lose my Bitcoin, it's my own fault, and I'm ok with that.  I was warned and I chose to do nothing.  That was my decision."


No.

Ledger firmware cannot be trusted.

When I was getting started with Bitcoin years ago, I was a clueless noob, just as we all were.  Somebody helped me avoid disaster.  I'm trying to pay that kindness forward.  Oh, lawd, I'm tryin'!

Well what is posted in the box was a while back.  But you are saying ledger has been closed source the entire time since they started?  Or you mean they were open source and then moved to close source?  The closed source is when they introduced ledger recovery right?


So you are telling me there is no bitcoin expert that is using ledger then anymore?  As you say only the people who have a serious amount of bitcoin moved to different wallet?  So someone like Max Keiser and those people on youtube with their cryptocurrency channels, almost all moved to another hardware wallet?  I guess it's different if you comparing someone serious on youtube to person that just wants views?



If ledger truly thinks they are at risk, what could they do to fix the issue where you would trust them?  New firmware you won't trust but can they make it open source for you to check or you can't anymore?  So if that is the case when is the seed phrase at risk then?  Even before they introduced ledger recovery?  Or after they did ledger recovery?

They've always been closed source.


It's RECOVER, not recovery.

Good grief man, at least learn the name.  Wow.

You're an adult.  You've been given the facts.  Make a decision and own up to it.

This is me: In spring 2023, I was presented with the facts that Ledger added key extraction code to their firmware.  I made the decision to spend the rest of the year researching other hardware wallets and other methods for securing my Bitcoin.  In fall 2023, I bought new hardware.  And in December 2023, I moved my Bitcoin.  I'm an adult.  That was my decision and my course of action.  I sleep sound, knowing my Bitcoin security is unhackable.

This is you:  "But but but but but but but but but but but...  I don't wanna!"

You're an adult.  You've been given the facts.  Make a decision and own up to it.

Is the frustration slowly building up?  ;D

Jerry doesn't learn. I am not trying to be mean to him, but that's a fact. He either doesn't want to or he can't. I don't know if you remember him from the past few years, but what you have experienced here is basically what it's like to talk to him. It doesn't matter what subject it is. There are tons of questions and they are all about the same things he asks every 3-4 months.

I would suggest you don't try to educate him anymore. He answered the main question I wanted to ask him: if he is planning to abandon Ledger. He says he isn't, so your efforts are wasted. Most people don't even reply to him anymore. I am sure you can see why.

Before someone else mention that source code of certain parts of Ledger is publicly available, it's worth to mention source code available isn't always equal open source. Here's a relevant discussion, Ledger Open Source Fakery?! (https://bitcointalk.org/index.php?topic=5467841.0).


It's one of reason people ignore OP and even leaving neutral feedback.

The box you posted, what ledger device is that?  I thought back then it was said ledger was open sourced.  So they said they were closed source the entire time even back when the 2 most popular wallets was ledger or trezor?


The thing is if they said they were closed sourced back then, wouldn't most people not use ledger?  Or you mean they said they were closed source but only when the recover news happen, they are actually closed source and not open source?



I do not want to abandon ledger.  Since ledger is most likely the simplest wallet to use.  That is why I want to stick with it.  If I move to another hardware wallet, it would have to be trezor as that probably is the same skill in terms of learning to use another wallet.  I'm just shocked very few people are sticking with ledger because of this.  No all the people on youtube that talked great about ledger, is almost everyone of them using another hardware wallet now?

You have a fixation with other people.  Comment after comment, you ask about other people.  Other people, other people, other people.

You've been given the facts.  In my replies, I also linked to sources so you could read more, though I suspect you did not.  Instead, you ask again and again about other people.  Other people, other people, other people.

Other people stuck with Voyager, even after there were warning signs, and they got screwed.

Other people stuck with FTX, even after there were warning signs, and they got screwed.

Other people stuck with Terra and Luna, even after there were warning signs, and they got screwed.

Other people buy into rug pull after rug pull after rug pull, even when the warning signs are crystal clear, and they get screwed.

Other people ignore obvious signs that Ledger cannot be trusted.  Time will tell their fate.

Many youtubers still push Ledger devices because they only care about getting views.  Others are getting free devices from Ledger, and I strongly suspect some are paid shills.

I assume you are an adult, not a child, though do correct me if I'm wrong about that assumption.

I assume you are an adult.

Make an adult decision.

Only you can do that.

You've been given the facts countless times.

Secure element used by Ledger always has been closed source.


That's naive thinking. Outside this forum and other few privacy/open-source oriented community, most people doesn't care whether digital product they use is closed source or not. Should i remind you that Windows (a closed source OS) remains most popular OS for desktop and notebook?

What about people that put their coins in ledger a while back just put it in a safe deposit box or whatnot?  So someone like that who did that years ago and do it with the nano ledger s might not even know about this then.  So unless you check or read online, how would people even know about this? 


