Ledger Live Update and Firmware Update?

[jerry0]

Have a nano ledger s plus.  Months ago, I noticed there was a nano ledger s plus firmware but I did not have a chance to do it.  I am on version 1.1.0 and months ago version 1.1.1 came out.  I was planning to update it but did not get a chance.  I now notice version 1.1.2 is out.


I was using an older version of ledger live for a few months and did the ledger live update from the message you get on the top right.  I'm now on ledger live 2.85.1.  When I did this, I notice that it tells me to update to OS 1.1.2?  Can someone explain to me why it will show that?  So ledger live knows my firmware on my nano ledger s plus is old and out of date?  I did not connect my nano ledger s plus during this time when I just did the ledger live update.  I recall you always update the ledger live first before you go and update the ledger firmware.


Now when I check ledger live update, it seems to say ledger live 2.85 has issues and to revert back to 2.84 below?  I believe I was using ledger live 2.65 or so before I did this update so I didn't go from one update to the next update etc.  


https://support.ledger.com/article/Issues-installing-apps-after-updating-to-Ledger-Live-2-85



I am planning on connecting my nano ledger s plus to my laptop to update the firmware from 1.1.0 to 1.1.2 but now should I delete ledger live first because there seems to be issues with ledger live 2.85?  I'm using 2.85.1 though?



Are there any issues with ledger live 2.85.1 at the moment?  Is it fine to just do a firmware update with the nano ledger s plus or revert back to ledger live 2.84 first?  Could I even do this?  I went from ledger live 2.65 or so to 2.85.1?

[jerry0]

Can anyone here confirm version 2.85.1 is working fine?  Why does it show a message that says my firmware is out of date if I didn't connect my ledger to it?


I have to update my nano ledger s plus to it as I have to update the firmware from 1.1.0 to 1.1.2.  I didn't do the 1.1.1 update a while back and then a new 1.1.2 came out.

[NeuroticFish]

Can anyone here confirm

Hello jerry0, I hope that you are ok.

Sadly for you, it may be rather difficult to find people on this forum who are still using Ledger for real.

After they've announced their "great feature" that they can retrieve the seed off the Ledger devices, we, here, have lost all the remaining faith in them (it was not much tbh after their previous mistakes) and switched to... pretty much anything else.

[Meuserna]

Can anyone here confirm version 2.85.1 is working fine?

Even when it's working, Ledger Live isn't safe.  Ledger Live tracks everything you do and the coins you have:

"Ledger Live is phoning out data on assets you hold in your hardware wallet the moment you access Ledger Live. It’s also sending out tons of other information about your computer and device."

The app apparently transmits data to an external endpoint at “https://api.segment.io/v1/t”, identified as an outsourced data collection service.

--BitcoinNews.com

I have to update my nano ledger s plus to it as I have to update the firmware from 1.1.0 to 1.1.2.  I didn't do the 1.1.1 update a while back and then a new 1.1.2 came out.

Your Nano S has firmware on it that allows Ledger and other companies to extract your keys over the internet.  You're most likely safe in the short term (though even Ledger admitted they can't prove their code doesn't have backdoors), but I strongly encourage you to switch to a safe hardware wallet.  And since there's no way to prove your keys never left your device, you should start over with a new seed on the new device & move your coins there (nothing can be proven to be safe on a Ledger since their code isn't open).

Look for a hardware wallet that is fully open source.  Open source code is published, which means the company can't hide anything sketchy or downright malicious in it.  For example, Ledger probably had key extraction code in their firmware long before it was outed in spring 2023, but since their code isn't open there's no way to know.

Best bets:  Trezor or ColdCard are excellent and open source.  Or better yet, go DIY with SeedSigner or Krux.

[jerry0]

When I log into ledger live now and the version 2.85.1, it does say verion 1.1.2 is the latest OS.  Well that is the latest firmware for the nano ledger s plus.  So did it recognize that I last connected a nano ledger s plus to it?  Does it mean the latest OS is 1.1.2 for the nano ledger s plus even if say I somehow had did a firmware update somewhere else though?  I'm still using firmware 1.1.0.


