Ok, current firmware is 1.6.1.
I just dont understand why frighten people with firmware hack that is no longer works?
Well, i already explained this in my previous (lenghty) post. But since it's tl;dr; => because odds are pretty big there are other, unknown or undisclosed vulnerability's. But most hardware wallet vulnerability's require physical acces. So, it's a good idear not to give anybody physical access to your hardware wallet, hence, buy a new one instead of a second hand one.
It is like saying don't open unknown documents from floppy disk as you might be infected by
CIHWell, it's like saying you don't open unknown documents from the internet because new, unknown virusses get created every day... It's not because your virusscanner is up-to-date that you're protected completely. The fact that CIH exists proves that virusses exist, so it can be used as a cautionary tale. Same as the article from 2018: sure this vulnerability is fixed, but the article is proof that vulnerability's DO exist, so it's a good idear to take into account that other, new, vulnerability's might exist aswell.
I'm not saying that person should buy or should not buy used Ledger. He has his own head to decide. But you guys turn "buying used" here into a plague or a fire that should be avoided.
Bitcoin is about freedom. If the OP decides to take the risk, nobody is going to stop him, and there's a decent chance he won't face any problems...
If the guy has low budget, buy old, reset, update, clean it, use new keys. Why not ? Or buy alternative device.
Because a new one is cheap, and it's much safer. Bitcoin is money. If you're going to neglect opsec, you might aswell use a desktop wallet. Much cheaper... And if you verify the signature and keep your pc sparkling clean it's also "reasonably" secure
P.S. Anyone ever bought used car? I guess no one. No one knows how to check true mileage, check accident history, presence of airbags and that the buyer can ran various diagnostics at the dealer.
Here is the same. You are taking a risk of airbags not shooting during accident = taking a risk of loosing crypto because of modded device.
Well, the car analogy only works up untill a certain point:
- A second hands car costs about 20% of a new one (at least, it does in my country). A new hardware wallet costs 40€, i doubt the OP will find a second hand wallet for 8€. In absolute number it's even better: buying a second hand car saves you >10.000€ (in my country). Buying a second hand HW wallet saves you 10€
- The risk you run is also different. HW wallets can be used to store hundreds of bitcoin, with a fiat value of millions of dollars... If your second hand car's engine breaks, you're out of 500 or 1000 dollars... A completely different pricerange
- It's harder to see with the naked eye if somebody messed with your hardware wallet's firmware than it is to see if somebody messed with your car
- When buying a car, the seller has to give his full KYC (at least, in my country). Buying something online does not have the KYC prereq. Hence, if you buy a bad car, you can track down the seller more easily
- If your car is faulty, you can go to the police to file a claim. You can do the same with your hardware wallet being compromised. However, cops will probably relate to you and actually understand the fact you were scammed after filing a complaint for a bad car. When you file a complaint about the firmware on a ledger device being altered, they'll probably scratch their heads and classify your case as a cold case without even trying
I'll give you another real life analogy that comes closer to buying a second hand wallet:
One day you decide to open an ATM. Your ATM will be located in the bad part of town and the store where you'll place your ATM machine does not have camera's. You will load your ATM with 1.000.000€ in unmarked, untraceable bills.
- A new ATM costs 10.000€, it comes straight from the factory, has a 3 year guarantee period, the latest firmware and the latest updates in security technology.
- Some guy you don't know approaches you on the street and says he sells his second hand ATM for "only" 8.000€. You don't know if he modified the firmware or succeeded in copying the key to open the machine tough... Oh yeah, it's heavily scratched aswell
Which one will you buy? Will you store 1.000.000 of your money in a second hand piece of metal because no locksmith would ever copy ATM keys and because your ATM validates it's firmware before starting, or will you spend 2.000€ more for a brand new machine?
I realise this whole topic makes me look like a hardware wallet critic. This couldn't be further from the truth! Hardware wallets are great. Hardware wallets, airgapped wallets and properly generated paper wallets are about the safest way to store your funds... But i'm talking about new, trusted, hardware wallets bought from an official vendor
