Fuck you ledger

[o_e_l_e_o]

Ledger keeps repeating that "all hardware wallets require trust" and people get lost in this because while on one hand it's true to some degree, not every wallet requires as much trust as one that's closed source which also has the ability via firmware to split and send seeds through your USB/Bluetooth connection, through your PC and then stored elsewhere.

Compare Ledger - closed source, connects to an internet enabled device, has the ability to send your seed phrase across the internet - to something like a Passport - open source, completely airgapped, communicates with QR codes - and the difference is stark. The difference in the amount of trust required, and the amount of independent verification which is possible, is astronomical.

It's like saying "all software wallets require trust" when comparing something like airgapped open source Sparrow wallet, to hot closed source Trust wallet. There is simply no comparison, and anyone claiming they are in any way similar is either naive or malicious.

"Oh but the shards are encrypted!" This only sounds good until you realize that Ledger themselves say that any device can restore the shards. So the encryption keys are either specific to ledger Hardware (meaning anybody with a Ledger has them) or they're stored at Ledger headquarters (meaning they have them and you have to hope they aren't leaked the way all those addresses and emails were). Any way you slice this it's frightening.

The key is common to all Ledger devices, and therefore the encryption is utterly useless: https://bitcointalk.org/index.php?topic=5452900.msg62453002#msg62453002

[1714748685]

1714748685

[1714748685]

1714748685

[1714748685]

1714748685

[NotATether]

Anybody who says you have to use the buttons to confirm actions is assuming that to be true.  Since Ledger's code is closed, no one but Ledger knows for sure what their code actually does.  Even Ledger admitted they can't prove their code doesn't have any backdoors.  They lied, saying "...because you can't disprove a negative," but that's nonsense.  Ledger can't prove their code doesn't have backdoors because Ledger's code isn't open.

Why don't they just open-source their firmware, at least with a restrictive license if they are not comfortable with unlimited freedoms of MIT or GPL or similar. That is the quickest way to dispel any fears that there is a backdoor in Ledger source code. But of course, they won't do that, so it's best to avoid any kind of wallet - hardware or software - where its operation cannot be independently verified.

[Meuserna]

Why don't they just open-source their firmware, at least with a restrictive license if they are not comfortable with unlimited freedoms of MIT or GPL or similar. That is the quickest way to dispel any fears that there is a backdoor in Ledger source code. But of course, they won't do that, so it's best to avoid any kind of wallet - hardware or software - where its operation cannot be independently verified.

Perhaps there are things in the firmware they don't want anyone to know.  They've been talking about making their code open source, but they're also lying about what "open source" actually means.  In other words, they want to use the phrase Open Source while keeping some of their code closed...  which just raises more questions about what they're hiding.

Ledger is dirty.

[BlackHatCoiner]

Sorry, but I'm quite confused as I never owned a Ledger. Isn't it a hardware wallet? Doesn't that mean it cannot connect to any network except the computer that you'll plug it into? Doesn't that mean that the only manner to expose your private keys is by establishing a connection with their servers once you plug it into your PC and by sending your private keys to their server?

Does it require downloading closed-source Ledger software as well for it to work? Sounds pretty fucked up situation.

[seek3r]

Sorry, but I'm quite confused as I never owned a Ledger. Isn't it a hardware wallet? Doesn't that mean it cannot connect to any network except the computer that you'll plug it into? Doesn't that mean that the only manner to expose your private keys is by establishing a connection with their servers once you plug it into your PC and by sending your private keys to their server?

Does it require downloading closed-source Ledger software as well for it to work? Sounds pretty fucked up situation.

Nah you are right. Its a hardware wallet which integrates with their software Ledger Live. All firmware updates are handled over Ledger Live. And since its closed-source no one knew that there is or was a "backdoor" to extract the mnemonic phrase of your device.
Yesterday they launched their service called Ledger Recovery which caused the drama. The thread about it was already mentioned here but I recommend reading it: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

[1980sFuture]

Ledger keeps repeating that "all hardware wallets require trust" and people get lost in this because while on one hand it's true to some degree, not every wallet requires as much trust as one that's closed source which also has the ability via firmware to split and send seeds through your USB/Bluetooth connection, through your PC and then stored elsewhere.

Compare Ledger - closed source, connects to an internet enabled device, has the ability to send your seed phrase across the internet - to something like a Passport - open source, completely airgapped, communicates with QR codes - and the difference is stark. The difference in the amount of trust required, and the amount of independent verification which is possible, is astronomical.