I want to stick with ledger because I used it for a while.

[SFR10]

Why does it show a message that says my firmware is out of date if I didn't connect my ledger to it?

So did it recognize that I last connected a nano ledger s plus to it?

Yes, it has retained that data from the last time you connected your device to one of Ledger Live's previous versions ^{[the same behavior also exists on Trezor Suite, so I'm pretty sure that's the norm]}.

Does it mean the latest OS is 1.1.2 for the nano ledger s plus even if say I somehow had did a firmware update somewhere else though?  I'm still using firmware 1.1.0.

Can you clarify the second part of the question?

I want to stick with ledger because I used it for a while.

Are you going to say the same thing after losing all your assets?
^{- I hope it never happens, but still...}

[ABCbits]

Edit 2025: Today i notice this user create 5 threads within 36 minute interval.




It seems OP is back to re-ask similar question. To other reader, you might want to read his other thread first,
Nano Ledger S Plus Firmware and Ledger Live Update?, November 29, 2023, 04:47:33 AM
Ledger Live Update?, August 29, 2023, 07:09:55 AM
Ledger Live Update?, July 15, 2023, 06:02:05 AM
Ledger Live Update?, September 03, 2022, 07:45:22 PM
Ledger Firmware Update?, November 11, 2021, 07:26:45 PM
Ledger Live Update, October 30, 2021, 05:43:11 PM
Firmware Update Questions, May 14, 2021, 05:25:03 AM
Ledger Live Update, November 22, 2020, 12:25:51 AM
How often Does Nano Ledger Have a Firmware Update? , October 19, 2020, 07:40:26 PM

Someone even made thread about his behavior on jerry0 case.

Are there any issues with ledger live 2.85.1 at the moment?  Is it fine to just do a firmware update with the nano ledger s plus or revert back to ledger live 2.84 first?  Could I even do this?  I went from ledger live 2.65 or so to 2.85.1?

I'm not sure whether 2.85.1 fixed that problem, since release message for on 2.85.1[1] doesn't mention anything about fixing the issue. But the support page shows the problem have been fixed around date of version 2.85.1 released[2]. You could try install older version from Ledger Live GitHub release page[3], but you can't stop it's auto-update feature[4].

[1] https://github.com/LedgerHQ/ledger-live/releases/tag/%40ledgerhq%2Flive-desktop%402.85.1
[2] https://support.ledger.com/article/Issues-installing-apps-after-updating-to-Ledger-Live-2-85
[3] https://github.com/LedgerHQ/ledger-live/releases
[4] https://support.ledger.com/article/4410960111889-zd

[jerry0]

Do you know or anyone know why after the ledger live update to 2.85.1, it shows


OS 1.1.2 is the latest version


So that would mean ledger live last recognized I connected a nano ledger s plus to it then?  So if someone had a nano ledger s plus and an X, what would it show then for the latest OS version?  Would it be the last ledger device whether the s plus or the X then that was last connected to ledger live?



I did not connect the nano ledger s plus to my laptop during the whole ledger live update. 


So that would mean ledger live recognizes the last device I connected to it was nano ledger s plus?  But what if someone uses and s plus and an X then?

[Pmalek]

SFR10 already answered your question. For once in your stay on Bitcointalk, can you please read and understand it? When you connected your hardware wallet the last time, the software must have noticed that you are running an older firmware. That's why you are seeing those notifications. The last Nano S Plus firmware version is 1.1.2. Upgrade to it or not, your call. I wouldn't perform any upgrades on a Ledger ever again. We have no way of knowing when the seed extraction vulnerability was added in the code, but we know that Ledger (with or without your help) can extract your seed and share it with multiple 3rd-party companies over the internet.

If you were to connect a different Ledger model to your Ledger Live, the software would pick up its firmware version and suggest the same thing it did for your Nano S Plus if there is a new update available. Test it if you are curious. If you don't have other Ledger models, then there is no point in worrying about what would happen in such a situation.

