Bitcoin Forum
November 12, 2019, 06:11:03 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Warning for Ledger Nano S users / buyers  (Read 213 times)
litecoinricky
Jr. Member
*
Offline Offline

Activity: 170
Merit: 3

I need a break!


View Profile
May 07, 2018, 11:43:18 PM
 #1

Hi Guys

I have been looking for a secure way to store the small amount of BTC I have, but also have quick access to it.  So after asking members on here a few days ago I decided I would go for an hardware wallet.

Tonight I decided I would go for the Ledger Nano S.

I went to buy one off the official site but didn't have a BitPay account, so decided to look elsewhere, thats when I came across the info that this device is vulnerable to supply chain hacks, so if you have one and didn't get it from the official site you need to check your device.

News article about it here: https://techcrunch.com/2018/03/21/a-15-year-old-hacked-the-secure-ledger-crypto-wallet/

Heres info about the hack here https://medium.com/@thepariscormier/how-to-hack-a-ledger-hardware-wallet-c38a4ac49d59

I think if bought directly from ledger they should be safe, but if bought from anywhere else be extra careful, make sure its fully updated and confirm its safety with ledger if possible.

I hope this saves someone from losing out,
Rick

I'll take any freebies on offer Smiley
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573582263
Hero Member
*
Offline Offline

Posts: 1573582263

View Profile Personal Message (Offline)

Ignore
1573582263
Reply with quote  #2

1573582263
Report to moderator
1573582263
Hero Member
*
Offline Offline

Posts: 1573582263

View Profile Personal Message (Offline)

Ignore
1573582263
Reply with quote  #2

1573582263
Report to moderator
litecoinricky
Jr. Member
*
Offline Offline

Activity: 170
Merit: 3

I need a break!


View Profile
May 07, 2018, 11:58:00 PM
 #2

There are lot more articles about this, heres one about a man who had all his BTC stolen after buying a ledger on ebay Sad https://news.bitcoin.com/mans-life-savings-stolen-from-hardware-wallet-supplied-by-a-reseller/

Be careful!

I'll take any freebies on offer Smiley
JesusCryptos
Full Member
***
Offline Offline

Activity: 672
Merit: 115



View Profile
May 08, 2018, 12:28:38 AM
 #3


This is actually scaring.

heres one about a man who had all his BTC stolen after buying a ledger on ebay Sad https://news.bitcoin.com/mans-life-savings-stolen-from-hardware-wallet-supplied-by-a-reseller/


As for the man who bought the Ledger from Ebay, that should be a lesson for everyone. You have to chose carefully a reseller that you can really trust.

⚪ Byteball          I T   J U S T   W O R K S .   
Sending Crypto to Email   -   Risk-Free Conditional Smart Payments   -   ICO Platform with KYC
ANN THREAD                  TELEGRAM                     TWITTER                  MEDIUM                  SLACK                  REDDIT
sunsilk
Hero Member
*****
Offline Offline

Activity: 1274
Merit: 513

Bustadice.com


View Profile
May 08, 2018, 12:36:41 AM
 #4

I understand the part on this article that the ledger CEO said there's no perfect system and everyone of it has flaws.

I'm not a security specialist or good with this thing but just for your sake and safety try to avoid buying a second hand nano ledger s.

And the only suggestion that I can made so that we won't have the same fate with the guy who lost his lifesaving is buying through directly to the manufacturers site.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
litecoinricky
Jr. Member
*
Offline Offline

Activity: 170
Merit: 3

I need a break!


View Profile
May 08, 2018, 12:40:49 AM
 #5

I think its really scary, I don't know enough about how the device is hacked, but this should definitely be a warning to anyone buying any hardware wallet from any non official seller, DON'T RISK IT

I'll take any freebies on offer Smiley
Thadeous
Copper Member
Member
**
Offline Offline

Activity: 574
Merit: 17


View Profile
May 08, 2018, 12:41:32 AM
 #6

There are lot more articles about this, heres one about a man who had all his BTC stolen after buying a ledger on ebay Sad https://news.bitcoin.com/mans-life-savings-stolen-from-hardware-wallet-supplied-by-a-reseller/

Be careful!