It's like saying "all software wallets require trust" when comparing something like airgapped open source Sparrow wallet, to hot closed source Trust wallet. There is simply no comparison, and anyone claiming they are in any way similar is either naive or malicious.

This is it right here. And the communication from Ledger so far has been particularly gaslighty where as they're trying to (and successfully have done so if you read the Reddit threads) make people equate the level of trust needed to feel safe with Ledger Recover with trusting any other hardware wallet to simply generate and store your seed. It's gaslighting and obfuscation. Trying to make people seem paranoid for questioning this since "every wallet needs trust bro what's the big deal?!"

Doesn't that mean it cannot connect to any network except the computer that you'll plug it into? Doesn't that mean that the only manner to expose your private keys is by establishing a connection with their servers once you plug it into your PC and by sending your private keys to their server?

A hardware wallet doesn't (shouldn't) need to connect to any manufacturer servers in order to work. You can use a Ledger with Electrum as well just as easily. You need to use Ledgers software in order to get coin-specific apps onto the device as well as firmware updates but once that's done there no need to ever touch their software again until it's time to update firmware.

The problem(s) here is that:

1. Their firmware is closed source so nobody has any way of knowing what the firmware is doing.

2. They've introduced a recovery service which places on your device code that makes it possible to extract your seed, shard it and have it sent through your computer to other custodial servers. This is being sold as a feature but is fraught with danger and is an absolutely horrid idea for dozens of reasons that have already been covered.

3. For all we know the actual code that enables this ability could've been rolled into previous firmware versions either as a placeholder or as a test. So it may technically already be there and there's literally no way of knowing because it's closed source. Saying "I just won't update then" isn't enough to be sure.

4. The idea that firmware can allow the secure element to reveal the seed really is a non-issue and is being used to obfuscate the issue by Ledger when they say "any hardware wallet can technically spit the seed out if firmware tells it to" - yes but they're not sending your keys through your PC which may or may not be malware infected, outward across the internet to 3rd parties which you now have to trust. However this did highlight the deep misunderstanding many people had about how hardware wallets actually work - this was due in part to most people being uneducated on the technicalities and also Ledger's fault for constantly using the wording that your seed could never leave the device. Now it's "oh well of course they can you should've known that but only if our firmware allows it which now it does"

5. Another point that has been stated to death but needs to be repeated is that the idea of "if you don't opt in what's the problem?!" is misleading because there is nothing permanent in the hardware that stops the need for a button press to allow key extraction from being removed in a firmware update. So technically - Ledger could force you into this through a firmware update and extract your keys without you doing a single thing. The ability is there. Even if today you had to press buttons to allow the recovery service there's nothing that prevents them from removing that requirement in the future. Or perhaps it's already removed and the button press is just theatre to make you think it's necessary. You can't know because they're closed source. "Trust me bro!".

[Pmalek]

The key issue here is that even if at this point you do need a physical button press to confirm/deny a Tx or seed sharding, there's is nothing inherent in the architecture of Ledgers hardware that restricts the device to operating this way forever. The required button presses are a firmware update away from not being needed at all. Which means that change could be made with or without your knowledge. "We promise we won't" Back to trust me bro.

There are two possibilities here, both rely on trust. You can either have trust that the old firmware still makes physical button presses mandatory to the process, and that the option to bypass button presses doesn't exist in the old firmware versions. Or you can trust Ledger that their new code changes will never allow for the possibility to bypass button presses. The third option I didn't mention is completely abandoning Ledger HWs. 

Sorry, but I'm quite confused as I never owned a Ledger. Isn't it a hardware wallet? Doesn't that mean it cannot connect to any network except the computer that you'll plug it into?

Ledger has reveled something we initially thought was impossible because that's what we were told. And that's the way secure element chips function. In earlier years it was said that no sensitive data can even leave the chips. We know now that it isn't true. It can if the software tells it to. 

[shahzadafzal]

I really concerned from the last changes oof ledger and their narratives about they can get your private key  , in addition to they always update software because of their shitcoins ,I finally  moved my fund from ledger wallet to software  cold wallet and learned how to deal with cold wallet and transfer  transactions  partial signing  online and then signing offline and broadcast it 😏 , and   learned some coin control and going to learn some privacy coinjoin , it work so  great , why they don't tell us about cold wallet from begining instead of wasting our money on a fucking signing device ,really I enjoyed the experiment and fuck you ledger ,🖕,, and I want to thank you Gus because you helped me so match

Impressed... and I 100% agree with you, although I've never used Ledger. However, I've always been skeptical about hardware wallets, especially when they announced changes and narratives regarding private key security.

