Ledger HW.1

[Cereberus]

After taking more than 3 hours to find the right drivers as Windows 10 nor Linux Mint latest versions with latest google chromes installed didn't recognize it in the first place. Well after these hours I managed to configure it. The only problem I am worried is:

I did the configuration in my Laptop through Windows 10, I am pretty sure 100% its safe as I haven't download anything except bitcoin core and verified it to be correct.

Is there any risk that when I have written the recovery sheet 24 words maybe stolen? I don't think so but just making an example like they were copied from someone else.

This someone else can he spend my coins through another Ledger HW.1 although he doesn't have the security card which is the best option that this wallet has. Every time I tried a few transactions it asked me 4 digit from the hexadecimal security card to finish the transaction. Just want to be sure if I need to put all of the coins there even in such unlikely scenario that my recovery sheet has been stolen (I am 100% sure it isn't but asking for advice just in case).

Thank you all in advance.

[stevo401]

Someone could definitely steal your list if recovery words if they really wanted, but really you shouldn't be writing them down on a piece of paper with the header 'my bitcoin wallet recovery words'. For example - What if you were to number specific words in your dictionary? Sure, someone who knew what they were looking for could still steal it, but the vast majority of people wouldn't realize what it was even when looking at it. Security isn't just physical - it can also be obtained through obscurity and storing data in an unexpected way.

[NorrisK]

They don't even need a Ledger to steal your coins if they have access to your 24 word seed. They can import it in any software wallet that supports the format and launch the wallet from there.

I don't have a Ledger myself, but the 4 digit security code you are talking about, did you set it yourself during the setup process? If so, that infromation will be lost when you enter the seed into a new wallet, thus allowing spending.

[mocacinno]

They don't even need a Ledger to steal your coins if they have access to your 24 word seed. They can import it in any software wallet that supports the format and launch the wallet from there.

I don't have a Ledger myself, but the 4 digit security code you are talking about, did you set it yourself during the setup process? If so, that infromation will be lost when you enter the seed into a new wallet, thus allowing spending.

I can confirm your suspicions. The 4 digit security code, nor the security card is needed to restore your wallet. The pin number is only needed to open your wallet, and can be choses by yourself, the security card is linked to the hardware wallet itself, but only the 24 words are needed in order to generate the xpriv.

In other words:
-if somebody steals your ledger, but they don't have the pin nor the security card: you're safe.
-If somebody steals your ledger, and your security card, you're prone to brute-forcing.
-if somebody steals your ledger, sees your pin but doesn't steal your security card: you're safe.
-if somebody steals the paper with the 24 words: they have access to all your funds, without having to brute-force anything.

[Cereberus]

They don't even need a Ledger to steal your coins if they have access to your 24 word seed. They can import it in any software wallet that supports the format and launch the wallet from there.

I don't have a Ledger myself, but the 4 digit security code you are talking about, did you set it yourself during the setup process? If so, that infromation will be lost when you enter the seed into a new wallet, thus allowing spending.

I can confirm your suspicions. The 4 digit security code, nor the security card is needed to restore your wallet. The pin number is only needed to open your wallet, and can be choses by yourself, the security card is linked to the hardware wallet itself, but only the 24 words are needed in order to generate the xpriv.

In other words:
-if somebody steals your ledger, but they don't have the pin nor the security card: you're safe.
-If somebody steals your ledger, and your security card, you're prone to brute-forcing.
-if somebody steals your ledger, sees your pin but doesn't steal your security card: you're safe.
-if somebody steals the paper with the 24 words: they have access to all your funds, without having to brute-force anything.

Then I guess I am safe as only my mother were writing down the words who does not have a clue what bitcoin is, nor a bitcoin wallet or a pin code and a security card. I put that recovery sheet in some safe place in my house but also put these words on a document on my Linux PC which is safe 100% and add a strong password to it (bruteforcing it would need 536 years at least). No one knows my security card which is much more than 4 digits, it ask for 4 random characters while I am sending a transaction to validate it so its pretty secure.

I guess I can sleep well now, thank you all.

[mocacinno]

Then I guess I am safe as only my mother were writing down the words who does not have a clue what bitcoin is, nor a bitcoin wallet or a pin code and a security card. I put that recovery sheet in some safe place in my house but also put these words on a document on my Linux PC which is safe 100% and add a strong password to it (bruteforcing it would need 536 years at least). No one knows my security card which is much more than 4 digits, it ask for 4 random characters while I am sending a transaction to validate it so its pretty secure.

I guess I can sleep well now, thank you all.

It all comes down to these two things:
Make sure nobody ever steals the piece of paper where you've written down your 24 seed words AND make sure nobody steals both your HW.1 + the security card (the one with the whole alfabet translated into different letters).

Everything else is replacable, but if they either have the piece of paper or the physical device combined with the security card, your funds could be gone in a couple of minutes (altough, in the second case, they'll need a way to brute force your device, wich is a pain in the ass since it's wiped after a couple of tries, but i wouldn't consider it impossible)  

I would personally advice agains storing the seed words on a digital medium, but it's up to you wether you follow the advice or not...

[Cereberus]

My hardware usb with the chip is in a very secure place. Same with my security card as they are both in the same place in my house and no other person except me has access to this place. I have a safe with a digital code for keeping my precious things and I put the ledger box in there. Even my family don't know the code to my safe. I am keeping it the document with the 24 word in a USB after saving it with a password in a Libre Office Writer document.

Thanks again for the precious advice.

[NorrisK]

I would not tell too many of the specifics about how you are storing your stuff. If there is any flaws in there, they are now out in the open.

In addition, if someone figures out your address, they can simple come by and take your safe now (probably not worth the effort, unless you hold a huge amount of coins or the value skyrockets).

Keep the things that are required together seperated and keep the 24 words safe and you are good to go.

[Cereberus]

I would not tell too many of the specifics about how you are storing your stuff. If there is any flaws in there, they are now out in the open.

In addition, if someone figures out your address, they can simple come by and take your safe now (probably not worth the effort, unless you hold a huge amount of coins or the value skyrockets).

Keep the things that are required together seperated and keep the 24 words safe and you are good to go.

Lol I like your way of thinking but let me tell you it has some flaws in it from which to improve it later .
First they have to find out my real identity, address, house, city, road and everything to try and to come to steal my safe.
Second, I don't see any possible way of someone doing this without me giving them some hints.

I have done everything as suggested by Ledger support and so far no problems, my 3.37 BTC are safe there as of yet. If any hacker had any possibility I think they would be gone by now.