Bitcoin Forum
September 26, 2018, 03:45:47 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Warning for Ledger Nano S users / buyers  (Read 178 times)
litecoinricky
Jr. Member
*
Offline Offline

Activity: 163
Merit: 3

Just a Dad, trying to provide.


View Profile
May 07, 2018, 11:43:18 PM
 #1

Hi Guys

I have been looking for a secure way to store the small amount of BTC I have, but also have quick access to it.  So after asking members on here a few days ago I decided I would go for an hardware wallet.

Tonight I decided I would go for the Ledger Nano S.

I went to buy one off the official site but didn't have a BitPay account, so decided to look elsewhere, thats when I came across the info that this device is vulnerable to supply chain hacks, so if you have one and didn't get it from the official site you need to check your device.

News article about it here: https://techcrunch.com/2018/03/21/a-15-year-old-hacked-the-secure-ledger-crypto-wallet/

Heres info about the hack here https://medium.com/@thepariscormier/how-to-hack-a-ledger-hardware-wallet-c38a4ac49d59

I think if bought directly from ledger they should be safe, but if bought from anywhere else be extra careful, make sure its fully updated and confirm its safety with ledger if possible.

I hope this saves someone from losing out,
Rick
1537976747
Hero Member
*
Offline Offline

Posts: 1537976747

View Profile Personal Message (Offline)

Ignore
1537976747
Reply with quote  #2

1537976747
Report to moderator
1537976747
Hero Member
*
Offline Offline

Posts: 1537976747

View Profile Personal Message (Offline)

Ignore
1537976747
Reply with quote  #2

1537976747
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537976747
Hero Member
*
Offline Offline

Posts: 1537976747

View Profile Personal Message (Offline)

Ignore
1537976747
Reply with quote  #2

1537976747
Report to moderator
litecoinricky
Jr. Member
*
Offline Offline

Activity: 163
Merit: 3

Just a Dad, trying to provide.


View Profile
May 07, 2018, 11:58:00 PM
 #2

There are lot more articles about this, heres one about a man who had all his BTC stolen after buying a ledger on ebay Sad https://news.bitcoin.com/mans-life-savings-stolen-from-hardware-wallet-supplied-by-a-reseller/

Be careful!
JesusCryptos
Full Member
***
Offline Offline

Activity: 448
Merit: 109



View Profile
May 08, 2018, 12:28:38 AM
 #3


This is actually scaring.

heres one about a man who had all his BTC stolen after buying a ledger on ebay Sad https://news.bitcoin.com/mans-life-savings-stolen-from-hardware-wallet-supplied-by-a-reseller/


As for the man who bought the Ledger from Ebay, that should be a lesson for everyone. You have to chose carefully a reseller that you can really trust.

   SEMUX   -   An innovative high-performance blockchain platform  
▬▬▬▬▬      Powered by Semux BFT consensus algorithm      ▬▬▬▬▬
Github    -    Discord    -    Twitter    -    Telegram    -    Get Free Airdrop Now!
sunsilk
Hero Member
*****
Offline Offline

Activity: 882
Merit: 501


View Profile
May 08, 2018, 12:36:41 AM
 #4

I understand the part on this article that the ledger CEO said there's no perfect system and everyone of it has flaws.

I'm not a security specialist or good with this thing but just for your sake and safety try to avoid buying a second hand nano ledger s.

And the only suggestion that I can made so that we won't have the same fate with the guy who lost his lifesaving is buying through directly to the manufacturers site.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
litecoinricky
Jr. Member
*
Offline Offline

Activity: 163
Merit: 3

Just a Dad, trying to provide.


View Profile
May 08, 2018, 12:40:49 AM
 #5

I think its really scary, I don't know enough about how the device is hacked, but this should definitely be a warning to anyone buying any hardware wallet from any non official seller, DON'T RISK IT
Thadeous
Copper Member
Member
**
Offline Offline

Activity: 308
Merit: 17

The Future of Digital Collectibles


View Profile
May 08, 2018, 12:41:32 AM
 #6

There are lot more articles about this, heres one about a man who had all his BTC stolen after buying a ledger on ebay Sad https://news.bitcoin.com/mans-life-savings-stolen-from-hardware-wallet-supplied-by-a-reseller/

Be careful!


Purchasing cold wallet on Ebay is the same as to buy 25yo whisky from the tap on the open market. Grin
When dealing with wallets always make sure you use only authentic sites, software and hardware!

─────────────EPIKTOKEN ║ The Future of Digital Collectibles────────────
══════Ann Thread  Telegram  Twitter  Facebook  Medium  Reddit  Whitepaper══════
───────────Collect Unique In-game and In-app Item ║ WALLET ITEMS──────────
Seetheummerallyeah
Member
**
Offline Offline

Activity: 210
Merit: 39


View Profile
May 08, 2018, 12:43:07 AM
 #7

Buying the ledger from 3rd parties is fine... you just have to make sure you create a NEW seed upon receiving it. The ebay guy used a seed given to him meaning his private keys were already shared with someone else
litecoinricky
Jr. Member
*
Offline Offline

Activity: 163
Merit: 3

Just a Dad, trying to provide.