It's better to be vigilant when it comes to the safety of our online assets.

It's good to hear that you've switched to an offline software wallet. We should too. Also, the approach you've adopted, like partial signing online and then signing offline and broadcasting it, is something I wasn't aware of.

I think I need to explore these concepts too, especially this privacy coinjoin, as it adds an extra layer of privacy to your transactions. It's an excellent way to take control of your online privacy in this crypto world.

I've always believed that offline software wallets are not only secure but also cost-effective. If managed correctly, cold wallets can offer the same level of security, or maybe sometimes even surpass hardware wallets.

Well, thanks for sharing your experience.

[1980sFuture]

Ledger has reveled something we initially thought was impossible because that's what we were told. And that's the way secure element chips function.

Just in the spirit of clarity here, I think while it's important to note that although Ledger's communication has been terrible and their marketing repeated this notion - the belief that a secure element could never reveal private keys in any form regardless of what firmware was thrown at it was and has always been incorrect. This was known long before Recover was ever announced. It's how hardware wallets work. Access to the private keys MUST be granted in order to sign anything. The concept of a HW wallet that can both sign a Tx and have ZERO access to the privkeys ever is possible in theory but not in practice as this would mean you would never realistically be able to update the wallet ever. No bugs could be patched etc. It's not practical. Forgive my inability to explain the technical details of this as I'll leave that to people smarter than me but this is how it was explained to me.

So the fact that your wallet can spit out your keys if the firmware allows it is NOT what the problem here is and I think it's very important to understand this in order to combat the gaslighting coming from Ledger. Coldcard will reveal your keys in plain text on the device as well as export them in encrypted form via SD card for a backup if you like. This in no way makes the secure elements or the wallet less secure, those are simply features of the device that are baked into the firmware. (You can always lock down the seed of you like to remove this feature of course but all of it is locked behind a pincode anyways) The crucial differences here are 1) you know exactly what the device is doing and 2) the keys if revealed are only being shown to you and you alone, they're not being sent anywhere. You can either see them on the device or you can export them encrypted on an SD. And 3) you were never led to believe this was impossible with fancy marketing that led you into a false sense of what the hardware was actually capable of. Ledger was deliberately misleading in their marketing at times even stating that "Not even a firmware update could extract your keys" when this was blatantly false. So when people who didn't know better learned that this was actually technically possible they lost it - but they lost it for the wrong reasons! The REAL reason this should worry people is that the process of extracting keys involves so much 3rd party trust and involves those keys being sent through your computer over the internet. That is what should frighten people, not that a SE can spit out a seed if it's told to.

[Meuserna]

Just in the spirit of clarity here, I think while it's important to note that although Ledger's communication has been terrible and their marketing repeated this notion - the belief that a secure element could never reveal private keys in any form regardless of what firmware was thrown at it was and has always been incorrect.

But it's what Ledger had been telling us since day one:

"Your keys are always stored on your device and never leave it"

btchip, Ledger Co-Founder

"Hi - your private keys **never** leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards.  A firmware update cannot extract the private keys from the Secure Element."

@Ledger on Twitter

"Private data, such as your private keys will be protected and never leave the device due to the combination of BOLOS and the Secure Element."

"The secret keys or seed are never exposed to the BLE stack and never, ever leave the Secure Element."

"While Ledger is using a dual chip system with an MCU as well, the important part is that your private keys remain inside the Secure Element."

"This means that, beyond keeping your private key offline and away from hackers, the Ledger device itself is also completely impenetrable from external threats"

Lies, lies, lies.

Ledger Lies.

[BlackHatCoiner]

A hardware wallet doesn't (shouldn't) need to connect to any manufacturer servers in order to work.

Exactly, and it should be completely open-source. It might even work completely airgapped, but if the firmware used is closed-source, then you can't know if the company can access your funds. Flawed RNG or malicious code inside cryptographic libraries can grant them total access, and you can't prove anything.

I don't know Ledger, but I know they were never open-source to begin with. We should trust nobody who claims to be in favor of privacy and security without complete software transparency. Period.

[1980sFuture]

Just in the spirit of clarity here, I think while it's important to note that although Ledger's communication has been terrible and their marketing repeated this notion - the belief that a secure element could never reveal private keys in any form regardless of what firmware was thrown at it was and has always been incorrect.

