Ledger Device displaying Warning! When trying to confirm transaction?

[Dragonizer]

Hi All


Posting here as i have had a reply back from Ledger Support Email to contact Electrum.


I am using Electrum 3.3.8 to send BTC and it has been fine for several months.
I just tried to send some BTC from there and insted of the usual CONFIRM on Ledger Nano S i get a message 'Warning!'
Then -
Press both buttons -The Change of path is unusual
Press both buttons -Change Path 49'/0'/0'/0/6
Press both buttons -Reject if you are unsure Y or N

This has NEVER happened before, what is happening, is it safe to accept, i have not altered/updated anything on Ledger/Electrum.

I have been sending/receiving transactions for several months without this ever happening?

Here is the reply i had from Ledger Support -

'Hello,

Thank you for reaching out to Ledger Support. I apologize for any inconvenience caused by the problem you've encountered. My name is Tiago and I will gladly assist you.

Windows 7
Please note that Ledger Live is not supported on Windows 7. If the solutions provided in our Update FAQ do not solve your problem, we cannot provide any further support unless you try on a platform that we do support, such as macOS 10.9 (64-bit), Windows 8 (64-bit) or Linux Ubuntu 16.10.

Electrum Guide : https://support.ledger.com/hc/en-us/articles/115005161925-Set-up-and-use-Electrum

You should contact Electrum support for the path direction i don't think it's normal.

Have a nice day

Tiago'

Cheers

[1714059387]

1714059387

[1714059387]

1714059387

[Abdussamad]

It's not a big deal so I would go ahead and confirm it. The change address is still derived from your seed so you control it. It's just different from what ledger expected.

edit: actually it's because you disabled change addresses in electrum preferences. if you enable them the warning goes away:

https://github.com/spesmilo/electrum/issues/5271

[Dragonizer]

It's not a big deal so I would go ahead and confirm it. The change address is still derived from your seed so you control it. It's just different from what ledger expected.

edit: actually it's because you disabled change addresses in electrum preferences. if you enable them the warning goes away:

https://github.com/spesmilo/electrum/issues/5271

Thanks for the reply.

I have used this Ledger since when they were released and have not altered any settings with regards change of address?

Why would it only now appear?

Seems very odd to me.

[bitmover]

I wouldn't go ahead and confirm it without being 100% sure. You are right to be cautious.

Ledger support said you are using Windows 7? It is time to upgrade your windows system, as both manufacturer are recommending (windows and ledger). There are many updated which and bug fixes that are not being fixed on windows 7 anymore.

Additionally, try to send a small transaction (0.0001 BTC) or whatever. If it is ok, it arrives at the address you want and you have access to the change, you are probably safe. My main concern would be regarding the change. Try to send a transaction with a small input.

I think this derivation path is unusual as well.

Have you tried to send using ledger live?

If I were you, I would install Windows 10 and try again using Electrum

[Dragonizer]

I wouldn't go ahead and confirm it without being 100% sure. You are right to be cautious.

Ledger support said you are using Windows 7? It is time to upgrade your windows system, as both manufacturer are recommending (windows and ledger)

Additionally, try to send a small transaction (0.0001 BTC) or whatever. If it is ok, it arrives at the address you want, you are probably safe.

My laptop i use for transactions is ancient, it still has Win7 and won't run Ledger Live.

I just logged in and checked Electrum and 'Use Change Of Address' was not ticked, i am 99.9999% i deselected this when i installed it.

I just sent a small amount and it's showing OK, so all good.

I ticked the box and had no 'Warning' on Ledger! message.

Cheers guys.

[bob123]

It is time to upgrade your windows system, as both manufacturer are recommending (windows and ledger)

This.

You are basically using an outdated operating system with a lot of security measurements missing, which are present in windows 10.
Any data stored on your computer is at high-risk getting compromised.

Please update your OS as soon as possible. If i am not mistaken, the free upgrade is still available (the official updater can still be downloaded).

