Bitcoin Forum
October 17, 2018, 02:00:16 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Warning for Ledger Nano S users / buyers  (Read 178 times)
Bervelukan
Newbie
*
Offline Offline

Activity: 143
Merit: 0


View Profile
July 04, 2018, 12:42:36 AM
 #21

Thank you for your suggestions and notices, if we put bitcoin in the wallet, we must provide a security code to protect our coins.
1539741616
Hero Member
*
Offline Offline

Posts: 1539741616

View Profile Personal Message (Offline)

Ignore
1539741616
Reply with quote  #2

1539741616
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539741616
Hero Member
*
Offline Offline

Posts: 1539741616

View Profile Personal Message (Offline)

Ignore
1539741616
Reply with quote  #2

1539741616
Report to moderator
1539741616
Hero Member
*
Offline Offline

Posts: 1539741616

View Profile Personal Message (Offline)

Ignore
1539741616
Reply with quote  #2

1539741616
Report to moderator
RGBKey
Hero Member
*****
Offline Offline

Activity: 840
Merit: 628


rgbkey.github.io/pgp.txt


View Profile WWW
July 04, 2018, 12:46:26 AM
 #22

The first article you link to contains a niche security vulnerability which has already been patched. The second article you link to requires someone having access to files on your machine, and if they can do that then you're already in a world of hurt. Additionally, a new Ledger desktop app is scheduled to be released this month, so that second article will no longer be relevant.

everythingforsale
Full Member
***
Offline Offline

Activity: 207
Merit: 100



View Profile
July 04, 2018, 11:25:34 AM
 #23

Thanks for sharing,  I am just about to buy myself some of those Ledgers, because I've heard that this is the most secure way to store your cryptocurrency, now I would be extremely careful and aware.
notaek
Legendary
*
Offline Offline

Activity: 1258
Merit: 1008


View Profile WWW
July 04, 2018, 10:18:26 PM
 #24

There are three main scenarios where a hardware wallet can get compromised:

  • Blatant stealing of coins by untrustworthy resellers: This happens when someone buys a hardware wallet at a "cheaper price" from 3rd party resellers who aren't endorsed by the companies and falls victim without knowing that they are using the per-generated wallet with shared private keys. The cheaper price is the catch here.


  • Locating and replacing the receiving address from the Ledger wallet JavaScript file: It requires an attacker to replace the receiving addresses of victim to his own static address where the victim will send coins to the attacker. This compromise is quite complex and requires quite a bit of social engineering.

  • Fooling the MCU of victim's device: In this case a 3rd party seller can inject his own seed into the device in such a way that whenever a victim plugs in for the first time, it generates their injected seed instead of a random one. This was quite a concerning vulnerability but the Ledger Team has patched it in the next firmware update since its release.


Its fairly obvious by now that every buyer should do their due diligence before purchasing a hardware wallet and storing their fortunes into it.

LeGaulois
Copper Member
Hero Member
*****
Offline Offline

Activity: 854
Merit: 873

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
July 05, 2018, 09:16:08 AM
 #25

@RGBKey
Excuse me but where did you see the desktop application would be ready this month? By the way, people should be careful while using it the first weeks, who knows if it will have some bugs here and there. I personally will let others test it, once I am sure the app is free from bugs I will start to use it Grin

Thanks for sharing,  I am just about to buy myself some of those Ledgers, because I've heard that this is the most secure way to store your cryptocurrency, now I would be extremely careful and aware.

If you had read the comments you wouldn't have this kind of post. See the post #23 above

bob123
Hero Member
*****
Offline Offline

Activity: 714
Merit: 580



View Profile WWW
July 05, 2018, 07:36:51 PM
 #26

Excuse me but where did you see the desktop application would be ready this month?

Ledger released an article in february, stating the release would be july:

Quote
Update June 5th: the release date of the new version of the Ledger Wallet desktop edition is scheduled to July 9th
Source: https://www.ledger.fr/2018/02/23/announcing-new-ledger-wallet-desktop-mobile-applications/


But who knows whether their software will be completely done by then.. I wouldn't be suprised by a delay of 1 or 2 months.

RGBKey
Hero Member
*****
Offline Offline

Activity: 840
Merit: 628


rgbkey.github.io/pgp.txt


View Profile WWW
July 07, 2018, 12:04:33 AM
 #27

@RGBKey
Excuse me but where did you see the desktop application would be ready this month? By the way, people should be careful while using it the first weeks, who knows if it will have some bugs here and there. I personally will let others test it, once I am sure the app is free from bugs I will start to use it Grin

Thanks for sharing,  I am just about to buy myself some of those Ledgers, because I've heard that this is the most secure way to store your cryptocurrency, now I would be extremely careful and aware.

If you had read the comments you wouldn't have this kind of post. See the post #23 above

Poster above me already linked the release date announcement, but you shouldn't have to worry about bugs as long as you're actually checking the information displayed on the device, like you should every time you're using it. If you sign a transaction with the wrong address/amount/fee, that's on you. A bug outside of that would be a much bigger deal and would likely ruin the ledger line of products.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!