But it's what Ledger had been telling us since day one:

Exactly. And people that didn't know better believed it. The rest knew that what this really meant was with an asterisk attached: "*so long as no firmware commands it". I don't fault people for taking it verbatim, most users had no reason to question the wording or dig any deeper. But the truth is there was never anything so magical about Ledger hardware which prevented firmware from extracting the seed. So prior to Recover - all you had to do was trust that Ledger wasn't going to maliciously backdoor their firmware to swipe your seed. This is less ideal than an open source or source verifiable hardware wallet - but still within the scope of what many people are willing to tolerate.

When Ledger announced recover, they did 2 things:
1. They alerted people who thought otherwise that this was even possible to begin with. So that was a scare to many but not to others.
2. They alerted people who already knew this would be technically possible (but insane to implement) that they were actually going to do such a thing. This is the bigger red flag. Not that it was possible, but that they were actually building something like this into future firmware.

My main point here is what Ledger is now doing is using this fact (which is now more common knowledge than it was prior to the Recover announcement) to liken trusting their Recover service to trusting any other hardware wallet. "You have to trust any hardware wallet so what's the big deal if we have Recover firmware?" as if trusting Recover is the same as trusting any SE. Levels of trust are not all equal but Ledger is gaslighting people into thinking the recover mechanism requires the same level of trust as any hardware wallet and that's so false. They're using this false equivalence trickery to calm the waters and it seems to be working, sadly.  

[Pmalek]

Also, the approach you've adopted, like partial signing online and then signing offline and broadcasting it, is something I wasn't aware of.

That's a mistake. It isn't partial offline signing. It's a normal (full) signature on an offline machine which is later exported as a file or QR code to be broadcasted on a device with internet connection. If the signing keys are exclusive to the offline wallet and we aren't discussing a multi-sig wallet, the whole signing process takes place offline.

Access to the private keys MUST be granted in order to sign anything.

Yes, of course. No one is questioning that. But the narrative was that the keys can never leave, aka be exported from the secure element. And turned out to be false.

Exactly. And people that didn't know better believed it. The rest knew that what this really meant was with an asterisk attached: "*so long as no firmware commands it".

I don't know about that. I don't remember seeing a discussion with people who knew key extraction was possible before Ledger told us it is. Not on Bitcointalk at least. If such a thread exists, someone please point me to it. 

[The Cryptovator]

I had been using Ledger for a few years. But due to their FUCKING system, I am going to move to another hardware wallet. Right now, I am searching and comparing the best wallets. I am afraid lately to store a larger amount in the ledger. Even though the community wants open-source software, they still don't care. Rather, they launched a seed recovery service, which is the worst thing in crypto.

[Meuserna]

I had been using Ledger for a few years. But due to their FUCKING system, I am going to move to another hardware wallet. Right now, I am searching and comparing the best wallets. I am afraid lately to store a larger amount in the ledger. Even though the community wants open-source software, they still don't care. Rather, they launched a seed recovery service, which is the worst thing in crypto.

Good for you!  Ledger is a terrible company and their hardware cannot be trusted anymore.  I stopped using mine the day they announced their key extraction firmware.  I didn't move my coins right away though.  I did what you're doing.  I started searching for my next hardware wallet.

In my opinion, there is no such thing as the best hardware wallet.  Which one is the best will come down to your own wants, needs and abilities.  For example, Trezor is great for somebody who wants easy to use hardware with a user friendly companion app.  ColdCard is great for somebody who wants top notch security and is willing to deal with a device that isn't as user friendly.  SeedSigner is a great choice for somebody who is willing to do some DIY and doesn't want to be tied to a company that could go rogue or turn evil, like Ledger did.  SeedSigner is totally open source software that runs on off the shelf parts (a Raspberry Pi Zero).

I'm a huge fan of a project called Krux, which is fully open source.  Here's my review with lots of images.  Krux is like a deluxe SeedSigner that runs on off the shelf hardware.  You can buy a Maix Amigo for less than $60 and install Krux on it.  The Amigo is awesome because it has a camera and a large touchscreen, which makes using it REALLY easy, but even better, it means the device clearly shows you everything, including full addresses, etc, so confirming things is easy.  Krux is particularly good for anyone who uses singlesig with a passphrase, or multisig.  Krux is airgapped, but even better, Krux can save encrypted QR codes, so even if somebody were to find your QR code they wouldn't be able to read it (or even know what it is, other than a QR code).  Seriously, the folks working on Krux are doing amazing things in my opinion, and they're doing all of this while keeping Krux incredibly easy to use with a simple but intuitive UI.  Like I said, I'm a huge fan.

