My worries with ledger

[DireWolfM14]

I guess my two Ledger devices are going into my growing HW wallet museum.

My museum is rapidly growing as well.  

As long as you only use it with (verified) Electrum, you should be good to go for many years.  

Is that really true?

I wish I could predict the future, but I can't say for sure.  My previous experience with Electrum and hardware wallet firmware does give me hope.

I don't really understand the process by which private keys can be extracted from the Ledger device--do you have to be using Ledger Live for that to happen?  What if you have to update the bitcoin app?  And even if that is true that you can use Ledger with Electrum safely, you're still screwed if you hold any other coins aside from BTC, ones that need frequent updates to their apps to keep working.  A lot of folks hold more than just bitcoin, and I still think Ledger users are playing Russian roulette if they continue to use one of their devices.

Privat keys are never to be extracted from hardware wallets.  Transaction data is sent to the wallet, which checks the data against the keys housed within, and either signs or rejects the transaction, and returns the resulting data back to the PC.  Keys always remain locked within a secure element, that's the point and that's what eliminates Ledger devices from meeting the very definition of "hardware wallet."

With Trezors it's not so much a security issue as it is a privacy issue.  Their contracting with Wasabi's coinjoin provider suggests a lack of concern for their users' privacy.

With Ledger it's a whole other level of villainy; their firm ware is an encrypted secret, no public oversight is possible.  As Synchronice mentioned, it's been this way all along and all along they told us it was impossible for software like Ledger Live to the extract private keys from the hardware.  But magically they found a way to break their own security protocol, promote it a "feature," and enrich themselves on a lie.

Fortunately Ledger Live is open source and capable of being reviewed by peers.  If some piece of code in previous releases of Ledger Live could have extracted seeds from the device, it'll be found sooner or later.  That's above my paygrade, however.  

[1714305176]

1714305176

[1714305176]

1714305176

[1714305176]

1714305176

[1714305176]

1714305176

[1714305176]

1714305176

[Pmalek]

I don't really understand the process by which private keys can be extracted from the Ledger device--do you have to be using Ledger Live for that to happen? 

Their Recover feature has been put on hold for now, but I am pretty sure it would only work with Ledger Live if/once released. You would also need the latest firmware with the feature/vulnerability code present on your hardware wallet. 

What if you have to update the bitcoin app?

That should still work through the My Ledger/Ledger Manager tab irrespective of your firmware version. You might have to install the latest Ledger Live version, though.

Fortunately Ledger Live is open source and capable of being reviewed by peers.  If some piece of code in previous releases of Ledger Live could have extracted seeds from the device, it'll be found sooner or later.

The magic is probably recorded in the code for the firmware, and as you know, it's closed-source. That's the part they have to open for the public. Anyways, it's too late now. If such an option was there in the past, they can just remove it, work around it, and open-source a slightly altered code.

[taufik123]

-snip-
With Ledger it's a whole other level of villainy; their firm ware is an encrypted secret, no public oversight is possible.  As Synchronice mentioned, it's been this way all along and all along they told us it was impossible for software like Ledger Live to the extract private keys from the hardware.  But magically they found a way to break their own security protocol, promote it a "feature," and enrich themselves on a lie.
-snip-

Ledger's developers are not consistent with their original intentions, only providing nonsense with the so-called private key extractor as a new feature.

I don't know what Ledger's CEO is thinking that they can provide a feature that will actually damage their own business.
But for Ledger FanBoys it doesn't matter, they still support it.

I was even going to switch to Ledger, but in the end, canceled my intention because of the controversial update.
I still use Safepal even though it is not an open-source wallet, but they are not hypocrites.

[hZti]

I have a ledger nano s…


What will be your suggestions?

The suggestion is easy: go get another hardware wallet that is designed correctly, meaning it will safely store your seed and not share it anywhere.

If people do really believe that ledger is to big of a company to scam them they will have a very bad day at one point. I’m not saying that it will be the whole company that screws them over, it will probably be one individual that will just disappear with the bitcoin.