View Profile
May 08, 2018, 12:47:03 AM
 #8

Buying the ledger from 3rd parties is fine... you just have to make sure you create a NEW seed upon receiving it. The ebay guy used a seed given to him meaning his private keys were already shared with someone else

No thats not the issue, the problem is that one of the chips in the Nano Ledger S is not secure, and can be modified by third parties.
MinerHQ
Legendary
*
Offline Offline

Activity: 1190
Merit: 1018


View Profile
May 08, 2018, 01:24:24 AM
Merited by bwonwen2015 (3)
 #9

Buying the ledger from 3rd parties is fine... you just have to make sure you create a NEW seed upon receiving it. The ebay guy used a seed given to him meaning his private keys were already shared with someone else

No thats not the issue, the problem is that one of the chips in the Nano Ledger S is not secure, and can be modified by third parties.

If you're not confident to use hardware wallet then the best way to save all your long-term coin is a paper wallet and keep your private keys safely so that you can use them when you want in future. But for the regular usage, some of the desktop wallets like Electrum will do the best job.

Long back I planned to buy hardware wallet and after considering all the risks involved I dropped my idea of using hardware wallet and stick to my desktop wallet, paper wallet and for immediate access, I also use online wallets like XAPO and blockchain.
bitart
Hero Member
*****
Offline Offline

Activity: 994
Merit: 584


Vires in Numeris


View Profile
May 08, 2018, 08:55:24 PM
 #10

Buying the ledger from 3rd parties is fine... you just have to make sure you create a NEW seed upon receiving it. The ebay guy used a seed given to him meaning his private keys were already shared with someone else

No thats not the issue, the problem is that one of the chips in the Nano Ledger S is not secure, and can be modified by third parties.

If you're not confident to use hardware wallet then the best way to save all your long-term coin is a paper wallet and keep your private keys safely so that you can use them when you want in future. But for the regular usage, some of the desktop wallets like Electrum will do the best job.

Long back I planned to buy hardware wallet and after considering all the risks involved I dropped my idea of using hardware wallet and stick to my desktop wallet, paper wallet and for immediate access, I also use online wallets like XAPO and blockchain.
Hardware wallets are not as bad, as long as you have a backup of your private key (or preferably the seed). It's the easiest solution for people who are not tech savvy and don't want to play around with airgapped PC to store the desktop wallet, or to spend from the paper wallet when the time comes...
Hardware wallets are easy to use, but as everything else in life, it needs a basic understanding about the usage of it. I won't advice to someone (who is not confident enough to use a hardware wallet) to use a paper wallet because it makes the whole situation even riskier, e.g. the user keys in the private key on an infected PC online, not on a fresh OS installation on an airgapped PC...
I would suggest to use mobile wallets (Android or IOS, but without root or jailbrake) and hardware wallets for the beginners, if they want to secure their precious coins...

lillyann
Member
**
Offline Offline

Activity: 294
Merit: 11

dApps Development Automation Platform


View Profile
May 08, 2018, 09:05:34 PM
 #11

Ledger Nano S has long been known to have software vulnerabilities. I also touched on this topic. I wonder how the producer wants to sell a wallet that does not give much security ...

Ashleybarnes2
Newbie
*
Offline Offline

Activity: 65
Merit: 0


View Profile
May 08, 2018, 09:07:55 PM
 #12

Hi Guys

I have been looking for a secure way to store the small amount of BTC I have, but also have quick access to it.  So after asking members on here a few days ago I decided I would go for an hardware wallet.

Tonight I decided I would go for the Ledger Nano S.

I went to buy one off the official site but didn't have a BitPay account, so decided to look elsewhere, thats when I came across the info that this device is vulnerable to supply chain hacks, so if you have one and didn't get it from the official site you need to check your device.

News article about it here: https://techcrunch.com/2018/03/21/a-15-year-old-hacked-the-secure-ledger-crypto-wallet/

Heres info about the hack here https://medium.com/@thepariscormier/how-to-hack-a-ledger-hardware-wallet-c38a4ac49d59

I think if bought directly from ledger they should be safe, but if bought from anywhere else be extra careful, make sure its fully updated and confirm its safety with ledger if possible.

I hope this saves someone from losing out,
Rick


One of the first bits of advice I was given when new to the space was to buy my wallet off the official website. I ended up waiting months for it to arrive. while waiting I come across numerous stories on telegram of people who had purchases nano s's off amazon only to be hacked a few weeks later. One thing I admit is that im extremely diligent when it comes to cyber security now!!
Radio-Active
Member
**
Offline Offline

Activity: 481
Merit: 10

Crypto Mining in Netherlands - SECURIX


View Profile
May 09, 2018, 02:15:11 AM
 #13

Hi Guys

I have been looking for a secure way to store the small amount of BTC I have, but also have quick access to it.  So after asking members on here a few days ago I decided I would go for an hardware wallet.