If ledger device always has been closed source, then why was it even recommended so much like trezor then?  I recall open source is what you want right?  So if ledger always been closed source, why everyone here recommended ledger then?


So you are saying people who are still talking good about ledger on youtube on shills but they aren't using it anymore? 

YES.

They're shilling for clicks and views.  Some of them are probably paid for reviews.  Many of them do reviews to get free hardware.  They may use Ledger for testing, but probably not to secure their real coins.  And some of them are gadget guys who like the cool looking devices but don't understand the security of the devices they review.  Even among the few youtubers who are honest, most of them are reluctant to call out the dangers of what Ledger is doing because they will get attacked online for doing so.

How much more crystal clear can we be?

Again: Stop asking about other people.  Start thinking about the safety of your own Bitcoin.  Enough of the "but what about the people who" nonsense.  Stop asking about other people.  Start thinking about the safety of your own Bitcoin.

Good grief.

So which users on youtube are honest then where they use to support ledger but now say they no longer support it?  Very few if any?  I checked and it doesn't seem like that many people who use to talk good about ledger back then are talking bad about them now?


So it took you many months thinking about it when the recover came out.  Then decided to move to another wallet.  At any point during the time you were thinking about it, did you think your coins were at risk after the recover announcement?  But you figure if something happens, it won't be that soon after that recover annoucement?


Now if you had to use your ledger device still, did you use a nano ledger plus or the X or another one?  If you had to continue using it and still on with old firmware that doesn't have recover, you would strongly recommend against updating the firmware right?  So during those few months you were thinking about it, did you send or receive any crypto to your ledger anytime?  So if one doesn't plan to send or receive crypto anytime soon but want to keep using their nano ledger for holding, then just don't update firmware then?  Ledger live I already updated it last time.

It took me several months because I decided to start over from scratch.  I could have just bought a Trezor or a Blockstream Jade, created a new seed and moved my coins there.  Done.

But instead, I decided to spend time learning as much as I could about everything involved with securing a wallet.

I researched multisig and best practices for multisig backups.

I researched things like BIP85.

I researched derivation paths, accounts, Native Segwit vs Taproot, etc etc etc.

I researched features that I wanted from a hardware wallet.  I'm not saying what I wanted should be what you want, but here was my list:

Fully open source.

Encrypted Seed QR.

Passphrase QR.

The ability to use the device airgapped.

The ability to use the device stateless.

Plaintext QR in and out.

A large screen, in order to easily see everything in full detail.

Etc etc etc.

EDITED to add:  Again, I'm not saying you should want those things.  I'm saying, I started from square one and said to myself "Since I have to make a change, what else should I be changing, and what else should I know?"  I don't view learning as something to be afraid of.  I view it as something that makes me smarter, and in this case, safer.


The day Ledger's key extraction scheme was outed, I immediately stopped using my Ledger devices.  Immediately.  I no longer considered my Ledger hardware safe.  It was easy for me to stop using Ledger hardware since I don't spend Bitcoin.  I buy and hold long term.

I also stopped using Ledger Live.  That piece of trash has tons of trackers.  It's not safe if you care about your privacy.


Right.  I've already explained this.

When Ledger's key extraction code gets hacked, the hackers aren't going to drain wallets right away because they're not going to want to let Ledger know they've been hacked.  The hackers are going to want to keep the exploit a secret while they steal as many keys as they can, because the moment Ledger finds out they've been hacked, Ledger can start working on a patch, which would stop hackers from stealing more keys.

Reread that paragraph if you didn't understand what I just said.

Hackers won't want Ledger to patch the buggy code.  Hackers will want to steal as many users keys as possible before draining wallets, because when they start draining wallets Ledger will find out they've been hacked.

When Ledger gets hacked, or when YOU get hacked, you're not going to know.  In fact, there's no way for you to know if hackers already have your keys.  I doubt that they do, but since there's no way to know, it means you're not safe using Ledger hardware or software, and you're not safe using a seed that has ever been used on Ledger hardware or software.

I cannot believe we need to have this conversation.

Ledger hardware is not safe.

Ledger code is not safe.

Ledger admitted they can't prove their code has no backdoors.  They can't prove it because their code isn't open.  Open source wallets easily prove their code is safe by saying "Here's the code.  Every single line."  Ledger can't do that.  Ledger can't be trusted.

Dude.  We've gone out of our way to try to help you be safe.  We're not shilling for a different company's stuff.  We're saying Ledger isn't safe.  Move your coins to a seed protected by a device that IS safe.

In the past you only had two big hardware wallet manufacturers. Those were Trezor and Ledger. If someone owned a hardware wallet back then, 9/10 times they owned one of those two brands. Ledger is still the most sold hardware wallet in the world, despite everything that happened in the past. But other companies are making strides as well.