Here's a picture of an Amigo next to an old iPhone 4, for comparison.  To be clear, it doesn't run on an iPhone.  I'm just using an iPhone in this image next to an Amigo so you can see the size of the device:



And here's a pic of the Krux startup screen.  Super-simple and intuitive:



For me, Krux on a Maix Amigo with Sparrow or BlueWallet are a killer combo.

[satscraper]

I'm a huge fan of a project called Krux,

Little did bitcoiners know which  is the fully creditable wallet,  theywould buy it.

You like Krux, I'm fond of Passport , the others prefer something else but all of us have in common their attitude to Ledger which  has  gained a reputation for being a company which pissed of customers.  

BTW, what advantages u see in Krux  when comparing it , let'us say, with  Jade?

[Meuserna]

BTW, what advantages u see in Krux  when comparing it , let'us say, with  Jade?

Krux makes it ridiculously easy to use passphrases.  And when I say "passphrases," I mean strong passphrases.  My passphrases are 40 characters minimum, always using words and spaces with punctuation where appropriate.  I have three passphrases for my seed.  The first is for work.  The second is for personal savings.  The third is for testing.  Krux makes it so easy to use strong passphrases.

I've never found any other hardware wallet that makes entering and using strong passphrases so quick and easy.  You don't have to type them on the device or in a companion app.  You CAN, but you don't have to.  Instead, you can save your passphrase as a QR code to scan.

Here's how quick and easy it is to use Krux:

Turn on the device.
1: I scan the QR code with my seed.
2: My seed's QR is encrypted, so I scan the QR with the decryption password.
3: Scan the QR code with my passphrase.
Done.

Three quick scans.

I love that the device is airgapped and saves none of my info.  When I shut down, my seed & passphrase are erased.  And since the device isn't crypto related (it's a Maix Amigo), it doesn't call attention to itself as a Bitcoin thing.  The UI is really great, and it's a breeze to use on that large touchscreen.

Wallets that make using passphrases inconvenient are one of my major complaints.  So many wallets force you to type the passphrase every time, which encourages people to use terrible passphrases that are short and easy to crack, or worse, they make it so inconvenient that people don't use passphrases at all.  Or even worse than that, they make the process confusing and complicated.  Ugh.  No wonder so few people understand what passphrases are and how to use them properly.  Krux makes it easy.

[satscraper]

BTW, what advantages u see in Krux  when comparing it , let'us say, with  Jade?

Krux makes it ridiculously easy to use passphrases.  And when I say "passphrases," I mean strong passphrases.  My passphrases are 40 characters minimum, always using words and spaces with punctuation where appropriate.  

40 characters minimum is overkill, IMHO. Passphrase is exclusively for saving you stash in the case you SEED comes to the notice of someone else. The length of  passphrase will be irrelevant  If user puts SEED away safely.

However everyone  is free to use the passphrase of any length (ranging from zero to n) which is comfortable for him, thus I don't think that Jade compares poorly Krux in the passphrase regard.

What else?

[Meuserna]

40 characters minimum is overkill, IMHO.

Owning Bitcoin means being your own bank.  Only you can decide how important your security is to you.

I'm a firm believer in using a 24 word seed, written on paper and backed up on metal, secured in 2 locations only I have access to, plus an 8 word passphrase also secured twice.

EDITED to add: My view is that I need to secure my Bitcoin as if Bitcoin's price is $1 million, because someday it will be.  The way to make sure I still have coins when that day comes is to have that level of security now.  And since it's so easy to do, I do it.

[PrivacyG]

I am wondering how long this will take before some body files a lawsuit against Ledger for lying to their customers about the Secure Element and how it was impossible to breach their top notch security.

Will agree with the others here who say the best option is airgapped computer.  While Ledger, Trezor and other Hardware Wallet producers can dispatch a malicious firmware, Bitcoin Core will not get an official malicious version.  If it does get one then we will get a non malicious version right the next minute.

So whoever wants to keep their crypto now should boycott Ledger as well as Trezor.

I do get the hate for Ledger but I do not understand why there is some hate here for Trezor too.  Other than their Seed extraction vulnerability and the possibility of pushing a malicious version of firmware or Trezor Suite.  Is there any thing I might have missed?

God.  It is so depressive to look at how things were years ago versus now.  We are looking at every body we used to love jumping in the wagon of Surveillance and lack of Privacy when years ago it was all the love in the world for these people.