I will repost this prediction when the scam happens 

[m2017]

I have a ledger nano s but I don't feel secure anymore with it after their recent update about subscription for wallet recovery. The only use of the leger is for Bitcoin and I use it with electrum.

I understand their new update does not effect Ledger Nano S but I still feel unsafe, I feel paranoid. Everyday I wake up and check my phone where I have a watch only installed and before the wallet loads I feel I will see an outbound transaction is just loading but it does not and my coins are there. I feel better.

What will be your suggestions?

My suggestion will not differ much from what you have already been offered. If with this wallet you don't feel that your funds are safe, then change the device to another one. This is not the case when you can neglect the precautions, although in fact, to this moment, the Ledger Nano S continues to perform its functions and there have been no incidents with the loss of cryptocurrencies so far. For now. But I wouldn't wait until that happens. Moreover, there are big doubts about the new update and new features that the Ledger plans to introduce.

Other hardware wallets will help you regain confidence in the safety of your stored financial assets and get rid of paranoia. How much will it be possible.

[LoyceV]

I have a ledger nano s but I don't feel secure anymore

I never felt secure with any hardware wallet. To me, it's a black box and I can't possibly know what's really happening inside. So I only used it as "intermediate" wallet, for amounts somewhere between hot wallets and cold storage.

I feel paranoid.

Too little too late Truely paranoid people (like me) wouldn't have trusted any third party device in the first place.

Everyday I wake up and check my phone where I have a watch only installed and before the wallet loads I feel I will see an outbound transaction is just loading but it does not and my coins are there. I feel better.

What will be your suggestions?

Move your funds out of there! I've been there, feeling unsecure, when I couldn't find a paper wallet years ago. I had a backup, but it didn't feel safe until I moved the funds. So move. Crypto storage is supposed to be safe enough to be able to trust your own setup.

The next big scandal will be this: Breaking news! Ledger Recover data leak! Millions of users lost their coins.

Followed by: "Ledger denies all blame, reminds people they said private keys can't be extracted from the secure element."

[The Sceptical Chymist]

Privat keys are never to be extracted from hardware wallets.  

I understand what you're saying about how the keys are stored and what Ledger did, but all HW wallets have secure elements, do they not?  Those things I don't know much about except that the HW wallet manufacturer (as you stated) should never be able to access the keys stored in said secure element.

And a lot of pesky redditors were going on about no HW wallets being completely safe now, precisely because they all contain those secure elements, and they were talking about open-source ones like Trezor, Bitbox, and a bunch of others.  I tend to listen to what's said here on bitcointalk, as you all know what the hell you're talking about--but the mood here is gloomy as well.

I feel paranoid.

Too little too late Truely paranoid people (like me) wouldn't have trusted any third party device in the first place.

Yep.  Unfortunately for me, I'm too damn trusting at times, and it gets me into trouble.  Fortunately this didn't turn into a personal disaster, but it might yet for all of those people who still stand by their Ledger devices--and from the looks of it, there seem to be a lot of them.

[DireWolfM14]

Truely paranoid people (like me) wouldn't have trusted any third party device in the first place.

Agreed, one shouldn't use a hardware wallet in lieu of long term cold storage, in my opinion.  To equate my habits to easy to understand habits most of us have with our fiat currency:

Hot wallet = Cash in your pocket.
Hardware Wallet = Cash in your "rainy day" savings account.
Cold Storage = IRA/401K or other long term investment account.

I understand what you're saying about how the keys are stored and what Ledger did, but all HW wallets have secure elements, do they not?  Those things I don't know much about except that the HW wallet manufacturer (as you stated) should never be able to access the keys stored in said secure element.

Most hardware wallets do indeed have a secure element, except for some of the DIY ones.  There might be some exceptions, but I can recall which ones at the moment.  Just having a secure element doesn't automatically mean that the seed or keys cannot be extracted.  The secure element still needs firmware to operate correctly, so if you install some malicious firmware into your secure element hardware wallet, all your funds could be stolen.  And therein lies the rub; we don't know what's in Ledger's firmware.

