Bitcoin Forum
September 20, 2019, 11:44:02 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Bitcoin Ledger and other hardware related questions.  (Read 644 times)
Stedsm
Legendary
*
Offline Offline

Activity: 1792
Merit: 1128


Piiiii Kaaaaaa Chuuuuuuu


View Profile
July 03, 2019, 10:24:15 AM
 #1

What if someone goes for cheap (2nd hand) hardware rather than buying it from official website just because s/he may be getting it for way cheaper (like 10-20 bucks)?

And even if the website is one of the most trustworthy *sellers, what if they're giving these hardware at discounted rates (not so cheap but hey, who doesn't like saving)? Can these hardware also be one of the used ones? Can they also attach a malware in those hardware?

*By saying Sellers, I didn't mean they cannot sell you vulnerable devices are their entire credibility gets limited to being trusted in terms of selling and after that, consequences may be different than what we expect once we've got some coins in that hardware.

1569023042
Hero Member
*
Offline Offline

Posts: 1569023042

View Profile Personal Message (Offline)

Ignore
1569023042
Reply with quote  #2

1569023042
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1569023042
Hero Member
*
Offline Offline

Posts: 1569023042

View Profile Personal Message (Offline)

Ignore
1569023042
Reply with quote  #2

1569023042
Report to moderator
Royse777
Hero Member
*****
Offline Offline

Activity: 784
Merit: 958


Hire my signature space


View Profile
July 03, 2019, 10:33:00 AM
Merited by The Pharmacist (3)
 #2

What if someone goes for cheap (2nd hand) hardware rather than buying it from official website just because s/he may be getting it for way cheaper (like 10-20 bucks)?

And even if the website is one of the most trustworthy *sellers, what if they're giving these hardware at discounted rates (not so cheap but hey, who doesn't like saving)? Can these hardware also be one of the used ones? Can they also attach a malware in those hardware?

*By saying Sellers, I didn't mean they cannot sell you vulnerable devices are their entire credibility gets limited to being trusted in terms of selling and after that, consequences may be different than what we expect once we've got some coins in that hardware.
I can talk about the Ledger Nano S since I have one. In Nano S if you want to setup a new device then just create a new 24 word seed with passcode then it's all yours. No matter you bought the Ledge 2nd hand or brand new. Now to restore the wallet you just need those 24 word seed and the passcode.

I hope this finds your answer?

Warning: Do not use any seed and passcode given by any seller or anyone else.

.This space is available.
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
AdolfinWolf
Legendary
*
Offline Offline

Activity: 1162
Merit: 1059


people run from rain but sit in bathtubs of water


View Profile
July 03, 2019, 10:35:31 AM
Merited by dbshck (4)
 #3

Yes, you can *presumably* attach some sort of malware to the ledger nano S, or preset a wallet/pin, which is why they usually recommend you to factory reset your ledger if you get it second-hand (and make sure the firmware is updated).

If the hardware has been tampered with, well then you're kind of fucked, unless you know how to safely remove it. (Big balls if you were to continue using that ledger s though.)

Lucius
Legendary
*
Offline Offline

Activity: 1540
Merit: 1330


Fortis Fortuna Adiuvat


View Profile WWW
July 03, 2019, 10:42:49 AM
 #4

The only risk which comes with a second-hand hardware wallets is that you can get wallet with pre-generated seed, and if you are not aware dangers which arise from that, fact that you use wallet with seed which is known to someone else leads to almost guaranteed loss of your funds. That should be resolved only by resetting devices to the factory settings and set-up with new seed.

Modification of hardware is also possible, but this is not easy process and requires specific technical knowledge. I see this option acceptable for hackers only if they have targeted user who is having significant amount of crypto, otherwise such modified device can come into the hands of someone who have only $100 or something like that.

bitmover
Hero Member
*****
Offline Offline

Activity: 602
Merit: 1029



View Profile
July 03, 2019, 11:37:24 AM
Merited by AdolfinWolf (1), o_e_l_e_o (1)
 #5

For 10 bucks it's not worth.
In this case, I consider any hardware that came from second hand user as permanently compromised. I would just discard it .

A hacker could have access to it and made hardware modifications, or even a firmware modification. I am no specialist, I know my limitations, I could be cheated this way. So I prefer and I advice only buying from official retailer.