[jerry0]

Okay but anyone that is using a nano ledger s plus, you should upgrade to the latest firmware right?


But you are saying some people are still using old ledger firmware because of how ledger has been with the news from a while back?


To people that have a nano ledger s plus or x, are you using the updated firmware?  Doesn't seem like a good idea to not update the firmware because if you use a very old one, you might have issues like how people are stuck with old firmware for their nano ledger s and have issues with that updating it later on because the firmware is very old?

[Meuserna]

Okay but anyone that is using a nano ledger s plus, you should upgrade to the latest firmware right?

I would NOT trust Ledger firmware.  I was a Ledger user.  I stopped updating my firmware the day their key extraction firmware code was outed.

But you are saying some people are still using old ledger firmware because of how ledger has been with the news from a while back?

It's not that Ledger has been "in the news."  Please understand what Ledger has done.  Ledger added the ability to suck your keys out of your device and send them to Ledger and other companies.  If what I just said doesn't scare you, you don't understand what hardware wallets do and you probably shouldn't be using one, and you should buy Bitcoin ETFs instead.  The entire point of a hardware wallet is to give you the ability to sign transactions on a device that can't be reached over the internet, thus keeping you safely out of reach for hackers. 

By giving your device the ability to be reached over the internet, Ledger made your device unsafe.  Period.

Anyone who says otherwise or makes excuses for what Ledger did is someone you should not trust.  Period.

To people that have a nano ledger s plus or x, are you using the updated firmware?  Doesn't seem like a good idea to not update the firmware because if you use a very old one, you might have issues like how people are stuck with old firmware for their nano ledger s and have issues with that updating it later on because the firmware is very old?

It isn't a good idea to use any firmware that contains key extraction APIs.  Period.

The more you look for reasons why this doesn't matter, the more you set yourself up for disaster in the future.

Owning Bitcoin means being your own bank.  Using a Ledger means the keys to your bank aren't truly safe anymore.  And by the way, this isn't an issue with other hardware wallets.  ONLY LEDGER added key extraction to their firmware (which is especially bad since their firmware isn't open source.  Not open source means you can't prove what's in their firmware, and since they've admitted their firmware has key extraction APIs and they're selling key extraction as a "service"  ...I'm sorry, but you've got to be crazy if you understand this yet stick with them anyway).

My advice to you: Make a commitment to yourself to stop using Ledger hardware by the end of the year, or if this stuff is too complicated to understand, stop buying Bitcoin and buy Bitcoin ETFs instead.

[NotATether]

Okay but anyone that is using a nano ledger s plus, you should upgrade to the latest firmware right?

I would NOT trust Ledger firmware.  I was a Ledger user.  I stopped updating my firmware the day their key extraction firmware code was outed.

The thing is, this is a flaw in the hardware, so you are actually dealing with a lose-lose situation. First of all, as we all know, the firmware could potentially perform key extraction. But also, the second thing is, by not updating your firmware, you have now exposed your device to other (potentially serious) security flaws that might be discovered and patched.

The best thing to do here I guess would be to not to use Ledger devices at all.

[jerry0]

I get what you mean with your posts.  The thing is I learned how to use ledger a while back and I got used to it.  So I prefer to stick with it.  Me using something else like trezor or something else would be completely new.



The nano ledger s plus firmware 1.1.0 software that I am using is after the nano ledger news right with the recovery?  I remember doing 1 firmware update with it I believe.



So if I still want to continue using nano ledger s plus, would you recommend against doing the firmware update from 1.1.0 to 1.1.2?  The thing is I don't want an issue where I have issues with it later on if the firmware is too old to do an update.  When you do send and receive on your ledger, wouldn't you want your firmware to be up to date?   The other thing is if something was to happen with ledger and the backdoor, wouldn't this be the biggest news ever if they have backdoor to everyone's key?  So very few people here are still using their ledger?  From reading online, I would have thought it was an overreaction to it

[Meuserna]

I get what you mean with your posts.  The thing is I learned how to use ledger a while back and I got used to it.  So I prefer to stick with it.  Me using something else like trezor or something else would be completely new.