Despite its closed-source nature, Ledger was recommended because they were good at what they were doing. Then came the Nano X with its many battery problems. Then came the hacking incident, where sensitive customer data was leaked both from their servers and a 3rd-party marketing agency. Then they started lying and playing it down as not being that big of a deal. Now we have the Ledger Recover fiasco and an ex-employee who supposedly still had access to company accounts for no valid reasons. Those are just the biggest concerns. There are other smaller issues with this company.

When you look at all that, no sensible and well-intentioned person can recommend this wallet to others. But none of this should be of any concern to you because you will keep using Ledger no matter what happens. Hopefully, your lack of sense won't come back and bite you in the ass. If it does, it will be your fault.

But, YG advertised Ledger in one of his Music Videos so Ledger must be a cool thing if gangsters use it.

Jerry is such a difficult person.  I do honestly think Ledger is still being used by a LOT of people, but mostly for Shit Coins that for the most part end up becoming worthless anyway.  This is pretty much all Ledger is about right now.  A tool to handle Shit Coins.  And just like you may get Scammed holding a Shit Coin that is heavily Centralized or built to fail at some point in the future as soon as the Developers get Rich enough, Ledger is in the same boat.  It is only seemingly bound to fail continuously and constantly.

The truth is, there are other ways to handle Shit Coins that are safer but less convenient.  You could run Full Nodes of some of them if they have their own Blockchain, or if they are Ethereum Tokens then just use a Secure Ethereum Wallet and start from there.  But this is at the cost of convenience.  Now it is completely and entirely up to you which is a priority for the Coins you own.

Trezor is nice and all.  But it does not support many Shit Coins.  So make sure the model you are planning to purchase supports the Altcoins you want to hold.

If ledger knows it isn't safe, why are they not letting everyone know about it or say we recommend you move your coins then?  They are still advertising new products.  If they say okay we think there is risk so either go to another device or buy a new one... say this new ledger device is safe... then wouldn't people feel more comfortable than if someone was to happen?

Ledger and Trezor was the most popular.  But back then trezor had several security issues so people say go with ledger. 


So what wallet is used to hold most coins that ledger supports then?  Trezor 3?  All these other wallets doesn't seem that big name yet so I thought you should always go with a big name.  The thing is I have a tough time thinking ledger thinks they are unsafe. 

Ledger is making money off it.  Ledger is selling key extraction as a subscription service.

Here's what Ledger's CEO said about Ledger Recover:


"That product" is Ledger Recover.  Ledger's own CEO recommended not using it, but what he didn't mention is that it's baked into their firmware, which means the code to extract your keys is on YOUR hardware even if you don't subscribe to their scammy service, even if you don't use it.  The quote is from the What Bitcoin Did podcast.  Here's the video:

https://youtu.be/M3VjQUcyZSY?t=2342

Ledger is ignoring the dangers of adding an API for key extraction to the firmware for their hardware wallets.  They're ignoring it because they're greedy.

Long term, Ledger wants to sell devices for $150 & then make an additional $120 a year from suckers who subscribe to Recover.

Okay so he says if privacy is important to you, do not use the product anymore.  But what about people who used it for a while until now then?  Like you used ledger live the whole time until you stopped when they announced recover. 



The thing is that line that person said, it mentions privacy.  You say it's with the firmware.  If that is true, why are there still people supporting ledger then?  It certainly isn't lot most ledger users that are saying bad things against them... but you say these are people who don't know that much. 



Has there been any case of someone getting hacked who subscribed to recover?  What percentage of ledger users do you think subscribe to it?  Got to be 5% or less right?  The thing is do most experts all agree pretty much ledger isn't safe?  I just don't get that is how everyone feels though.

You quoted me in this reply but I feel like these two sentences above are more of a general warning or perhaps directed towards Jerry. Anyways, he has no plans to move away from Ledger. He made that abundantly clear. Thus, there is no point in trying to tech him anything new.

It's like talking to a little child trapped in a grown up's body. I assume you are grown up.

Because the world is full with people like you. Incapable of thinking and making the right decision. Regardless of how long you will be a bitcoin/crypto holder, you will never learn to think for yourself. You will never learn to read a simple piece of text, understand it, and not ask your standard stupid questions, which prove you didn't understand anything. That's just reality.

So this is a question to everyone here.  If someone wants to stick with ledger, do you recommend them to update the firmware or use old firmware then?  If they are just a holder and don't plan to do transactions for a while, don't update the firmware.  But if someone is going to do a few transactions total, do you still recommend against updating the firmware to the one that has the recover?

NO.


YES.

It's time for mods to lock this thread.  The OP is asking the same question again and again.  He ignores the responses and then asks the same question again.

jerry0 no one else wants to talk to you because of the way you are. Haven't you noticed that? Your incapability to learn anything and grasp meanings has pushed everyone away. What you are left with are very few people who are also getting frustrated by you, trying to teach you something. Keep it up, and they will disappear as well, and you will have to find another place to ask whether or not you should update your Ledger every few months.