Tonight I decided I would go for the Ledger Nano S.

I went to buy one off the official site but didn't have a BitPay account, so decided to look elsewhere, thats when I came across the info that this device is vulnerable to supply chain hacks, so if you have one and didn't get it from the official site you need to check your device.

News article about it here: https://techcrunch.com/2018/03/21/a-15-year-old-hacked-the-secure-ledger-crypto-wallet/

Heres info about the hack here https://medium.com/@thepariscormier/how-to-hack-a-ledger-hardware-wallet-c38a4ac49d59

I think if bought directly from ledger they should be safe, but if bought from anywhere else be extra careful, make sure its fully updated and confirm its safety with ledger if possible.

I hope this saves someone from losing out,
Rick


It seems they replace the generating seed on the wallet with their own generating seed by injecting it!
it is recommended to buy them for the official seller, not a shady seller or reseller.

litecoinricky
Jr. Member
*
Offline Offline

Activity: 163
Merit: 3

Just a Dad, trying to provide.


View Profile
May 09, 2018, 04:54:03 PM
 #14

Ledger Nano S has long been known to have software vulnerabilities. I also touched on this topic. I wonder how the producer wants to sell a wallet that does not give much security ...

I had read many reviews rating this device as brilliant, and seen many claims thats its 100% secure, thats why I felt the need to start this thread as soon as I realised its not 100% safe.

I think the producer is claiming the latest firmware fixes things, but the hackers claim not, so who knows ? Not me Sad


ETFbitcoin
Legendary
*
Offline Offline

Activity: 1456
Merit: 1106

Use SegWit and enjoy lower fees


View Profile
May 09, 2018, 05:06:43 PM
 #15

Actually, this problem has been around for a while. But for the victim, they still can earn their cryptocurrency back and Ledger is ready to help the victim (https://www.reddit.com/r/ledgerwallet/comments/7obot7/all_my_cryptocurrency_stolen/).
The only way to avoid this problem is only by buy from official seller and update the firmware after received the hardware wallet.

Use SegWit and enjoy lower fees
Shamie1002
Full Member
***
Offline Offline

Activity: 406
Merit: 102


View Profile
May 09, 2018, 05:18:49 PM
 #16

I was thinking the same thing.
I really do not trust buying such hardware wallets that are not produced by the official site are fake or not as safe as the one from the site itself.

I was planning to buy one but when I checked the site they were out of stock and just forgot about the whole thing of buying one.
I was very y bothered when I was checking other sites for cheaper and nearer one and grateful that I haven't bought.
I thought that if I will be buying a cheaper one and would risk a greater part of my earned money to that, it is a definite stupidity
GoldenLad
Member
**
Offline Offline

Activity: 224
Merit: 12


View Profile
May 11, 2018, 12:38:05 PM
 #17

 I would always go for hardware wallet. I know most people might have seen it as not being the best, but the truth is , every bitcoin storing method has its own disadvantages and also their advantages. Paper wallet is good, but there is a tendency of easily getting destroyed. Hardware wallet is good also but the idea of been tampered by a third party gave it away negatively.  What I suggest you should do is to reset it upon arrival before you use it.
litecoinricky
Jr. Member
*
Offline Offline

Activity: 163
Merit: 3

Just a Dad, trying to provide.


View Profile
May 11, 2018, 12:57:35 PM
 #18

I would always go for hardware wallet. I know most people might have seen it as not being the best, but the truth is , every bitcoin storing method has its own disadvantages and also their advantages. Paper wallet is good, but there is a tendency of easily getting destroyed. Hardware wallet is good also but the idea of been tampered by a third party gave it away negatively.  What I suggest you should do is to reset it upon arrival before you use it.

I only started this thread to warn others from making a mistake if it saves just 1 person from losing there funds then im happy Smiley

I think you advice is good, also ive seen ledger have updated the firmware again, and said to always check the address on the ledger screen, and all should be fine.

Even though I started this thread as a warning about this device, I still think that its a good piece of kit, just make sure you only buy from ledger, and update the firmware every time a new one is released, and always check the tx address on the ledger screen itself, and all should be safe.
abdullaal_651
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
June 27, 2018, 06:30:04 PM
 #19

Our vision provides its wallet file or plugs its hardware wallet (like a laser nano s) and can start using the application. No matter if he is a buyer, a seller or a partner, it is easy and easy to use. So to remove the first thing, it is necessary to install an entire etherium node or full IPFS node. For the existence of such a system, we can use public nodes and use web applications that can run only on client-side. My other willts are doing it. They use locally wallet to relay the sign-in transaction to a public node, which relay it to the network. For IPFS, we can also use a public node.
PrudnikovLS
Newbie
*
Offline Offline

Activity: 114
Merit: 0


View Profile
July 03, 2018, 11:04:56 PM
 #20

That's why people should buy these devices on the official website and check them before starting active use. I heard a lot of stories on the Internet and this feeling is formed, as if people do not learn from other people's mistakes.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!