Don't think about what you prefer.  Think about safety.

The nano ledger s plus firmware 1.1.0 software that I am using is after the nano ledger news right with the recovery?  I remember doing 1 firmware update with it I believe.

Ledger's firmware is not open.

I stopped updating my Ledger firmware while it still predated Ledger Recover, but since Ledger's firmware isn't fully open source, there was no way to PROVE the firmware didn't already have key extraction capability baked into its code..  That was in spring 2023.  Here's what I did:

#1: I stopped using my Ledger immediately.  Can't prove it's safe?  Won't use it.

#2: I made a commitment to myself to start over with a new hardware wallet by the end of the year.

#3: I spent the next few months learning, so I could make the best decision possible.  And then I switched.

Was that inconvenient?  Yes.  Would I have preferred to stick with the device I already knew?  Of course.  But I care more about the security of my coins than I care about the inconvenience of learning something new.  The fact that you don't means you probably shouldn't be buying Bitcoin.  If you can't handle securing it, no worries.  Go with an ETF.  There's no shame in admitting you're not up to the challenge that comes with securing your own coins.  ETFs didn't exist when I was getting started.  If they did, I might have done that instead (though I love owning my own coins).

So if I still want to continue using nano ledger s plus, would you recommend against doing the firmware update from 1.1.0 to 1.1.2?

I recommend never updating or using any Ledger code ever.  It's not safe.

The thing is I don't want an issue where I have issues with it later on if the firmware is too old to do an update.

It won't matter if your coins get stolen due to the device being accessed over the internet by hackers or a rogue employee.  And it's not like Ledger employees haven't already been phished.

When you do send and receive on your ledger, wouldn't you want your firmware to be up to date?

Not if the update contains code that lets Ledger and other companies extract your keys.

The other thing is if something was to happen with ledger and the backdoor, wouldn't this be the biggest news ever if they have backdoor to everyone's key?

When it happens, nobody will know until wallets start getting drained.  By that point, it'll be too late.

So very few people here are still using their ledger?

People who understand how hardware wallets work stopped using Ledger.  People who make brand names part of their own identity and use hardware wallets as a cool form of crypto street cred stuck with Ledger, because they're not very bright.  Back in 2021, idiots on Tiktok were wearing Ledgers on a necklace, like a crypto-bro boast.  They stuck with Ledger because they care more about the brand name than they care about what the thing does.

From reading online, I would have thought it was an overreaction to it

If you read Ledger's sub on reddit, Ledger deletes posts that complain about their key extraction code and they shadowban users who say anything negative about it.  They probably do that on all of their social media.  That creates an echo chamber of dummies cheering on dummies.

Here's the bottom line:

If you're waiting to see Ledger's key extraction code get hacked before you switch to something safe, it'll be too late.  That's not how a Ledger hack will go down.

When Ledger's key extraction scheme gets hacked, the hackers aren't going to empty wallets.  They're going to want to steal as many keys as possible first, because if they drain wallets, they'll let Ledger know the code was hacked, which will cause Ledger to patch it, which will end the hacker's ability to keep stealing keys.

The hackers are going to want to steal as many keys as possible before they start draining wallets.  And you'll never know if yours is one of them.  For all we know, hackers could already be stealing keys & building a giant stockpile of wallets to hit.

But when they do start draining wallets, I'd expect them to drain a ton of them all at once.  They're gonna hit 'em hard and fast, wiping them all out.

Now, think about how long it's going to take for people to figure out what happened.  Their wallets will have been drained, but they won't know why, and Ledger will be quick to deny their code had anything to do with it.  Ledger will start peddling FUD about other devices.  And other devices will get blamed too, because people who didn't know what they were doing switched from Ledger to a new device but kept the same seed phrase, which the hackers already had.