That is how it has been for a very long time now, even the neutral feedbacks on the op's trust page is evidence of that. I really don't know what could be the problem, if it is comprehension or trolling, hard to tell honestly. However, i don't think mods will lock the topic, the best thing to do is to ignore op's question, or you take the route that so many members have taken and that is to put jerry0 into your ignore list, and i feel that's the right thing to do.

The reason why I don't want to move from ledger is because I don't want to move my coins from ledger.  I'm concerned there would be issues when sending to a new hardware wallet.  Now if you send coins from ledger to trezor, yes you are going to test a small amount first.  But then you have to make sure that everything in that trezor is good to go before you send everything.


So how would you do it then?  Send a tiny amount from ledger to trezor.  Then reset the trezor.  Then enter seed in trezor to make sure it shows that amount of coin right?  Then you send everything from ledger to trezor or do you do a small amount again before doing everything?  Should you wait a few days before you send the rest of it?


The thing is I'm comfortable with the ledger.  If i use something else and then send the coin and something goes wrong, that is what I want to avoid.  I read some people say how coins on ledger are safe and you doing so many things that is not necessary could cause mistakes to happen.

I don't know a polite way to ask this, so I apologize if I'm being rude.  I promise, that is not my intention.

Do you have a learning disability?  If you do, it might be helpful to let us know how we can better communicate with you, because clearly there's something else going on here, other than you just wanting to stick with a product you're already familiar with.

You're just asking the same questions again and again without ever adding any context whatsoever.

I don't want to move crypto from the ledger because when I set it up a while back, I didn't want to do it again.  I felt comfortable with ledger.


How did you all send the crypto from ledger to a new wallet like the trezor?  You send a tiny amount to trezor and then reset the trezor to make sure that tiny amount of crypto is there.  Then you send everything on the 2nd send? 


So you all feel comfortable doing that?  Or you wait a while before you send the rest of it?  The issue is someone can make a mistake going from one wallet to another. 

It's the exact same process as sending Bitcoin anywhere.

Since your seed phrase has been used on a Ledger device, I would consider it to be possibly compromised.  Maybe it's fine?  Since there's no way to know, there's no reason to take that risk.  You could just buy a Trezor and restore your seed phrase on it, and your Trezor would rebuild your same wallet & find your coins where they are, but since your seed was used on a Ledger with closed source firmware and key extraction ability, you can't prove your seed never left your device.  That's why you're better off starting over with a seed phrase that never touched Ledger hardware.

I hope you understand that your coins are not on your Ledger.  Your coins are on the blockchain.  Your Ledger holds your keys.

My advice is this:  Buy a Trezor.  Play with it for a while to learn how it works.  Set up a new seed phrase on it, and back up your new seed phrase properly by writing it down on paper and making a metal backup.  Spend time learning how to use your Trezor.  Don't rush.  It's not hard, but it makes sense to take your time, because why not?

Then, when you're ready...  as a test, send a little Bitcoin from the wallet on your Ledger to an address from the wallet on your Trezor.  Confirm everything worked as expected.  When you receive the coins you sent to your Trezor wallet as a test, you're set.  Send the rest whenever you want.

Last, but not least, you might want to consider keeping your Ledger as a decoy wallet.  To do this, after you've moved all of your coins off the seed on the Ledger, wipe out the Ledger and create another new seed specifically to use as a decoy wallet.  Buy some sort of junk altcoin, like maybe a bunch of Doge or Shib, and send them to an address on the Ledger wallet.  Then unplug the Ledger & put a post-it note on it, with a note implying that it's your super important stuff.

If I thought your technical abilities were stronger, I'd recommend getting a SeedSigner instead of a Trezor, because with a SeedSigner you're not using any company's stuff.  Maybe check out some videos on SeedSigner before buying a Trezor.  It's easy to use.  With SeedSigner, you'd need a companion wallet app.  BlueWallet is free and open source, and EASY to use.

I know the process is the same when you send it to another wallet.  The thing is with how much I used ledger throughout all this time, I just want to stick with it.  The other thing is I don't want to move the crypto from it because when I sent it from electrum a while back, I thought okay it's in a cold wallet now.


The thing is if I get a new device like a trezor and just enter the seed phrase into it, to me that isn't that complicated and I would prefer that.  However, like you said that would be using the same nano ledger seed phrase.  The thing is I don't want to move the crypto from one seed phrase to another.  So whether it's doing this from a ledger to another ledger with a different seed phrase or a ledger to trezor, that would be almost the same.  Like if you ask would I rather get a trezor and just enter the seed phrase to it to transfer the crypto or get another ledger and create a new seed phrase and then send from this ledger to the new ledger, I would choose the 1st option believe it or not. 


