ALERT Ledger Secure Element

[mendace]

I'm opening this new thread for those who haven't read yet about Ledger's bullshit about seed recovery.
 In a nutshell and in short they are launching a cloud service where it is possible to make a backup of your seed which will be divided into 3 encrypted parts and sent to 3 different cloud providers.

 https://www.ledger.com/recover


 Having said this, the shocking thing is not so much the service which can also be quite secure but the fact that until now it seemed impossible to be able to withdraw the device seed (ST31H320 chip) from the secure element and now it can be done easily via software.
 Among other things, Ledger is not exactly the maximum security given the previous leak data.

 I conclude by saying that at this point Ledger has in fact screwed up half the hardware wallet world because that chip is practically used by almost all manufacturers, coldcards, Bitboxes, etc... So at this point the question remains "what to do?"

[BenCodie]

Nothing beats cold storage and storage that does not involve a third party. i.e. Bitcoin core on an isolated machine. I have always looked at ledgers and hardware wallets and thought, it's only a matter of time before these get breached in some way. Here we are.

Save your money. Buy two flash storage devices (for a cold wallet and hot wallet), encrypt them with a strong password and a modern algorithm, store your keys/wallet files on these and viola. Cheap hardware device. You'll save hundreds, and you won't be exposed to vulnerabilities or negligence by third parties (if your desktop is adequately secure/you are not negligent in your own security).

[examplens]

I conclude by saying that at this point Ledger has in fact screwed up half the hardware wallet world because that chip is practically used by almost all manufacturers, coldcards, Bitboxes, etc... So at this point the question remains "what to do?"

They unexpectedly opened a big hole. With the information that it is possible to access this chip through software, they set homework for the hackers. I don't think we will have to wait long for the results of this fiasco.

Among other things, Ledger is not exactly the maximum security given the previous leak data.

I would say that Ledger and its developers have a very strange understanding of privacy and security. There are really too many omissions on the part of the, until recently, number 1 brand when it comes to hardware wallets.

[Charles-Tim]

RickDeckard has already created a thread where we are discussing about it.

Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

It will be better to lock this thread.

[KiaKia]

For almost the same reason I always take my time before updating my wallet software, because some updates can be crappy and vulnerable to attacks, I won't update until a month later because if the new update is not doing things right they will still have to patch it and bad actors might find their ways into peoples crypto wallet and start stealing their coins.

Stay away from any mobile or hardware wallet that gives access to cloud data backup, they don't know what they are doing, Private keys and seed recoveries are safer offline than anywhere online, say no to cloud backup.

[mendace]

RickDeckard has already created a thread where we are discussing about it.

Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

It will be better to lock this thread.

Sure, I hadn't seen the thread