I think it's just a matter of time before it happens - but the real question is, even if it never happens...  do you REALLY want to spend years wondering if somebody accessed your device every time you turn it on?  Do you REALLY want to spend years wondering if somebody already swiped your keys and is waiting for the right time to drain your wallet?  Do you really want to spend years wondering about every firmware update?  By the way, that firmware has tons of trackers and every update probably adds more.

I'm using a seed that has never touched a Ledger device, and my hardware wallet is 100% open source & airgapped.  I have no worries.  My keys are unhackable.  Yours should be too.

Hey, if you don't care you don't care.  But you can't say you weren't warned in explicit detail.

TL;DR:  Dude.  C'mon.  That firmware can't be trusted.

[jerry0]

So are you saying like a huge portion of this subforum here stopped using ledger for this reason?  I would have thought less than 50% stopped using it here.


What wallet do you now use?  To me, the simplest one if I had to guess would be a trezor right?  I heard about wallets like coldcard and others but trezor should be the simplest? 


Did you use a passphrase with your nano ledger?  Wouldn't using that make it very secure then or that still isn't enough for you?


If the hack was to happen the way you described, wouldn't this be the biggest news of all time then? 


The thing is I don't even want to bother creating a passphrase account on nano ledger because I had set up nano ledger a while back and concerned about messing it up.


So wouldn't this mean other devices could do the same thing like ledger but they aren't telling you everything?  I mean ledger said a while back they were open source.

[Meuserna]

So are you saying like a huge portion of this subforum here stopped using ledger for this reason?  I would have thought less than 50% stopped using it here.

The more knowledge the users have, the more of them that stopped using Ledger.

What wallet do you now use?

Krux is my main wallet.  I also use SeedSigner and Blockstream Jade.  I recommend Krux and SeedSigner very highly.  Jade is very safe, and if you buy one it's a great choice, but I find the UI to be kind of clunky, so I'm not a fan.

To me, the simplest one if I had to guess would be a trezor right?  I heard about wallets like coldcard and others but trezor should be the simplest?  

I agree that Trezor is the easiest fully open source hardware wallet.  It's the best choice for newcomers.  It's an excellent choice.

Did you use a passphrase with your nano ledger?  Wouldn't using that make it very secure then or that still isn't enough for you?

I did use a passphrase with my Ledger - but Ledger uses code that is closed source.

Closed source code is like a black hole.

There's no way to prove what is in it.
There's no way to prove what it does.
There's no way to prove what it doesn't do.
There's. No. Way. To. PROVE. The. Code. Is. SAFE.  There's no way.

If the hack was to happen the way you described, wouldn't this be the biggest news of all time then?  

When it happens, it will be huge news, yes.  And it'll be too late for everybody who gets caught up in it because the hack won't make the news when it happens.  When it happens, nobody will know.  Nobody will know their keys were extracted and stolen until their wallets get drained.

The thing is I don't even want to bother creating a passphrase account on nano ledger because I had set up nano ledger a while back and concerned about messing it up.

Oh, dude.  Just buy the ETF.

So wouldn't this mean other devices could do the same thing like ledger but they aren't telling you everything?

Other devices publish their code.  OPEN SOURCE.

I mean ledger said a while back they were open source.

The difference is, when Trezor, ColdCard, Blockstream Jade and SeedSigner say they're open source, they mean it and they prove it by publishing every single line of their code.  They prove it.

Ledger lies about being open source because they want to use the term in their marketing, but they don't publish every single line of their code.

The fact that Ledger lies to their customers and lies to their users is another reason why you have to be a fool to stick with them.  And you're desperately trying to find reasons to justify sticking with them, which tells me that you shouldn't be buying Bitcoin at all.  Just buy into an ETF.  If you're not ready to take securing your coins seriously, just buy into an ETF.

[jerry0]

I don't plan to buy anymore btc or buy ETF.


So who here is still using ledger.  Like a very small percentage then?

