Ledger hardware wallet offering custody for seed backups

[adaseb]

Someone asked on Reddit what would happen if some government sent a subpoena to Ledger and asked for a seed of a user, and they basically stated that they would have to provide it to the government. They are basically digging themselves in a larger and larger hole and don’t think they will survive as a company after this incident.

They really should of at least hired some PR instead of having all these amateur responses all over social media. And they definitely shouldn’t of started this recovery program. Most people wouldn’t be ok with it given with how easy it is to get your funds stolen.

[Kryptowerk]

Ledger has a nice track-record of fuck-ups, imho. First they just stopped support for their older hardware wallets. Such as Ledger HW (1) and Ledger Nano (1).
Then they managed to leak their customer database including email, clear name, address etc.

Now openly admitting to lying in regards of the possibility for private-key extraction from their security chip seems like the logical next step. Disgusting but not surprising.
https://www.binance.com/en/feed/post/539103

"The original tweet from Ledger customer service stated, “Technically speaking, it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.”

And:

"Critics shared an alleged Ledger post from November that stated, “A firmware update cannot extract the private keys from the Secure Element,” implying that the company contradicted itself."

[cydrix]

We initially believed that Bitcoin offered total privacy and anonymity, but later learned that what we believed to be untraceable was actually traceable. I've always questioned whether wallets could honestly claim they did not know your seed phrase when it comes to the seed phrase issue. Even though this is the first I've heard of it, Ledger was giving me headaches before I even read this because of the ordinal consideration. If it's true, you should take extra precautions with your Bitcoin wallets because your Bitcoin will now only be protected by the honesty of the wallet you're using. And it would unquestionably demonstrate that many alleged hacks in the past when Bitcoins were taken may not have actually been stolen but rather were the result of wallet fraud.

[Kryptowerk]

https://www.youtube.com/watch?v=9scIevuymZM

Andreas Antonopoulos is live just now discussing the ledger f-up.

So far his stance is pretty clear and I am happy to see there is spotlight on all the potential problems a closed-source centralized company such as Ledger poses.
Especially after they have been caught lying about fundamental features of their security-chip on their hardware wallets.

[Onset]

Oh, but is this surprising? They’ve been hacked, they were spending large amount of money to place their products in rap music videos, then they f-ed up so many other times and now this. Ledger is just a joke man, they’ve created the perfect device for shitcoins and this is the only thing they’re good at.

It wouldn’t surprise me at all if it was already possible to extract the seed even without the update. They’re a very suspicious company to me and they don’t deserve the recognition they’re getting. Fortunately we aren’t as dumb as they think but unfortunately people’ll continue buying their products due to how many shitcoins they support..

[WeThePe0ple]

Feel free to tell me if this is stupid. But within a decade I believe that any hardware wallet will need to be replaced. Because they device is somehow damaged or because government regulation does not allow people to continue with the original device (updates needed in order to trade..) And when that replacement happens, I don't think there will be any legal way to store crypto without government knowing exactly what we own.

And that was the whole point of BTC. I believe in the technology even though I am not tech savvy.
I believe in it because after its launch in 2009, no government found out who Satoshi Nakamoto is and nobody could stop the technology.

But they can stop the wallets by regulating their developers.
And they can attack the exchanges with harsh regulation and KYC.

Before the Ledger situation I was convinced to invest a significant portion or my savings into BTC as a hedge against inflation, a safe haven.
After the Ledger situation, I no longer believe there is a safe haven. Who knows which backdoors their competitors have left open without the public knowing.

[WeThePe0ple]

If it's true, you should take extra precautions with your Bitcoin wallets because your Bitcoin will now only be protected by the honesty of the wallet you're using. And it would unquestionably demonstrate that many alleged hacks in the past when Bitcoins were taken may not have actually been stolen but rather were the result of wallet fraud.

This is very true and there should be a topic dedicated to this. An investigation into this.
How many people inside the Ledger company knew that the seed phrase never really was a secret to the owner? I wonder.
The people who developed this technology must be perfectly capable of stealing from account holders and making it look like a hack.

[The Sceptical Chymist]

I made a post about this in the HW wallet section right after Ledger made this announcement, and since then I've learned a lot more about what kind of clusterfuck this really is and how dangerous Ledger products are for people who value not only their privacy but security.  Needless to say, I'm no longer going to put up even a feeble defense for any of their actions as I used to do. 

They fucked all of their current customers who likely didn't buy the device they thought they did, i.e., one from which the private keys couldn't be extracted without the owner's consent.  Now that they've disclosed that it can be done, I think they've also fucked themselves as a company--but time will tell.  One thing is for sure: I'm going to be following this drama very closely.

My personal suspicion is that Ledger is being pressured by government agencies to implement this service, or at least to announce that key exfiltration is possible so as to circumvent whatever illegal surveillance law they'd be violating if they got Ledger to seize users' funds for whatever reason.  I didn't come up with that theory, of course, but I believe it fully.

[dragonvslinux]

My personal suspicion is that Ledger is being pressured by government agencies to implement this service, or at least to announce that key exfiltration is possible so as to circumvent whatever illegal surveillance law they'd be violating if they got Ledger to seize users' funds for whatever reason.  I didn't come up with that theory, of course, but I believe it fully.

Have also started considering this, especially after they acknowledged that the seed phrase could be subpoenaed. At first I thought it was simply a new revenue stream, as $10 p/m for say thousands of users is a reasonable income, better than say $60 / $140 irregularly per device I imagine. It's a consistent revenue stream at least, probably more profitable than bear market purchases if I had to guess.

But if US government suddenly decided that it's no longer legal to offer physical wallets without the ability to access seed phrases, then Ledger would likely be the first target to comply. We'll know soon enough if other hardware providers such as Trezor follow suit, otherwise this theory is unlikely to be true, and instead just remains a strange decision by Ledger for "on-boarding" more users (who are scared of self-custody).

[Kryptowerk]

I made a post about this in the HW wallet section right after Ledger made this announcement, and since then I've learned a lot more about what kind of clusterfuck this really is and how dangerous Ledger products are for people who value not only their privacy but security.  Needless to say, I'm no longer going to put up even a feeble defense for any of their actions as I used to do. 

They fucked all of their current customers who likely didn't buy the device they thought they did, i.e., one from which the private keys couldn't be extracted without the owner's consent.  Now that they've disclosed that it can be done, I think they've also fucked themselves as a company--but time will tell.  One thing is for sure: I'm going to be following this drama very closely.

My personal suspicion is that Ledger is being pressured by government agencies to implement this service, or at least to announce that key exfiltration is possible so as to circumvent whatever illegal surveillance law they'd be violating if they got Ledger to seize users' funds for whatever reason.  I didn't come up with that theory, of course, but I believe it fully.

Tbh, I would be suprised if this actually damages their company in the long run.
Just think about what happens to trust towards CEXes after another big one goes down: Short dent, people look for alternatives (DEXes, storing their corns locally etc.) and after a while the majority is back using CEXes.
So yeah, for some period of time it will leave a mark, then a new generation of hardware-wallet-users comes along and everything is back to usual business.
I hope I am wrong, but not too optimistic.

That being said, regarding the real reason why Ledger does this shit... Maybe government pressure, maybe some inside folks are already working for the government, maybe some CEO is best-buddy with an intelligence-exec... who knows.

What I personally hope to see are many more open-source hardware wallet solutions, where some of them manage to become the new industry standards.