Purchasing cold wallet on Ebay is the same as to buy 25yo whisky from the tap on the open market. Grin
When dealing with wallets always make sure you use only authentic sites, software and hardware!
Seetheummerallyeah
Member
**
Offline Offline

Activity: 280
Merit: 39


View Profile
May 08, 2018, 12:43:07 AM
 #7

Buying the ledger from 3rd parties is fine... you just have to make sure you create a NEW seed upon receiving it. The ebay guy used a seed given to him meaning his private keys were already shared with someone else
litecoinricky
Jr. Member
*
Offline Offline

Activity: 170
Merit: 3

I need a break!


View Profile
May 08, 2018, 12:47:03 AM
 #8

Buying the ledger from 3rd parties is fine... you just have to make sure you create a NEW seed upon receiving it. The ebay guy used a seed given to him meaning his private keys were already shared with someone else

No thats not the issue, the problem is that one of the chips in the Nano Ledger S is not secure, and can be modified by third parties.

I'll take any freebies on offer Smiley
MinerHQ
Legendary
*
Offline Offline

Activity: 1316
Merit: 1018


View Profile
May 08, 2018, 01:24:24 AM
Merited by bwonwen2015 (3)
 #9

Buying the ledger from 3rd parties is fine... you just have to make sure you create a NEW seed upon receiving it. The ebay guy used a seed given to him meaning his private keys were already shared with someone else

No thats not the issue, the problem is that one of the chips in the Nano Ledger S is not secure, and can be modified by third parties.

If you're not confident to use hardware wallet then the best way to save all your long-term coin is a paper wallet and keep your private keys safely so that you can use them when you want in future. But for the regular usage, some of the desktop wallets like Electrum will do the best job.

Long back I planned to buy hardware wallet and after considering all the risks involved I dropped my idea of using hardware wallet and stick to my desktop wallet, paper wallet and for immediate access, I also use online wallets like XAPO and blockchain.
bitart
Hero Member
*****
Offline Offline

Activity: 1358
Merit: 623


Vires in Numeris


View Profile
May 08, 2018, 08:55:24 PM
 #10

Buying the ledger from 3rd parties is fine... you just have to make sure you create a NEW seed upon receiving it. The ebay guy used a seed given to him meaning his private keys were already shared with someone else

No thats not the issue, the problem is that one of the chips in the Nano Ledger S is not secure, and can be modified by third parties.

If you're not confident to use hardware wallet then the best way to save all your long-term coin is a paper wallet and keep your private keys safely so that you can use them when you want in future. But for the regular usage, some of the desktop wallets like Electrum will do the best job.

Long back I planned to buy hardware wallet and after considering all the risks involved I dropped my idea of using hardware wallet and stick to my desktop wallet, paper wallet and for immediate access, I also use online wallets like XAPO and blockchain.
Hardware wallets are not as bad, as long as you have a backup of your private key (or preferably the seed). It's the easiest solution for people who are not tech savvy and don't want to play around with airgapped PC to store the desktop wallet, or to spend from the paper wallet when the time comes...
Hardware wallets are easy to use, but as everything else in life, it needs a basic understanding about the usage of it. I won't advice to someone (who is not confident enough to use a hardware wallet) to use a paper wallet because it makes the whole situation even riskier, e.g. the user keys in the private key on an infected PC online, not on a fresh OS installation on an airgapped PC...
I would suggest to use mobile wallets (Android or IOS, but without root or jailbrake) and hardware wallets for the beginners, if they want to secure their precious coins...
lillyann
Member
**
Offline Offline

Activity: 308
Merit: 11


View Profile
May 08, 2018, 09:05:34 PM
 #11

Ledger Nano S has long been known to have software vulnerabilities. I also touched on this topic. I wonder how the producer wants to sell a wallet that does not give much security ...
Ashleybarnes2
Newbie
*
Offline Offline

Activity: 65
Merit: 0


View Profile
May 08, 2018, 09:07:55 PM
 #12

Hi Guys

I have been looking for a secure way to store the small amount of BTC I have, but also have quick access to it.  So after asking members on here a few days ago I decided I would go for an hardware wallet.

Tonight I decided I would go for the Ledger Nano S.

I went to buy one off the official site but didn't have a BitPay account, so decided to look elsewhere, thats when I came across the info that this device is vulnerable to supply chain hacks, so if you have one and didn't get it from the official site you need to check your device.