Yes I know the coins are not in the ledger and in the blockchain.


I just don't want to try new things.  I am someone that if I use something I want to stick with it.  Like if I was told you should use mac or windows when i use windows or mac, I just don't want to make the change. 


When you do the test and send a tiny amount of bitcoin from ledger to trezor and it works, do most people then just send the rest in one send?  The thing is you didn't mention about testing your trezor seed phrase or resetting the device just to make sure your trezor seed phrase is correct before you send the remaining amount from ledger.  The thing is someone could make a mistake when doing this. 


How many times have you heard of people making a mistake sending crypto when going from one hardware wallet to another or just making a new seed phrase to send to and a mistake happening.  That is why I'm hesistant on just going with a new wallet.  Put it this way.  I wouldn't even feel comfortable using a ledger to do transactions where you have to download metamask and things like that.  If I was to do those type of trading, I would buy a completely new ledger or hardware wallet for that. 

Fewer times than I've hear of people losing their coins because they stuck with something they were used to.

If you're just going to stick with Ledger, then do it.

Why keep replying if you know you'll be told you're making an unwise decision?

Ledger can't be trusted.  If you stick with them, everything will be fine...  until one day, maybe years from now, when your wallet is empty & you'll start looking for somebody to blame.  When that day comes, stand in front of a mirror and point straight forward.  You were warned.

Someone said when people start moving their coins a lot, there is a greater chance of something going wrong. 


Well I want to stick with ledger.  The only thing is should I update the firmware or not.  Like if I know I can continue using the nano ledger s plus with the older firmware I have, then I would continue to do it until I cannot.  However, I don't want the firmware to be so old where I can't even update the firmware later on.  The thing is I'm not sure how long before i have to update the firmware before I could use it to send or receive.


Does anyone here have experience with older firmware and then couldn't performed a transaction until you updated firmware?  If so, which nano device was it and how far behind were you in terms of firmware?

Jerry, look outside, but do it carefully! Do you see that van? It's the Ledger people. They have come for you. You can recognize them by the vehicle you see parked outside of your house. It's either a black or white van. It could also be a vehicle of any other type and color. The bastards are sneaky. They read this thread and believe that you might be abandoning Ledger, so they want to take you out on a ride and talk to you.

Well I can use another example.  Imagine someone puts certain items in their security deposit box in the bank.  However, there is talk about how people say the bank might go bankrupt or something negative about the bank.  Now this person could go to their security deposit box in the bank and then move it to another bank.  The issue though is when they do this, they have to be very careful when bringing whatever item is there to another bank during the process.  So this example is obviously not the same.  My point is that I feel ledger is good and I don't want to move it to another hardware wallet.


The thing though is I would feel more comfortable buying a trezor and then entering the seed phrase into it as oppose to buying another nano ledger device and creating a new seed phrase and then transferring the coins from one nano ledger to another.  So what are your thoughts on that then?


I like ledger.  I like it because I don't want to make a mistake transferring coins from ledger to a completely new hardware wallet.  I am just shocked so many people are against ledger. 

Is your backup so complicated that you don't want to create a new seed? I dunno man, people explained the risk so many times on different threads on this board, I don't think you should be surprised anymore. If you're that stubborn and don't want to try new things, what do you hope to gain by asking people to try to convince you to stop using Ledger/the same seed phrase?

Just try to use new things. It's not like you have to move your funds right away after you buy or set up a new device. Get yourself familiar with it, prepare the new backup, read the docs, etc. CMIIW.

Having to create a new seed is going to complicate a lot of things.  I just prefer the way I had set it up.


I know as long as you send it to the correct btc address, it is fine.  But are people here really comfortable whenever they do this and send the entire amount of crypto from a ledger to another hardware wallet?  When you send from one wallet to a new wallet, you should be sending a small test amount to make sure it's there.  But do people all send everything in the 2nd transfer?  Or do people wait a while before they do the rest of the transfer? 


The thing is I would like to continue using ledger as I'm used to it.  The only other wallet I would feel comfortable is the trezor based on what I read.  The thing is ledger is the one I'm most comfortable with.  I guess you can say it's like hey someone uses mac or windows and now they are told they should use the other one and you don't want really want to. 

If you use ledger with electrum, does that mean you don't have to update the ledger device firmware then?  Or you eventually will have to update the ledger device after many years?

You shouldn't be buying Bitcoin if you're struggling THIS MUCH with something so basic.  You don't have the understanding or abilities to do even the most bare bones basic transactions and self custody, which means you're setting yourself up for disaster.

Wow.

Seriously, wow.

If the total value of your Bitcoin is more than $10,000, you should strongly consider selling it and buying into an ETF instead because you have absolutely no idea what you're doing and no understanding at all of...  well...  anything, which means you're going to get hurt when you screw up.  You're going to either lose your coins or get hacked, and the longer you hole, the more I'd bet on you getting hacked because you don't even understand the basics.