There is literally not a single reason to keep using windows 7. Even the extended lifetime support is coming to an end soon. Afterwards there will be not a single update anymore.

[Dragonizer]

I agree bob, it's just been my laziness and i'm oldskool with an offline laptop for transactions, i only installed Electrum ad LL would not run.

I'm clueless with laptops tbh, the one i am using is around 9 years old!!!

If i could upgrade to Win10 for free that would be brill, i also think it uses less CPU/MEM than Win7 but i am digressing.

Thanks

[bob123]

If your computer is offline anyway it doesn't really matter.
Just wanted to point out that it is quite risky to use it as an every-day-OS on an online machine.

You can download the windows 10 update assistant from microsoft's page: https://support.microsoft.com/en-us/help/3159635/windows-10-update-assistant

[DireWolfM14]

@Abdussamad, good find.  It sound's like that fixed the OP's issue.

@Dragonizer, you should be able to download and install Windows 10 for free.  Just use the Win7 product key when prompted.  I have a couple of older machines running Win10, and all run better than they did with Win7.  An affordable and easy upgrade that'll help speed up your system is a SSD hard drive.

You can get the installation tool here: https://www.microsoft.com/en-us/software-download/windows10/
It'll walk you though upgrading your system, or you can use it to create a bootable USB or an ISO file.  Super easy.

[Dragonizer]

@DireWolfM14

Cheers mate, i have a dodgy copy of Win7 on it, i'm pretty sure i tried this before, the sticker is illegible and thinks its a Vista..lol or something.....

I need to spend some money and get something 'half' decent with an SSD, it's just this works for me tbh and it's always tomorrow kind of thing.

i just looked on Ebay and they are selling for £70...lol

 

[o_e_l_e_o]

I agree bob, it's just been my laziness and i'm oldskool with an offline laptop for transactions

That's not old school at all. A fully airgapped machine is one of the best set ups for bitcoin storage. Just make sure that it doesn't go online at all, particularly with an outdated copy of Windows. If you can permanently disable or even remove the WiFi card, then even better. If it is permanently offline, then an old OS is far less of a risk.

If you did want to upgrade to a secure OS but can't use Windows 10, then you could consider a Linux distro of your choice.

[bob123]

If it is permanently offline, then an old OS is far less of a risk.

If we assume that it is completely air-gapped and never goes online at all, how does it make any difference at all whether he is using windows 2000 or windows 10 ?
Correct me if i am missing something.. but if it truly is air-gapped without any interface to communicate, i don't see any difference regarding the security. Whether it is MS-Dos or windows 10 or even linux. What am i missing ?

[bitmover]

I agree bob, it's just been my laziness and i'm oldskool with an offline laptop for transactions

As far as I understand the situation here, you are  using windows 7 as a online computer, because you are trying to send transactions using Electrum and ledger nano . An offline computer cannot do that

Maybe you think you have an offline device but you don't?

[o_e_l_e_o]

What am i missing ?

The biggest security risk I can see would be how he transfers transactions back and forth. Is he using QR codes as he should be, or is he using removable media which could harbor malware? There's also the consideration of physical attacks on the device itself.

I agree that it probably doesn't matter which OS you are using on an airgapped machine, but I wouldn't go as far as to say there is no conceivable scenario in which it wouldn't make a difference. There is no set up in the world which is 100% secure.

[Lucius]

Dragonizer, is this you on Reddit? https://www.reddit.com/r/ledgerwallet/comments/d0fcnz/ledger_nano_s_and_electrum_warning/

It seems to me that you got the answer to your question 4 days ago from Ledger CTO, there is no need to write to Ledger support since they only reply mostly with some generic answers.

Regarding using Nano S or any hardware wallet with W7 or W10, why should be more secure to use W10 then any lower version of Windows? Hardware wallets are designed to be resilient even on infected device, outdated operating system (and W7 is still have Microsoft support) does not compromise security of such wallets.