Even if the seller is trusted or whatever they are not professionals. Someone who works there may have access to the hardwallet and made a modification.,


If you are buying a hardware wallet and want to save 10-20 bucks just wait for a Black Friday or some other promotion (ledger makes a lot of promotions in their website).

It is not worth trading security for 10-20 bucks, specially in a hardware wallet, that you are buying to feel 99.9999% safe.

AdolfinWolf
Legendary
*
Offline Offline

Activity: 1162
Merit: 1059


people run from rain but sit in bathtubs of water


View Profile
July 03, 2019, 12:07:05 PM
 #6


If you are buying a hardware wallet and want to save 10-20 bucks just wait for a Black Friday or some other promotion (ledger makes a lot of promotions in their website).

It is not worth trading security for 10-20 bucks, specially in a hardware wallet, that you are buying to feel 99.9999% safe.
Agreed. I myself would never use a second-hand hardware wallet, simply because i don't necessarily know if the firmware hasn't been tampered with, or if the hardware is all original. I don't have the expertise, and even if i would, it still wouldn't be worth the 0.01% chance that i missed something about the device for 20$ off. Not worth it.

NeuroticFish
Legendary
*
Online Online

Activity: 1974
Merit: 1311


There are no mistakes. Only opportunities wasted.


View Profile
July 03, 2019, 12:47:29 PM
 #7

Modification of hardware is also possible, but this is not easy process and requires specific technical knowledge.

I would not be surprised if sooner or later (if not already!) some sellers can give out devices that look like and behave almost like normal Ledger / Trezor / whatever, but containing a small modification allowing them find out your private key or seed. Somebody can mass produce them and sell them cheap. They'll get back the investment when they'll start stealing your money.

Maybe I'm too paranoid, but I bought my Ledger from their website and I would clearly ever avoid "re-sellers" or "second-hand" devices.

The Pharmacist
Legendary
*
Offline Offline

Activity: 1638
Merit: 3092



View Profile
July 03, 2019, 01:35:22 PM
 #8

<snip>
Thanks for that reply--I'm seriously considering a purchase of a Ledger Nano S from Amazon, but I'd thought of buying one second hand for a while.  I've never owned a hardware wallet before and don't really know a hell of a lot about them (which is why I'm reading threads like this).

I assume the Ledger is the best....?  When I browse hardware wallets on Amazon, there are just so many to choose from.  

I would not be surprised if sooner or later (if not already!) some sellers can give out devices that look like and behave almost like normal Ledger / Trezor / whatever, but containing a small modification allowing them find out your private key or seed.
I wouldn't be surprised either.  Counterfeit crap is everywhere, and making a fake hardware wallet with some sort of key-stealer would be an ideal scam.  No doubt someone somewhere is working on such a thing.

Stedsm
Legendary
*
Offline Offline

Activity: 1792
Merit: 1128


Piiiii Kaaaaaa Chuuuuuuu


View Profile
July 03, 2019, 01:50:40 PM
 #9

In this case, I consider any hardware that came from second hand user as permanently compromised. I would just discard it .

I'm biased on my decision here as some here believe that factory-resetting it could save me even on a 2nd hand hardware too? What's your take on this?

Quote
A hacker could have access to it and made hardware modifications, or even a firmware modification. I am no specialist, I know my limitations, I could be cheated this way. So I prefer and I advice only buying from official retailer.

Ok, I've got one more question about official hardware (from their official website).

What IF:
- I use official ledger hardware on a compromised PC?
- Isn't Ledger's official hardware prone to clipboard copy-paste scams where you copy a BTC address and a malware detects and changes it to another address? Is such hardware safe from it?

Quote
If you are buying a hardware wallet and want to save 10-20 bucks just wait for a Black Friday or some other promotion (ledger makes a lot of promotions in their website).

It is not worth trading security for 10-20 bucks, specially in a hardware wallet, that you are buying to feel 99.9999% safe.

I got that, you actually got me wrong there.
You're mistaken here as you are taking it like $10 discount but I've asked my question based on - if some sellers sell it way cheaper for a measly $10 - $20 as that's what lures cheap buyers to fall for these deals.