And a lot of pesky redditors were going on about no HW wallets being completely safe now, precisely because they all contain those secure elements, and they were talking about open-source ones like Trezor, Bitbox, and a bunch of others.  I tend to listen to what's said here on bitcointalk, as you all know what the hell you're talking about--but the mood here is gloomy as well.

Be careful when reading anything on any social media site, including this one.  Anywhere you go you're likely to run into people talking out of their ass for merit, karma, likes, or just shits and giggles.

[dkbit98]

Too little too late Truely paranoid people (like me) wouldn't have trusted any third party device in the first place.

Funny you are saying this because you are already using third party devices like your computer and smartphone that all have closed source hardware components (some even software).
So trusting computer that has much bigger attack vectors than open source hardware wallet.... that doesn't make any sense to me and real security experts like Andreas Antonopoulos and Jameson Lopp agrees with that.
I am not saying what anyone should use for holding Bitcoin, and I am certainly not supporting ledger and other closed source devices, but computers are NOT safer than good open source hardware wallet.
All modern computers and laptops have hidden spy operating system running all the time, and only way to remove it is maybe with Coreboot or with other open source alternative bios, but that needs flashing chips with raspberry pi.

[The Sceptical Chymist]

Most hardware wallets do indeed have a secure element, except for some of the DIY ones.  There might be some exceptions, but I can recall which ones at the moment.  Just having a secure element doesn't automatically mean that the seed or keys cannot be extracted.  

That's what I'm saying, that any wallet with a secure element has the potential for the private keys to be grabbed by a malicious update (which I consider Ledger's Recovery update to be) or by other means known only to smarty-pants peeps like yourself.  

I'm saying that I'm not likely to trust any HW wallet that has a secure element that can possibly be tapped into by the devs or anyone else, and all of the best-known HW wallets do have one.  That's why I said it's game over for me and storing crypto on any device.  I've come to the realization that they're not really necessary (for me at least).

Be careful when reading anything on any social media site, including this one.  Anywhere you go you're likely to run into people talking out of their ass for merit, karma, likes, or just shits and giggles.

Oh come now, DireWolfM14!  I wasn't hatched out of Satan's hellspawn yesterday, you know.  I was around when reddit got started, and I even remember all the really fucked up chat on AOL way back when they were trying to create a walled garden around the internet that you had to pay to access.  

On a related note, what good is karma on reddit?  Does it make you a big swinging reddick on that joke of a website or is there actually a benefit to having a lot of it?  Honestly, I don't even understand how it's earned in the first place.  I couldn't stand reddit from the start.

computers are NOT safer than good open source hardware wallet.
All modern computers and laptops have hidden spy operating system running all the time, and only way to remove it is maybe with Coreboot or with other open source alternative bios, but that needs flashing chips with raspberry pi.

*sniff*  Goddamn you, dkbit98.  Goddamn you.  *sniff*

[DireWolfM14]

Funny you are saying this because you are already using third party devices like your computer and smartphone that all have closed source hardware components (some even software).
So trusting computer that has much bigger attack vectors than open source hardware wallet....

There are ways to mitigate that.  A computer can easily be used with no connectivity, one can even go as far as disabling the hardware, either physically or via bios settings.  Since neither are connecting to the internet an open-source air-gapped hardware wallet and an air-gapped computer would essentially be the same level of security, but no more or less in my opinion.

All modern computers and laptops have hidden spy operating system running all the time, and only way to remove it is maybe with Coreboot or with other open source alternative bios, but that needs flashing chips with raspberry pi.

Lol, the end is nigh.   

That's what I'm saying, that any wallet with a secure element has the potential for the private keys to be grabbed by a malicious update

That's why you want the firmware to be transparent.  Open-source or otherwise verifiable firmware will be vetted by the general public not long after it's released, so even if you can't verify the code yourself just be patient before you update.  Air-gapped computers and hardware wallets such as the Passport or ColdCard mitigate the risk even further, because you physically have to transfer the data from the air-gapped device to the online PC.  But, regardless of whether it's an air-gapped hardware wallet or not, the only way you're going to protect yourself from being hacked is to always verify transactions on the device before confirming them, and again before broadcasting them.