This whole conversation is shocking.

Please give serious thought to whether or not you have the ability to do self custody and what you should be doing instead.  You're scared to death of learning, which means all of this is beyond your abilities.  I strongly recommend you consider selling and buying into an ETF instead.

I am not a newbie.  I have sent/received bitcoin for a while already.  I just get nervous whenever I send or receive unless I'm sending a very tiny amount.  Like if I send a small tiny test amount, I would do another small transfer at least before sending a bigger amount.


The thing is I don't want to send the btc from the nano ledger s plus to a new hardware wallet because this is going to require me to transfer it there.  If I was to enter the seed phrase into a trezor, I would feel much more comfortable doing that.  Transferring is much different for me.  Yes I make sure to check many times of the address when sending but it always gives me a bit of anxiety when doing this.  Now if I was to send to coinbase, I am not that concerned because I transferred there previous but only tiny amounts.  Even if I send to coinbase, I usually do a few transactions.


I heard about ETF but do not want anything to do with that.  I just don't want to move bitcoin from the nano ledger s plus as when everything was sent there, I felt comfortable like I don't need to move it to another wallet.  Does that make sense?  Like imagine having important things in a bank safe deposit box and now people say that the bank isn't safe and to move anything you have there to another bank.  Then you have other people say there isn't a concern.  The thing is you could move your stuff from a bank safety bank to another but during this process, you have to go to that bank and take everything out of your safe deposit bank and safely transfer the things in it to another bank so something wrong could happen during that process.  In this situation, it's a bit similar if you make a mistake with the new hardware wallet.  Like imagine you didn't set it up correctly even though you did.  So if you want to do this, you have to make sure you set the wallet up correctly, then send a tiny amount of btc there.  Then reset that new hardware wallet and make sure the tiny amount of btc is still there before you send the rest of it there.  I mean, I'm sure there are people that probably send several transactions as oppose to one final transfer if sending a big amount to them makes them uncomfortable?

So then shut the f*** up and stop wasting everyone's time. Come back in a few months to ask us if you should perform a Ledger Live update and update the firmware of your hardware wallet. Then ask how everyone else does it. How many people update immediately, how many wait one week, one month, two months... You know, the usually nutjob questions you ask on this forum. You are staying with Ledger, fine. Case closed! You don't want to and can't learn anything new. Fine. Don't think about it and don't ask questions about it. Forget everything Meuserna has tried to tech you and just do your thing. 

Yes, it makes perfect sense if you are schizophrenic and paranoid.

If you do not want to move your coins from nano ledger s plus, do you recommend updating the firmware or not? 


The answer from everyone is no then right?


The answer is no if you don't plan to do transactions and just hold?


The answer is still more no if you plan to do a few transactions?  It's just you do the firmware update when you have to do a transaction?


The thing is this recover thing makes it hard to decide if one should update the firmware or not.  Lot of people didn't know what to do back then.

Right.

You've been asking the exact same question for a month and you always get the exact same answer, but you keep asking because you're looking for permission to make a bad decision.  We're not going to tell you to do something reckless.

Ledger firmware cannot be trusted.  Ledger, as a company, cannot be trusted.



The answer is no.  Full stop: no.

That firmware cannot be trusted.

Day after day, week after week, post after post, you ask the same questions and get the same answers.  You're looking for permission.  That makes it clear you don't know what you're doing and you don't have the ability to do self custody.  You need to seriously consider switching to an EFT.

At some point, you are going to lose your Bitcoin because the basics of self custody are beyond your abilities.  Before you lose your Bitcoin, you would be wise to sell it and use the money to buy into an ETF.


"This Recover Thing" makes it EASY to do decide if one should update the firmware or not.

The answer is NO.

We're talking about hardware wallets here.

It is foolish if not reckless to use firmware which isn't 100% open source.

It is reckless if not just plain crazy to use firmware that has key extraction capability.

It is flat-out stoooooooooooopid to trust closed source firmware that contains key extraction capability written by a company that lies to you.

It is dumber than dumb.

I want to keep btc in nano ledger s plus because I kept it there for a while and feel having it there is safe.  Then when the recover news came out, I heard about it and many people didn't update firmware and decided to wait to see what happens.  So for me, I have not done any transactions since around that time.  At the time, I remember using firmware 1.1.0.  When the firmware with recover came out, it is 1.1.1.  So normally even if you don't update new firmware for a short while, it isn't a big issue at all.  The thing is when another firmware update came at 1.1.2, my concern was if I continue to not update the firmware, my nano ledger s plus might have an issue where you might not be able to update the firmware anymore if it's too old.  However, you say that probably wouldn't be a concern for now right?  Like if your firmware is say 2 years old or say 3 firmware
versions behind, that is still okay?  Now if your firmware is like 5 years old and like 10 firmware version behind, well obviously that isn't good.