NeuroticFish
Legendary
*
Online Online

Activity: 1974
Merit: 1311


There are no mistakes. Only opportunities wasted.


View Profile
July 03, 2019, 02:04:16 PM
 #10

if some sellers sell it way cheaper for a measly $10 - $20 as that's what lures cheap buyers to fall for these deals.

My advice is: if one has the money for a proper hardware wallet, buy one from the producer. 60 EUR for a Ledger Nano S is not that much imho.
If one doesn't have that money he can always print paper wallets or use Tails + Electrum as cold wallet.

HeRetiK
Legendary
*
Offline Offline

Activity: 1232
Merit: 1123


the forkings will continue until morale improves


View Profile
July 03, 2019, 02:48:01 PM
Merited by dbshck (4), bones261 (2), ETFbitcoin (1), o_e_l_e_o (1)
 #11

I would not be surprised if sooner or later (if not already!) some sellers can give out devices that look like and behave almost like normal Ledger / Trezor / whatever, but containing a small modification allowing them find out your private key or seed. Somebody can mass produce them and sell them cheap. They'll get back the investment when they'll start stealing your money.

Non-genuine Trezor Ones have already been spotted in the wild:
https://blog.trezor.io/psa-non-genuine-trezor-devices-979b64e359a7

I'm not sure if any malicious intent (beside selling fake products) has been ascertained though. They might have just been 1:1 copies sold by a third party without any changes whatsoever.

In general Trezor firmware integrity is ensured by the wallet web interface. IIRC Ledger has a similar mechanism in place. Hardware integrity can not be ensured this way though -- I'm not sure if it would be even possible to verify hardware integrity on the software level -- which still leaves room for threats like the Evil Maid Attack: https://wiki.trezor.io/Security:Threats#Evil_maid_attack_-_replacing_Trezor_with_a_fake


What IF:
- I use official ledger hardware on a compromised PC?
- Isn't Ledger's official hardware prone to clipboard copy-paste scams where you copy a BTC address and a malware detects and changes it to another address? Is such hardware safe from it?

- Hardware wallets such as the Ledger and Trezor will protect your private key from compromised PCs
- They will not protect you from clipboard copy-paste malware. It's still up to you to (1) compare the address on your computer with the address as displayed on the hardware wallet and to (2) if possible, verify the address over a separate channel (ie. if you received the address via email, check on your mobile device as well or make a phone call with your counterparty)

bitmover
Hero Member
*****
Offline Offline

Activity: 602
Merit: 1029



View Profile
July 03, 2019, 03:50:29 PM
 #12

What IF:
- I use official ledger hardware on a compromised PC?
- Isn't Ledger's official hardware prone to clipboard copy-paste scams where you copy a BTC address and a malware detects and changes it to another address? Is such hardware safe from it?

You can use it on compromised pc.

They already patched it and now the address is displayed in Leger nano led visor. (On the device, theoretically unhackable)

Quote
I got that, you actually got me wrong there.
You're mistaken here as you are taking it like $10 discount but I've asked my question based on - if some sellers sell it way cheaper for a measly $10 - $20 as that's what lures cheap buyers to fall for these deals.
I would not use it even for free.  Not worth the risk.
As I said, it is a permanently compromised device

Stedsm
Legendary
*
Offline Offline

Activity: 1792
Merit: 1128


Piiiii Kaaaaaa Chuuuuuuu


View Profile
July 03, 2019, 04:35:48 PM
 #13

I assume the Ledger is the best....?  When I browse hardware wallets on Amazon, there are just so many to choose from.

Amazon? Are such hardware wallets sold on Amazon officially (or by the official team) or are you going to buy a 2nd hand device over there?

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1764
Merit: 2029

Use SegWit and enjoy lower fees.


View Profile WWW
July 03, 2019, 07:20:31 PM
 #14

If someone don't have enough money to buy hardware wallet, that means they have small amount of cryptocurrency & IMO there's no problem store small amount on hot-wallet.

Modification of hardware is also possible, but this is not easy process and requires specific technical knowledge. I see this option acceptable for hackers only if they have targeted user who is having significant amount of crypto, otherwise such modified device can come into the hands of someone who have only $100 or something like that.

On few HW wallet model/type, it's nearly impossible since the cover/case would be damaged. I couldn't remember which model/type have such feature though.