I'm saying that I'm not likely to trust any HW wallet that has a secure element that can possibly be tapped into by the devs or anyone else, and all of the best-known HW wallets do have one.  That's why I said it's game over for me and storing crypto on any device.  I've come to the realization that they're not really necessary (for me at least).

It's better to have a secure element than not!  If you don't have one, any hacker can create firmware that'll bend you over.  Most reputable hardware wallets have the ability to verify firmware, and I believe that happens in the secure element.  It prevents anyone without the signing key to create an update that will pass verification.  So at the very least, you know the original manufacturer/developer is the only source for verifiable firmware.

I wasn't hatched out of Satan's hellspawn yesterday, you know.

Oh, I didn't think it was yesterday, but I didn't know we were related.

[Pmalek]

I understand what you're saying about how the keys are stored and what Ledger did, but all HW wallets have secure elements, do they not?  Those things I don't know much about except that the HW wallet manufacturer (as you stated) should never be able to access the keys stored in said secure element.

And a lot of pesky redditors were going on about no HW wallets being completely safe now, precisely because they all contain those secure elements, and they were talking about open-source ones like Trezor, Bitbox, and a bunch of others.

Almost all the popular brands have secure elements. Trezor is an exception to that group you mentioned. That's one reason why Trezor suffers from that unfixable seed/pin extraction vulnerability that allows someone to get to your secrets with quite cheap hardware equipment. Obviously, they would have to know what they are doing.

Regarding all hardware wallet with secure elements not being safe anymore is also a point I was trying to make indirectly in the Ledger Recover thread where we discuss the incident. People don't seem or want to see the bigger picture. Hardware wallets were presented as the ultimate long-term storage devices for your keys that prevented remote access. Secure elements were supposed to be impenetrable for regular Joe's. Turns out that neither of that is true. Ledger showed us that with their Ledger Recover feature. A differently coded firmware allows you to send your keys to 3 companies in the world using a combination of Ledger's software and hardware.

They got bashed hard for it, and rightly so. The way I see it is that all manufacturers selling hardware wallets have dishonestly represented their products as having a safe enclosure for your private keys. They don't, so they are all lying. They are all just remaining quiet hoping their community won't start asking, how the hell can private keys be sent via the internet, and why do you and your product even exist?         

[LoyceV]

Too little too late Truely paranoid people (like me) wouldn't have trusted any third party device in the first place.

Funny you are saying this because you are already using third party devices like your computer and smartphone that all have closed source hardware components (some even software).

The difference is how you use it: I don't trust my smartphone, but I use it anyway and make sure I don't risk too much. Hardware wallets were supposed to replace cold storage, which now turns out to be a lie.
Of course, even with cold wallets I need to trust software, but it's a lot easier to be absolutely sure my private keys can't be sent somewhere.

So trusting computer that has much bigger attack vectors than open source hardware wallet.... that doesn't make any sense to me

I never said I trust my computer.

All modern computers and laptops have hidden spy operating system running all the time

You said it: "modern" It's one of the reasons I'm still using my old laptop. The other reason is being lazy.

[dkbit98]

The difference is how you use it: I don't trust my smartphone, but I use it anyway and make sure I don't risk too much. Hardware wallets were supposed to replace cold storage, which now turns out to be a lie.
Of course, even with cold wallets I need to trust software, but it's a lot easier to be absolutely sure my private keys can't be sent somewhere.

How does it turn to be a lie?
If you think about ledger, than you could saw I was warning people to stay away for years, it is closed sourced and I never consider it a real cold storage.
Definition for cold storage is clear, device should not be directly connected with internet or with other device, and airgapped hardware wallets (Passport, Keystone, etc) are doing that exactly.
If you think there are no cold storage hardware wallets, than there is no computer that can be used for cold storage with electrum wallet.

I never said I trust my computer.

But you have to use it with your electrum ''cold'' setup.

You said it: "modern" It's one of the reasons I'm still using my old laptop. The other reason is being lazy.

Than you have different problem, they are all considered insecure and outdated.