Is this fine then if I don't want to move my coins to another wallet?  Do not update firmware.  If I want to send/receive crypto, then do it but if ledger live doesn't allow me to, then don't do a transaction at all?  What about using electrum with it?  I am just delaying the firmware update for as long as I can.


You believe the chance of a disaster happening is like how much percent then?  Do you believe if something happens, it would be due to something that ledger does or by hackers?  I read that even if something was to happen, don't you still need to sign the transaction?  For some reason, I think a really high percentage of ledger users that still use ledger

Prove the firmware on your device has no key extraction code.

You can't.

And the fact that you think it doesn't since it's from before Ledger Recover was announced shows that you don't have enough understanding of the situation to make an informed decision.

It is very likely Ledger already had some of the code required for Recover in their firmware long before Recover was announced.  They had to have been working on it for at least a year.  Probably much longer.  And they lied to their users and their customers so many times about so many things, yet you trust them?  That's crazy.



Think about how stupid what you just said is.

Ledger announced key extraction firmware, which they put on users devices without the user's consent, and many people decided to wait and see what happens.  They're going to wait until something goes wrong, at which point it will be too late.

That is shockingly stupid.

Shockingly.



Prove the firmware on your device has no key extraction code.

You can't.

And the fact that you think it doesn't since it's from before Ledger Recover was announced shows that you don't have enough understanding of the situation to make an informed decision.

It is very likely Ledger already had some of the code required for Recover in their firmware long before Recover was announced.  They had to have been working on it for at least a year.  Probably much longer.  And they lied to their users and their customers so many times about so many things, yet you trust them?  That's crazy.

Is there an echo in here?


If you're treating firmware to secure your Bitcoin the way you treat firmware to update your phone, you really shouldn't be doing self custody.



WRONG.

Prove the firmware on your device has no key extraction code.

You can't.

And the fact that you think it doesn't since it's from before Ledger Recover was announced shows that you don't have enough understanding of the situation to make an informed decision.

It is very likely Ledger already had some of the code required for Recover in their firmware long before Recover was announced.  They had to have been working on it for at least a year.  Probably much longer.  And they lied to their users and their customers so many times about so many things, yet you trust them?  That's crazy.

Is there an echo in here?



Are you honestly asking that?

If the chance isn't zero, you are screwing up.  The entire point of buying a hardware wallet is to secure your Bitcoin with a device that is never connected to the internet.  YOUR device may have key extraction code with the capability to send your keys out of your device, over the internet, to Ledger and other companies.  And you're trying to talk yourself into updating the firmware to a version that absolutely does have key extr...

...oh, good grief.

You should not be doing self custody.  Self custody is beyond your understanding and it is beyond your ability to do safely.



Does it matter?  Stolen coins are stolen.



You should not be doing self custody.  Self custody is beyond your understanding and it is beyond your ability to do safely.

In theory, you're supposed to have to click buttons on the device to confirm a transaction.  Please, dear god, please tell me you understand that Ledger's firmware isn't open, so you can't prove the device can't send out your coins or keys without confirmation by you.

The firmware isn't open.  If it gets hacked someday, the hackers aren't going to be, like "Hello Jerry!  How are you today?  We'd like you to allow us to steal your coins.  Please press a button on your Ledger to give us your Bitcoin."

You understand, that's not how it would happen, right?

Wow.



If that's what you want to do, then do it, and accept the consequences of your decision if anything goes wrong.  You're an adult.

You should not be doing self custody.  Self custody is beyond your understanding and it is beyond your ability to do safely.

I have been doing self custody for a while already.  When I moved the coins to ledger, I felt much more comfortable than having it in a hot wallet.


The thing is I want to keep my coins in ledger.  I don't want to move it to another hardware wallet.  I'm concerned if I get say a Trezor, I will mess up somewhere along the way.  If I do get a trezor, I obviously would test sending a small amount from ledger and reset the trezor few times and make sure it's correct before I send coins from ledger.  The thing is I just don't want to move from ledger.


So you think there is extraction firmware even on the nano ledger s then?  Yes you are correct we don't know because it's closed source.  I recall you said you it took you several months to think about what to do and in the end, you went with another hardware wallet.  You said you felt like if something was going to happen, it wasn't going to happen soon.  So during that entire time when you were learning and researching on what to do, were you nervous a bit or not really since your coins was in the ledger?  I forgot to ask you but you have a nano ledger s plus or x or another ledger device?


Okay so if I have no plans to move my coins from ledger, at least don't update the firmware from 1.1.0 to 1.1.2 correct?  There is no benefit to it from your perspective right?  However, if you don't keep your firmware updated, there is security issues and things you have to worry about though right?  So it's like if you do firmware update, now you exposing yourself more.  But if you don't, well you might have security issues if using old firmware?  But you say the 1st option of what you suggest of not updating firmware is still better since you won't have recover option on it right?