Amazon? Are such hardware wallets sold on Amazon officially (or by the official team) or are you going to buy a 2nd hand device over there?

At least Ledger have their official store on amazon, see https://shop.ledger.com/pages/retailers

The Pharmacist
Legendary
*
Offline Offline

Activity: 1638
Merit: 3092



View Profile
July 03, 2019, 07:29:02 PM
Last edit: July 03, 2019, 10:25:30 PM by The Pharmacist
 #15

I assume the Ledger is the best....?  When I browse hardware wallets on Amazon, there are just so many to choose from.

Amazon? Are such hardware wallets sold on Amazon officially (or by the official team) or are you going to buy a 2nd hand device over there?
Ehhh....I don't know if they're by the official team, but I'm assuming so since what I just purchased is brand new.  It's definitely not a second hand thing.  

Maybe I'll make a followup post here once I receive the item.  This is the link to it on Amazon, so maybe you or someone else can advise me on whether I made the right choice or not.  I'm a complete ignoramus about hardware wallets, but I'd heard great things about the Ledger Nano S.  

Edit:

<snip>
Thank you so much for that information, it really helps.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 686
Merit: 2744



View Profile
July 03, 2019, 10:04:38 PM
Merited by The Pharmacist (2)
 #16

This is the link to it on Amazon, so maybe you or someone else can advise me on whether I made the right choice or not.
Yeah, that's sold by Ledger themselves, via their Amazon supplier. You can see the link to their Amazon page from their own site here: https://shop.ledger.com/pages/retailers. You can rest assured you've bought a legit and brand new device.

Even so, when the device arrives, you should still perform some basic checks to ensure it is genuine and to initialize it for the first time. Step by step instructions can be found here: https://support.ledger.com/hc/en-us/articles/360002481534-Check-if-device-is-genuine. Work your way down the sidebar, to "Check if device is genuine", "Set up as new device", and "Update device firmware".

There's lots of other good information on their support site which would be worth a read. The official Ledger companion software is Ledger Live which you will also need to familiarize yourself with if you want to use it. The Ledger is compatibile with many other wallets though, and Ledger + Electrum is a particularly popular combination.

Pmalek
Legendary
*
Offline Offline

Activity: 1064
Merit: 1142



View Profile
July 04, 2019, 08:07:03 AM
 #17

@The Pharmacist
I think you made a good choice with the Ledger Nano S. You don't strike me as the type of person who holds bags of different Altcoins so if you are going to use your Nano S for Bitcoin + maybe 1 or 2 additional Alts you will be satisfied with your purchase.

Some users have complained that they can't install more than 2 different Apps on Ledger Live. Others have reported that they have 10 apps installed at the same time so I am not really sure what is causing all that. I held a maximum of 4 apps at the same time but I am now back to just 2.

The initial installation of the device is a bit of a lengthy process but I wouldn't have it any other way really. You have to take note of your seed and then re-enter and confirm every single word on the device itself. But this is a good thing because if you made a mistake somewhere the device will give you an error.

Make sure you remember your PIN because you can only make 3 mistakes while entering it, after the 3rd mistake the device wipes itself clean.       

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
Lucius
Legendary
*
Offline Offline

Activity: 1540
Merit: 1330


Fortis Fortuna Adiuvat


View Profile WWW
July 04, 2019, 09:39:59 AM
 #18

~snip~

For sure many bad people work on fake hardware wallets, but majority of crypto users know that only safe way to buy hardware wallet is to order it directly from the manufacturer. Of course there are those who will try to save some money, and they always look for cheaper solution which makes them ideal targets for fake hardware wallets.

What worries me is the possibility of compromising the official distribution chain, in a way that fake devices get mixed with originals and that some company is not even aware that it sell fake devices. Regarding the number of resellers of hardware wallets, this is not an option that should be neglected.




Some users have complained that they can't install more than 2 different Apps on Ledger Live. Others have reported that they have 10 apps installed at the same time so I am not really sure what is causing all that. I held a maximum of 4 apps at the same time but I am now back to just 2.

Make sure you remember your PIN because you can only make 3 mistakes while entering it, after the 3rd mistake the device wipes itself clean.       