News article about it here: https://techcrunch.com/2018/03/21/a-15-year-old-hacked-the-secure-ledger-crypto-wallet/

Heres info about the hack here https://medium.com/@thepariscormier/how-to-hack-a-ledger-hardware-wallet-c38a4ac49d59

I think if bought directly from ledger they should be safe, but if bought from anywhere else be extra careful, make sure its fully updated and confirm its safety with ledger if possible.

I hope this saves someone from losing out,
Rick


One of the first bits of advice I was given when new to the space was to buy my wallet off the official website. I ended up waiting months for it to arrive. while waiting I come across numerous stories on telegram of people who had purchases nano s's off amazon only to be hacked a few weeks later. One thing I admit is that im extremely diligent when it comes to cyber security now!!
Radio-Active
Member
**
Offline Offline

Activity: 492
Merit: 10

Crypto Mining in Netherlands - SECURIX


View Profile
May 09, 2018, 02:15:11 AM
 #13

Hi Guys

I have been looking for a secure way to store the small amount of BTC I have, but also have quick access to it.  So after asking members on here a few days ago I decided I would go for an hardware wallet.

Tonight I decided I would go for the Ledger Nano S.

I went to buy one off the official site but didn't have a BitPay account, so decided to look elsewhere, thats when I came across the info that this device is vulnerable to supply chain hacks, so if you have one and didn't get it from the official site you need to check your device.

News article about it here: https://techcrunch.com/2018/03/21/a-15-year-old-hacked-the-secure-ledger-crypto-wallet/

Heres info about the hack here https://medium.com/@thepariscormier/how-to-hack-a-ledger-hardware-wallet-c38a4ac49d59

I think if bought directly from ledger they should be safe, but if bought from anywhere else be extra careful, make sure its fully updated and confirm its safety with ledger if possible.

I hope this saves someone from losing out,
Rick


It seems they replace the generating seed on the wallet with their own generating seed by injecting it!
it is recommended to buy them for the official seller, not a shady seller or reseller.

litecoinricky
Jr. Member
*
Offline Offline

Activity: 170
Merit: 3

I need a break!


View Profile
May 09, 2018, 04:54:03 PM
 #14

Ledger Nano S has long been known to have software vulnerabilities. I also touched on this topic. I wonder how the producer wants to sell a wallet that does not give much security ...

I had read many reviews rating this device as brilliant, and seen many claims thats its 100% secure, thats why I felt the need to start this thread as soon as I realised its not 100% safe.

I think the producer is claiming the latest firmware fixes things, but the hackers claim not, so who knows ? Not me Sad



I'll take any freebies on offer Smiley
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1820
Merit: 2079

Use SegWit and enjoy lower fees.


View Profile WWW
May 09, 2018, 05:06:43 PM
 #15

Actually, this problem has been around for a while. But for the victim, they still can earn their cryptocurrency back and Ledger is ready to help the victim (https://www.reddit.com/r/ledgerwallet/comments/7obot7/all_my_cryptocurrency_stolen/).
The only way to avoid this problem is only by buy from official seller and update the firmware after received the hardware wallet.

Shamie1002
Full Member
***
Offline Offline

Activity: 406
Merit: 102


View Profile
May 09, 2018, 05:18:49 PM
 #16

I was thinking the same thing.
I really do not trust buying such hardware wallets that are not produced by the official site are fake or not as safe as the one from the site itself.

I was planning to buy one but when I checked the site they were out of stock and just forgot about the whole thing of buying one.
I was very y bothered when I was checking other sites for cheaper and nearer one and grateful that I haven't bought.
I thought that if I will be buying a cheaper one and would risk a greater part of my earned money to that, it is a definite stupidity
GoldenLad
Member
**
Offline Offline

Activity: 252
Merit: 12


View Profile
May 11, 2018, 12:38:05 PM
 #17

 I would always go for hardware wallet. I know most people might have seen it as not being the best, but the truth is , every bitcoin storing method has its own disadvantages and also their advantages. Paper wallet is good, but there is a tendency of easily getting destroyed. Hardware wallet is good also but the idea of been tampered by a third party gave it away negatively.  What I suggest you should do is to reset it upon arrival before you use it.
litecoinricky
Jr. Member
*
Offline Offline

Activity: 170
Merit: 3

I need a break!


View Profile
May 11, 2018, 12:57:35 PM
 #18

I would always go for hardware wallet. I know most people might have seen it as not being the best, but the truth is , every bitcoin storing method has its own disadvantages and also their advantages. Paper wallet is good, but there is a tendency of easily getting destroyed. Hardware wallet is good also but the idea of been tampered by a third party gave it away negatively.  What I suggest you should do is to reset it upon arrival before you use it.

