Ledger Nano S Questions

[Bitman7976]

I was exposed during the Ledger hack, but should I buy a Nano X I will be getting from somewhere like Amazon and get it delivered to an amazon locker.

Can you explain the ledger hack and how you were exposed?  I'm interested because I purchased the nano x and want to make sure to protect  myself.  

Also, I'm no expert, but if you got hacked, why would you want to buy from Amazon and not directly from ledger?

My ledger live app is telling me i need to update firmware on the device.  Is that safe to do?  How do I know thats not a hack in itself to get your orivate key?  

I have crypto, if I update firmware, is it ok to update while coins are attached to the wallet?

[1714917408]

1714917408

[1714917408]

1714917408

[1714917408]

1714917408

[1714917408]

1714917408

[1714917408]

1714917408

[HoddzDJ]

Can you explain the ledger hack and how you were exposed?

Stick your email address into https://haveibeenpwned.com/ and see how many breaches you've been in.

As for your other questions... I'm not the best person to ask being a newbie myself!

[DdmrDdmr]

<...>

You can have a read through threads on the forum such as this one: Ledger SMS phishing campaign – New Leak (believe it or not). You’ll see references to:

Leak 1:
-   a breach in their customer email database (1M++ exposed)
-   a breach in their marketing database (phone, address, email, full name) -> 272K++ leaked -> not the initial 9,5K stated by Ledger.

Leak 2:
-    a breach in their marketing database through an API with Shopify -> 292K++ leaked (theoretically, a superset of the 272K).

Concerning Ledger Live, if it’s the original source you downloaded the software from, then you should be ok. Regardless, anytime you perform a firmware upgrade, you should probably make sure you’ve got your mnemonic handy in case anything goes wrong.

[o_e_l_e_o]

I'm interested because I purchased the nano x and want to make sure to protect  myself.

Depending on when you purchased it, and whether or not your purchased it directly from Ledger or from a third party, you may or may not have had your personal details exposed. The data breach does not affect the integrity of your Ledger device itself.

Also, I'm no expert, but if you got hacked, why would you want to buy from Amazon and not directly from ledger?

Somewhat ironically, people who purchased through third party resellers such as Amazon (which the general advice was not to do) have been protected from this data breach since Ledger never had their personal details in their database.

My ledger live app is telling me i need to update firmware on the device.  Is that safe to do?  How do I know thats not a hack in itself to get your orivate key?

You can verify Ledger Live using the hashes and public key available here: https://ledger-live-tools.now.sh/lld-signatures

[zasad@]

I have crypto, if I update firmware, is it ok to update while coins are attached to the wallet?

The firmware can be updated. Then you may need to install applications again. All coins will be in your wallet.

If you have the opportunity, then buy a wallet for cash in a store so as not to give your personal data to anyone.

Here all the stolen data is in text format, you can search for this and your loved ones to warn them

Code:

https://intelx.io/?s=8761746e-d333-4256-bbcd-9100c8722799

[Bitman7976]

Concerning Ledger Live, if it’s the original source you downloaded the software from, then you should be ok. Regardless, anytime you perform a firmware upgrade, you should probably make sure you’ve got your mnemonic handy in case anything goes wrong.

What is a mnemonic?  You mean the word seeds?

[o_e_l_e_o]

What is a mnemonic?  You mean the word seeds?

Yes.

[o_e_l_e_o]

He asked about  the verification of   firmware which has to be flashed during upgrade of Ledger device  rather then about update Ledger Live which is software wallet.

The only way to update the firmware on the hardware device is via Ledger Live, and Ledger Live verifies the firmware it downloads before it pushes it to your hardware device. Therefore, if you verify Ledger Live as I have said above, then that is the closest you can get to verifying the actual firmware itself. The hardware device itself will also verify the firmware is genuine prior to installation.

[Pmalek]

The only way to update the firmware on the hardware device is via Ledger Live, and Ledger Live verifies the firmware it downloads before it pushes it to your hardware device.

Exactly. During the firmware installation, Ledger will show an identifier in Ledger Live that you need to compare with the code displayed on the screen of your hardware wallet. That is all you can do in terms of verifying what you are installing. But even if you don't verify the code, you still can't install a malicious third party firmware on your device, in the same way that you can't install a fake app either.