Fuck you ledger

[Meuserna]

Ledger's lies turned me off of all HW wallets for the time being

Don't blame all hardware wallets for one company's evils and ineptness.  That's just foolish.  The issue isn't even the companies that make the wallets.  The issue is the trustworthiness of the people at those companies.

The people at Ledger have proven again and again that they cannot be trusted.  It's the people at Ledger who lied to their customers and their users.  It's the people at Ledger who wrote and added key extraction APIs to the firmware for their devices.  It's the people at Ledger who failed to implement or follow safety procedures, a failure which led to their database getting hacked (customer names, email addresses and home addresses were leaked) and it's a failure which led to their code getting hacked (they blame a former employee for cryin' out loud!).  It's the people at Ledger who failed, lied, and proved they cannot be trusted.

The people at Trezor didn't do those things.  The people at ColdCard didn't do those things.  The people at Keystone didn't do those things.  The people at LEDGER did.

Don't blame all hardware wallets for Ledger's evils and ineptness.

That being said, I'm a big believer in fully open source projects like SeedSigner and Krux.  Krux with BlueWallet or Sparrow is a fantastic combo.

[1714649403]

1714649403

[1714649403]

1714649403

[The Sceptical Chymist]

Ledger's lies turned me off of all HW wallets for the time being

Don't blame all hardware wallets for one company's evils and ineptness.  That's just foolish.  The issue isn't even the companies that make the wallets.  The issue is the trustworthiness of the people at those companies.

I try not to be foolish, but again I'm one of those who don't fully understand what goes on under the hood, if you know what I'm saying.  From what I've heard, any HW wallet with a secure element has the potential for the manufacturer to exfiltrate the private keys--if I'm wrong about that, please educate me.  And all of them have some kind of security element in them as a matter of course, too, right?

Also, given what I've said about my knowledge of the internal workings of these devices, nobody ought to follow my lead anywhere.  I've just found that for what little crypto I have I don't need a HW wallet to manage it, and I'm not comfortable with the level of uncertainty I have about them.

That being said, I'm a big believer in fully open source projects like SeedSigner and Krux.  Krux with BlueWallet or Sparrow is a fantastic combo.

Never heard of Krux, but those last two are SW wallets that can be used with HW wallets--am I right about that or not?  If so, and let's say you're using Sparrow with a Ledger, they can still steal/exfiltrate/whatever your private keys regardless, right?  If I've understood everything correctly, you don't have to be using Ledger Live in order for that to happen (again, correct me if I'm wrong, please).

[Meuserna]

I try not to be foolish, but again I'm one of those who don't fully understand what goes on under the hood, if you know what I'm saying.  From what I've heard, any HW wallet with a secure element has the potential for the manufacturer to exfiltrate the private keys--if I'm wrong about that, please educate me.

Any car can crash.  But there's a difference between that and a company building software into their cars that forces them to aim for oncoming traffic.

Surely, you understand the difference.

Ledger is the ONLY company to build key extraction into their firmware.  Ledger fanboys are desperately trying to defend Ledger by saying any company could do the same thing.  BUT THEY HAVEN'T.  Only Ledger did.  Ledger fanboys want you to blame every hardware wallet company for what Ledger did.

Have you ever been on a date with a woman whose last boyfriend cheated on her, so she chooses to treat every man like a cheater?  That's crap, right?

Don't hold Ledger's evil and ineptness against other companies who have done nothing wrong, and who go out of their way to keep their users safe.

That being said, I'm a big believer in fully open source projects like SeedSigner and Krux.  Krux with BlueWallet or Sparrow is a fantastic combo.

Never heard of Krux, but those last two are SW wallets that can be used with HW wallets--am I right about that or not?  If so, and let's say you're using Sparrow with a Ledger, they can still steal/exfiltrate/whatever your private keys regardless, right?

Wrong.

I mentioned SeedSigner and Krux as two hardware wallets I like.  I use Krux with BlueWallet.

When you use an app like BlueWallet or Sparrow with a hardware wallet, you import your main PUBLIC key.  It's usually a zpub (for older wallets, it'll be an xpub).

A zpub "public key" gives the app all of your addresses, but it doesn't contain any of the keys for those addresses.  This creates what's known as a "watch only wallet," which means it can show you everything, but it can't spend or move anything since it doesn't have any of the private keys.

So, when you try to spend Bitcoin in a watch only wallet, you have to get a signature from your hardware wallet, because the hardware wallet has the private keys.  And the cool thing is, when your hardware wallet creates the signature to authorize the transaction, it does this without ever revealing the private keys to the app.  Even better: the signature is only valid for that one transaction, which means a hacker can't steal it and do anything with it.  That's how hardware wallets keep you safe.

The entire point of a hardware wallet is to provide signatures without ever exposing your keys.  Only Ledger built a backdoor into their wallets.