However Windows 7 will soon remain without official support, and Ledger Live is not working on W7 for months.

[Dragonizer]

Yes that was me but as i had no email notification of a reply i missed it, i don't really use Reddit and i find the layout confusing tbh, it never allows me to post most of the time.

The old laptop i use for transactions only goes online when needed, i also keep all the hidden Electrum files offline on a locked USB.

This plus Ledger gives me peace of mind, it's just something i have done for years now.

I also posted on a dedicated Netbook forum and withing my price range/screen size everyone was recommending something along there lines-

https://www.ebay.co.uk/sch/i.html?_odkw=8250u&LH_PrefLoc=1&_udlo=290&_udhi=330&_mPrRngCbx=1&_osacat=0&_from=R40&_trksid=p2045573.m570.l1311.R5.TR6.TRC1.A0.H2.TRS0&_nkw=laptop+i5+8250u&_sacat=0

An i5 8250u.

I have heard of the brands but not sure which would be the best tbh?

If i have digressed of topic, i have no problem with mods amending/deleting this, but some input once we are here would be greatly appreciated.

Thanks once again for your great advice, it IS much appreciated!!

[o_e_l_e_o]

The old laptop i use for transactions only goes online when needed

Be aware that this is not the same as an airgapped device. A device which "only goes online when needed" is no better than a device which is online 24/7, especially if you are using an insecure OS like Windows 7. It doesn't matter if you disconnect the computer from the internet and then plug in a USB with Electrum on it, and close Electrum before re-establishing internet access. There is plenty of malware which can infect your machine and will be quite happy to wait patiently in the background until your wallets are opened before trying to change the address you are sending to. Using a hardware device such as Ledger will largely protect you, provided you are meticulous about double checking the address displayed on the Ledger's screen matches with the address you are trying to send to. The other advice in this thread about upgrading from Windows 7 still applies though, and any other data you have stored on that computer is at risk.

[Dragonizer]

@o_e_l_e_o thanks mate.

I will be updating to Win10 and LL asap.

[o_e_l_e_o]

@o_e_l_e_o thanks mate.

I will be updating to Win10 and LL asap.

No problem. Just a clarification though: I'm not arguing against Electrum, only against Windows 7.

Electrum is a great wallet, one of the best out there. Ledger Live is easier to use if you are holding several different altcoins, but if you are mainly interested in bitcoin, then Electrum is miles ahead of Ledger Live in terms of functionality. They are as safe as each other provided you have installed and verified them properly, are using a hardware wallet, and are double checking all addresses on the screen, but Electrum gives you tons of extra functions that you don't get in Ledger Live. Functions such as RBF, full coin and UTXO control, seeing all your addresses, signing messages, and so forth. I would general recommend people to upgrade from Ledger Live to Electrum, not the other way around.

The risk in your set up is with Windows 7. It is an outdated OS that Microsoft are no longer providing support or updates for. Any new security risks or flaws which are discovered will go unaddressed and unpatched, and therefore will be open for attack.

[DireWolfM14]

The risk in your set up is with Windows 7. It is an outdated OS that Microsoft are no longer providing support or updates for. Any new security risks or flaws which are discovered will go unaddressed and unpatched, and therefore will be open for attack.

Windows 7 is still supported currently, but it's "End of Life" is scheduled for this coming January.  I'm still using Win7 at work, (company computer) and it's pretty darn secure.  We have a robust anti-malware and anti-virus suite with hard-drive boot encryption that helps keeps the systems secure.  

Just like any os, it's only as secure as the user is careful.  If you go around clicking on every link that pops up to great you, and download every game your friends post on facebook, it's just a matter of time before get smacked with a virus or malware.

I use Win10 on my home PCs, and I agree it's inherently more secure than Win7.  I also think it's more streamlined, and less resource intensive, and actually works better on older hardware than Win7.  Given that a Win7 key will upgrade to Win10 for free, there's really no reason not to upgrade.