Number of apps installed on Ledger Nano S is not mystery, everything is clearly explained. We have stand-alone apps (BTC / ETH) which are bigger in size, and we have dependent apps, which are based on them. So if you install Bitcoin app only, then it is possible to install more apps which are based on Bitcoin (up to 10), but if you use Bitcoin+ETH app you reduce size of storage significantly.

The point is that we can have more than two or three app in same time, but key is in app combinations. Some more info can be read here.

3 time entered wrong PIN (in a row) does not mean loss of coins, if user is have seed then it will just take some time to recover such wallet. But I agree it is not easy to type 24 words on Nano S, so be careful with PIN.

Royse777
Hero Member
*****
Offline Offline

Activity: 784
Merit: 958


Hire my signature space


View Profile
July 04, 2019, 12:42:04 PM
Merited by The Pharmacist (3)
 #19

<snip>
Thanks for that reply--I'm seriously considering a purchase of a Ledger Nano S from Amazon, but I'd thought of buying one second hand for a while.  I've never owned a hardware wallet before and don't really know a hell of a lot about them (which is why I'm reading threads like this).

I assume the Ledger is the best....?  When I browse hardware wallets on Amazon, there are just so many to choose from.  


I have been using my Ledger Nano S from last 2016 (if I remember the year correctly) 13/6/2017 (order date)­. So far I never had any issue with it. So, I will give you positive support for it.

It was costing me  81.75 € but now it's a lot more cheaper (€59.00) in their official website.

There are not much risk (in my opinion) buying a 2nd hand Ledger but since we are going to store thousands of dollar worth of Bitcoin and other altcoins then why would we just want to save some money when we buy one. This was my original thought when I ordered it from their official website.

By the way, one thing I love about ledger is the varieties of coin they support. I can store my NEO, ADA, ETH, Wabi safely there.

Check: https://shop.ledger.com/pages/crypto-currency-assets

Side note: Seems like I gave you a paid lecture LOL but trust me this came from the satisfaction I had or have with using this product.
It's not a paid feedback/lecture or whatever you call it :-)



Some users have complained that they can't install more than 2 different Apps on Ledger Live. Others have reported that they have 10 apps installed at the same time so I am not really sure what is causing all that. I held a maximum of 4 apps at the same time but I am now back to just 2.

       
I uninstall the one I do not need or I am okay to use later and install the one I need for my current operation. It's not that much hassle. The security is the key that I feel with my Ledger Nano S

.This space is available.
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
Stedsm
Legendary
*
Offline Offline

Activity: 1792
Merit: 1128


Piiiii Kaaaaaa Chuuuuuuu


View Profile
July 05, 2019, 07:03:27 AM
 #20

I have been using my Ledger Nano S from last 2016 (if I remember the year correctly) 13/6/2017 (order date)­. So far I never had any issue with it. So, I will give you positive support for it.

It was costing me  81.75 € but now it's a lot more cheaper (€59.00) in their official website.

There are not much risk (in my opinion) buying a 2nd hand Ledger but since we are going to store thousands of dollar worth of Bitcoin and other altcoins then why would we just want to save some money when we buy one. This was my original thought when I ordered it from their official website.

I can totally understand that but those who are interested in acknowledging the technology by using it and if they don't have much to spend upon it or willingly uninterested to do so (like newbies with least information or others with some information but don't want to spend higher), while they can get it for almost 50 - 70% less (maybe the hardware could be a first copy - pirated kinda and not the original one or even a 2nd hand but original Ledger wallet) will definitely give it a shot rather than going for the official one, no?

Is anybody here aware of Black Friday deals on such hardware during that event? If yes, what's the least one can purchase them for? And are they original too or they should also be considered 2nd hand?

A question somewhat related to this topic:
My friend purchased a 2nd hand PC and the person he bought it from, used to mine alts in it which clearly means that the previous owner held crypto in it (maybe BTC too).

So, to save the current owner (my friend) from any possible malware the old owner may have had installed in this PC, what should we do to prevent ourselves? Will a complete OS change work out? Like if we install new Windows without keeping old Windows.dat file in his PC, can we consider ourselves safe in this situation? He wants to use it mostly as an offline mode of storing his crypto there in his PC. Is he safe if we do it like that here?

Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!