IMPORTANT: Ledger ConnectKit Library has been Compromised with a drainer.

[Pmalek]

Yes, I have looked at some alternatives. The problem with all other manufactors is that they only support the AVAX C-Chain via the respective hardware wallet, including Metamask. Staking via Avalanche requires the P-Chain, which is currently only fully supported by Ledger.

OK, I see. I just checked if Ledger offers native support for Avalanche tokens, and they don't. The supported AVAX wallet is the Avalanche wallet, which Trezor doesn't support. That can only mean that it's the Avalanche wallet that offers the needed P-Chain that you are taking advantage of for the staking feature.

[1714759839]

1714759839

[1714759839]

1714759839

[1714759839]

1714759839

[1714759839]

1714759839

[dkbit98]

Yes, I have looked at some alternatives. The problem with all other manufactors is that they only support the AVAX C-Chain via the respective hardware wallet, including Metamask. Staking via Avalanche requires the P-Chain, which is currently only fully supported by Ledger.

They focused so much on working with bunch of shitcoin crap, that they forget about basic security and safety of everything else.
You can't have both in any serious hardware wallet, especially if you have limited work force and they just assemble stuff coming from China.
If someone found a way to exploit ledger-connect, it will find a way to exploit other things connected with shitcoins, like staking for example.
It's a risky gamble combination.

[cygan]

Ledger announced today in a statement that it will reimburse the stolen assets worth around $600,000 to affected users, including victims who do not own a Ledger.
the company also announced that it will develop a solution by june 2024 and ensure that it will always be possible to clearly verify which action or transaction is to be authorized - also known as 'clear signing'


https://nitter.net/Ledger/status/1737457365526470665

[Pmalek]

<Snip>

It's positive news that they are going to compensate the affected users. In other words, it's an admission of guilt without admitting it officially in writing. Lucky for them that it's only $600k and not a bigger sum. I guess I will never see how their clear-sign feature will look like in the future as I have stopped doing any Ledger-related updates long time ago. Ledger will remain a device for my limited altcoin exposure and small amounts of bitcoin, while the rest is elsewhere.

[satscraper]

ensure that it will always be possible to clearly verify which action or transaction is to be authorized - also known as 'clear signing'

Blind signing has always been a vulnerable spot of Ledger's devices at   approval  of  smart contract details the language of which is hard to understand for ordinary human. They could incorporate interpreter into at least their LL app to present  those details pointedly. However, the solution of the problem also rests on displays used by their devices. Only one of their wallets, i.e. Ledger Stax, has the display to present content which fits the human readability.

[Pmalek]

Blind signing has always been a vulnerable spot of Ledger's devices at   approval  of  smart contract details the language of which is hard to understand for ordinary human. They could incorporate interpreter into at least their LL app to present  those details pointedly. However, the solution of the problem also rests on displays used by their devices. Only one of their wallets, i.e. Ledger Stax, has the display to present content which fits the human readability.

This is not an advertisement of this particular wallet, but I read that the Rabby DeFi wallet proved itself to be a good choice because of its signing mechanism. The pop-up that the wallet displays shows what you are signing and what affect it will have on your balance once the contract is signed. Rabby also has some sort of transaction screening system where it tries to find out if the contract presents a vulnerability for the signer. It then tells you what the results of the screening are. Apparently, the wallet warned the users that signing the transaction contract would drain all the funds from the address.

Some more info below
https://medium.com/@rabby_io/rabby-release-announcement-564406988e2b

[m2017]

<Snip>

It's positive news that they are going to compensate the affected users. In other words, it's an admission of guilt without admitting it officially in writing. Lucky for them that it's only $600k and not a bigger sum. I guess I will never see how their clear-sign feature will look like in the future as I have stopped doing any Ledger-related updates long time ago. Ledger will remain a device for my limited altcoin exposure and small amounts of bitcoin, while the rest is elsewhere.

Ledger had no choice but to return promise to return the stolen money. If with their previous fackups everything was limited to the theft of personal data and other things, that is, not directly the money of the ledger device owners, then this time it was money worth $600k that was stolen. It turns out like this: the wallet should ensure the safety of money, but here there was a loss of money, and through the fault of this company and their former (really former?) employee. Here, like it or not, in order to avoid reputational losses (which are a common occurrence for ledgeryou will be forced to return the money. Otherwise, the victims would have raised such a whine that the company would have only gotten worse. I saw information that ledger contacted the management of Tether which (sort of) froze the stolen USDT.

The return of stolen money to the victims by the ledger should not be regarded as a heroic act. This is their direct responsibility, as the culprits of what happened.

[nelson4lov]

This is not an advertisement of this particular wallet, but I read that the Rabby DeFi wallet proved itself to be a good choice because of its signing mechanism. The pop-up that the wallet displays shows what you are signing and what affect it will have on your balance once the contract is signed. Rabby also has some sort of transaction screening system where it tries to find out if the contract presents a vulnerability for the signer. It then tells you what the results of the screening are. Apparently, the wallet warned the users that signing the transaction contract would drain all the funds from the address.

Some more info below
https://medium.com/@rabby_io/rabby-release-announcement-564406988e2b

Seconded. Apparently, Rabby wallet has proven to be the best Web3 wallet. It is even better than Metamask in that it has one of the best UI and UX (if not the best in the industry). It was created by the guys at Debank DeFi and it is easily becoming one of the most used wallets as well. The feature you mentioned is their simulation feature. It shows a possible results from signing of a transaction so that the user so they can make an informed decision whether or not they want to go ahead with it.

It's really good stuff and I enjoy using since it has one of the best wallet security out of the box.