Not trusting any hardware wallet because Ledger is a sack of trash is like saying "Well, I got food poisoning from that Taco truck.  I guess I can't eat food anymore."  Ledger is a bad company.  Don't trust Ledger.  But don't hold Ledger's malpractice against good companies.  That's just foolish.

[o_e_l_e_o]

The people at Trezor didn't do those things.  The people at ColdCard didn't do those things.  The people at Keystone didn't do those things.  The people at LEDGER did.

Ledger are obviously the bottom of the barrel when it comes to hardware wallets, but let's not pretend these other devices are all without flaw. Trezor devices have a seed extraction vulnerability and Trezor cooperates with blockchain analysis. ColdCard and Keystone lie about being open source. Nowhere near as bad as what Ledger have done, but enough to not make me want to use any of their products either.

Ledger fanboys are desperately trying to defend Ledger by saying any company could do the same thing.  BUT THEY HAVEN'T.  Only Ledger did.

I am by no means a Ledger fanboy, but it is a simple statement of fact that any other company could try and do the same thing. There is no inherent property in their devices (if they aren't airgapped) stopping them from doing so - only the trust you have in that company and its developers.

This is why I said above I would only ever use open source and permanently airgapped devices. Open source so you know what code is running on your device, and airgapped so that even if the developers wanted to try to extract your seed phrase as Ledger have done then they wouldn't be able to anyway. I would definitely +1 for SeedSigner (and can't wait for this fork to be fully developed: https://monerosigner.com/). Entirely open source so you know exactly what code is running on your device at all times, and even if there was malicious code on there to try and extract your seed phrase, it couldn't achieve anything anyway because it is permanently airgapped. This is what you want from a hardware wallet.

[Meuserna]

let's not pretend these other devices are all without flaw. Trezor devices have a seed extraction vulnerability

That vulnerability requires the thief to have possession of your physical device along with some very sophisticated equipment in order to hack it, and the hack doesn't affect newer Trezors.

Ledger's key extraction firmware works over the internet, which means a thief doesn't need to steal your physical device.

And Ledger's code was hacked just last week, which is how a hacker stole users coins from their Ledger hardware wallets without needing to steal their physical devices.

It's ridiculous to compare those two things.

The Trezor hack was a proof of concept by white hat hackers who alerted Trezor.

The Ledger hack was proof of incompetence which allowed thieves to steal $600,000 in users coins.

That being said, I'm not saying Trezor, ColdCard, Keystone, etc, are perfect.  I choose not to use them.  But they're not dirty companies.  Ledger has proven themselves to be dishonest and incompetent.  They lie to their users (even their packaging contains a lie right on the box), they leaked their customer database, giving customers names and home addresses to hackers!  And their code has been hacked, allowing thieves to steal $600,000 from users of Ledger hardware.

I am by no means a Ledger fanboy, but it is a simple statement of fact that any other company could try and do the same thing.

Yes, they could.  BUT LEDGER DID.

Ledger is dirty.

This is why I said above I would only ever use open source and permanently airgapped devices.

I do the same thing.

Airgapped.  Stateless.  Open source.  Nothing less, for me.

[o_e_l_e_o]

But they're not dirty companies.

Then we disagree. Funding blockchain analysis and lying about being open source are not honest and trustworthy actions in my book. And again, I'm not comparing these things to the far worse things Ledger have done, but they are more than enough to mean you shouldn't be using their devices either.

[Pmalek]

Ledger can't go fully open source due to the closed-source chips they use in their hardware.  That's why the value of their word matters so much.  And their word is worthless.

Everyone uses closed-source chips in their hardware wallets. That includes open-source wallets like Trezor and Foundation Passport or the source-verifiable Coldcard. What they can do is open-source their firmware. That's the issue and biggest part of their ecosystem that is closed-source. Ledger Live, their native, and 3rd-party crypto apps are open-source. That's how they found that tracking code that is posted all over the place.

If Ledger has never compensated for any user losses in any way before, then why would they do it now?

Because their employee or ex-employee and their code started the shitshow that created the problems and the exploit.

From what I've heard, any HW wallet with a secure element has the potential for the manufacturer to exfiltrate the private keys--if I'm wrong about that, please educate me.

You are not wrong. That's what Ledger's Recover fiasco proved. The companies can, in theory, write code to extract your keys if they wanted to. Ledger did it. The question now is who, if, and when will do it next.

And Ledger's code was hacked just last week, which is how a hacker stole users coins from their Ledger hardware wallets without needing to steal their physical devices.

I think the second part is too simple of an explanation. Coins were drained from both Ledger hardware wallets and software/web wallets that used the vulnerable Ledger Connect Kit. For the drainer to work, the user needed to approve and sign the transaction. It should never have happened, but is still a combination of user error and Ledger failing miserably to secure their code and procedures internally. In some way, you can compare the signing of the malicious transactions to sending your coins to the wrong address or the old Electrum phishing scam that required a user mistake for it to work. Those who noticed the fake Wallet Connect pop-up and didn't sign the blind transaction weren't affected. Sadly, many still were.