Did you give an amount of time before you said you had to make a decision?  I remember you said it took you months.  So would you say it's fine just don't update firmware... but what if I have to do a transaction then and ledger live doesn't allow me to do a transaction then?  Either don't do the transaction or use electrum with it then? 


As of now, I do open ledger live from time to time.  I already updated that not long ago but you say don't use that either?

Then do it.  You're not a child.  You don't need our permission.  You're making a poor decision, but it's your decision to make.

Be an adult.

Make a decision and if anything bad happens due to your decision, you accept the consequences for your decision.

Be an adult.


Yes.  How many times do you need to be told the same answer?



Then why are you asking?

If you can't prove it's safe, you shouldn't be trusting it.  Period.



Yes, because I spent my time researching better alternatives.  You're spending yours looking for permission to do nothing.  You're an adult.  Make an adult decision.




Yes.



Oh, wow.

If you don't even understand that your coins are NOT in your hardware wallet, you should not be doing self custody.

You don't know what you're doing.

Your coins are not in your Ledger.  Your coins are on the blockchain.  Your hardware wallet protects your keys and signs your transactions.

Wow.

Oh, dude.  You should not be doing self custody.  You don't even know the basics.


Going back to your question:


The moment I learned that Ledger was working on key extraction firmware, and that they'd lied about it, I stopped using my Ledger devices and I stopped using Ledger Live.

I didn't touch anything made by Ledger because I couldn't trust any of it, and I didn't want to risk my coins.



It doesn't matter.  Even if Ledger says Recover isn't compatible with a specific device, there's no way to prove the device doesn't include any of the Recover code in its firmware since the firmware isn't open source.

Let's say you like eating at a restaurant & one day you find out somebody died there due to eating poisoned chicken.  I'd stop going there.  I'm guessing you'd be, like "I don't order the chicken.  Is it still ok to go there?  Is it still ok?  I feel comfortable there.  Is it ok?  I don't like change.  I want to go there.  So if I'm going to go there is it ok is it ok is it is it is it?

Dude.



NO.

Oh my god.

Is it safe to update the firmware?  NO.

Is it safe to stick with the current firmware?  ALSO NO.

You can't prove it's safe.

Wow.



You're doing something foolish.  There is no better option.


Yes, because a deadline keeps me focussed on reaching a goal.  My goal was to find better security.  I  broke it down into chunks of things I wanted to learn: Singlesig vs multisig.  Native Segwit vs Taproot.  BIP85 vs a nondeterministic backup.  Etc.  I'm not recommending any of that for you, because you don't even understand the basics of self custody yet.



Yes.  Only because I wasn't just looking for a better hardware wallet.  I was looking for an entirely different and significantly more advanced setup.



Wow.

How many times do we need to say this?

Is it safe to update the firmware?  NO.

Is it safe to stick with the current firmware?  ALSO NO.

You can't prove it's safe.  For the short term, you're probably fine, though you can't prove it.  For the long term, why would you stick with a company that lies to you and uses closed source firmware that contains key extraction APIs?!?!?

Wow.



You shouldn't be doing self custody.  You are clearly in over your head.  You don't even understand the basics.




Ledger Live is loaded with trackers, and you added more of them to your computer by updating it.  That thing is awful.  If you get hacked, do not be surprised if Ledger Live ends up being how hackers find you.  That thing is an info honeypot.

Ledger Live cannot be trusted.

Trezor also use Closed source Element Chip in the Safe 3 and Safe 5

I'm not familiar with the chips Trezor uses, but the code Trezor uses is fully open source.  Their code is published online.

Ledger tries to lie fool noobs and poorly informed users by publishing portions of their code online and by saying certain things are open source while not mentioning the parts that aren't.  Ledger even sometimes badmouths open source in order to fool dummies into thinking closed source code is safer, which is isn't.  The use of closed source code means users have to trust Ledger even though Ledger often lies.

Ledger is a terrible company with great marketing.  Suckers fall for great marketing every time.

The only safe use for a Ledger hardware wallet is as a decoy wallet.  There is no safe use for Ledger software.

The chip is close-source. Trezor stated this themselves. On the question if the secure element is open sourced, Trezor replied:

https://x.com/Trezor/status/1712469783281848515

It's probably a slightly better choice or little less "evil" than what their competitors are using in their hardware wallets. But their partnership differs in that they have not signed any NDAs, preventing them to disclose and discuss vulnerabilities, and Trezor is using open-source code with these secure elements. But the chips themselves aren't open-source. And when Trezor releases their own version of SE chips with Tropic Square, those won't be fully open-source either. They have already said that they will be "as open-source as possible", meaning more than what is already available on the market.