I only started this thread to warn others from making a mistake if it saves just 1 person from losing there funds then im happy Smiley

I think you advice is good, also ive seen ledger have updated the firmware again, and said to always check the address on the ledger screen, and all should be fine.

Even though I started this thread as a warning about this device, I still think that its a good piece of kit, just make sure you only buy from ledger, and update the firmware every time a new one is released, and always check the tx address on the ledger screen itself, and all should be safe.

I'll take any freebies on offer Smiley
PrudnikovLS
Newbie
*
Offline Offline

Activity: 114
Merit: 0


View Profile
July 03, 2018, 11:04:56 PM
 #19

That's why people should buy these devices on the official website and check them before starting active use. I heard a lot of stories on the Internet and this feeling is formed, as if people do not learn from other people's mistakes.
faithupgrade
Sr. Member
****
Offline Offline

Activity: 416
Merit: 250


TOGACOIN is LIVE


View Profile
July 03, 2018, 11:56:01 PM
 #20

This is big lesson, never buy a hardware wallet from affiliate sites. You must buy it from the original manufacturer. Otherwise you will invest from a wallet where sellers knows already the privatekeys.


▄▄▄████████▄▄▄
▄████████████████▄
▄████  ▀▀▀▀▀▀▀▀  ████▄
██████▄▄███▌▐███▄▄██████
▐███  ▀▀▀▀██▌▐██▀▀▀▀  ███▌
████▄▄███ ██▌▐██ ███▄▄████
█████████ ██▌▐██ █████████
█████████ ██▌▐██ █████████
▐████████ ██▌▐██ ████████▌
████████ █▌  ▐█ ████████
▀█████▌ ▐████  ▐█████▀
▀████████████████▀
▀▀▀████████▀▀▀
TOGACOIN

   ▄▄
  ████
   ▀▀ ▀█▄
        ▀█▄ ▄▄
          ▀████
           ▐█▀
           █ █
          ▐▌ ▐▌
        ▄▄█   █
      ▄████▄  ▐▌
 ▄▄ ▄█▀ ▀▀ ▀█▄ █▄
████▀        ▀████
 ▀▀            ▀▀

 
 
 
     ▄▄
    ████
     █▀█▄
    █ █ ▀█▄
   ▐▌ ▐▌  ▀█▄
 ▄▄█   █    ▀█▄▄▄
████▄  ▐▌    ▄████
 ▀▀░▀█▄ █▄ ▄█▀░▀▀
      ▀████▀
        ▀▀

     ▄▄▄████████▄▄▄
   ▄██▀▀▄█▀  ▀█▄▀▀██▄
 ▄██▀ ▄█▀      ▀█▄ ▀██▄
████████████████████████
    ▀              ▀
 █▌   ▐█ █▌   ▐█ █▌   ▐█
 ▐█ █ █▌ ▐█ █ █▌ ▐█ █ █▌
  █▀ ▀█   █▀ ▀█   █▀ ▀█
    ▄              ▄
████████████████████████
 ▀██▄ ▀█▄      ▄█▀ ▄██▀
   ▀██▄▄▀█▄  ▄█▀▄▄██▀
     ▀▀▀████████▀▀▀

 
     ▄▄▄▄▄
   ▄██████
  ████████
  ████▀
▄▄████▄▄▄
█████████
▀▀████▀▀
  ████
  ████
  ████
  ████
  ████

 
                       ▄▄▄
                   ▄▄█████
               ▄▄████████▌
           ▄▄████████████
      ▄▄█████████████████
  ▄▄███████████▀░▄██████▌
███████████▀▀░░▄████████
  ▀▀▀▀▀██▌░░░░█████████▌
        █▌░▒▄██████████
        ▐▌▒▒▒█▀███████▌
         █▒█▀   ▀█████
         ▐▀      ▀███▌
                   ▀▀

 
 
                ▄█████▄▄
  ██▄          ████████████▀
  ████▄▄       ███████████▄
   ▀██████▄▄▄▄▄███████████
  ██▄████████████████████▌
   ▀████████████████████▌
    ▀███████████████████
   ▀███████████████████
      ▀▀██████████████
      ▄█████████████▀
   ▀████████████▀▀
.
  ▬ Presale
Available
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!