[Pmalek]

What wallet do you now use?  To me, the simplest one if I had to guess would be a trezor right?  I heard about wallets like coldcard and others but trezor should be the simplest?

I wouldn't recommend you go for a Coldcard or any of the other models that Meuserna recommended. Not because they are bad recommendations, but because you have had your Ledger for years and haven't learned much. You come back every few months and ask the same questions. It's been like that for years. You wouldn't understand the ins and outs of an airgapped hardware wallet. Go for a Trezor. It's as easy to use as a Ledger.

Did you use a passphrase with your nano ledger?  Wouldn't using that make it very secure then or that still isn't enough for you?

It would still be a passphrase created on a hardware wallet with a closed-source firmware.

If the hack was to happen the way you described, wouldn't this be the biggest news of all time then?

It would be major news in the crypto sphere, but so what? That doesn't mean it couldn't happen just because it would create plenty of drama. 

So wouldn't this mean other devices could do the same thing like ledger but they aren't telling you everything?

Other manufacturers could introduce a similar key extraction vulnerability. Secure elements allow for such functions to exist. It's possible. But the only company that has done it so far, that we know of, is Ledger.
 

I mean ledger said a while back they were open source.

Certain parts of their systems are open-source, others aren't. The Ledger Live is open-source. The apps you have installed on your Nano are open-source. Their development toolkit is open-source. But unfortunately, their firmware is closed-source and could, in theory, contain anything.

So who here is still using ledger.  Like a very small percentage then?

How could any of us answer that question precisely? It's not like someone is keeping score. Besides, what does it matter? You have been told why it isn't a good idea to stick with your Ledger, why care what others do? Many people inject heroin into their arms daily even though it isn't good for you.

[jerry0]

Okay so trezor would be the best option if I use another hardware wallet.  There seems to be 3 different trezor wallets.  You mean the middle one the trezor 3 then?  The old cheap trezor one seem to be only for btc?  Then there is trezor 5 which is the most updated and new one but that is not necessary?


Well I wanted to know if there are people here that still stick with ledger with all this news.  I got to assume most people didn't make the switch right?  By that I mean overall and not like the people on this subforum.


The thing is I hate going from one hardware wallet to another after using ledger for this long.  The easiest transition would be trezor.



Now what I want to know is if one chooses to continue to use ledger, should one update the firmware or not?  I am still using 1.1.0 on nano ledger s plus which doesn't have the recover option.  I believe 1.1.1 is the version that has it.  If i update the firmware, it would be 1.1.2 and that obviously will have that recovery option.



The thing is if I don't update the firmware, would I have issues now doing a transaction of sending btc?  I got to assume not right since even if I got a trezor now... well I still have to send the btc from ledger to trezor.  But if it requires firmware update, you do that and then send btc immediately to trezor?


Someone mentioned if you don't update the firmware, there could be security issues.  That is true right?  Thus it's always best to have updated firmware than old outdated firmware?  Like people who have the nano ledger s but have that really old firmware, I heard some people can't even update the firmware anymore right?


Ledger says as long as you don't opt in the recovery program, then there is nothing to be concerned.  You don't trust them when they say this?  Now if something was to happen, this would be bigger news than any crypto news out there.

[Meuserna]

Okay so trezor would be the best option if I use another hardware wallet.  There seems to be 3 different trezor wallets.  You mean the middle one the trezor 3 then?

Any Trezor hardware wallet will secure your Bitcoin well.  You don't need the most expensive model.

Well I wanted to know if there are people here that still stick with ledger with all this news.

Of course there are.  The world will never run out of stupid people.  People do reckless things all the time.  Does that mean you should too?  Only you can decide what's right for you.

The thing is I hate going from one hardware wallet to another after using ledger for this long.  The easiest transition would be trezor.

I agree that it's annoying.  I'm willing to bet I used Ledger longer than you.  I didn't switch because it would be fun or convenient.  I switched to different hardware because I care about keeping my coins safe long term.

Now what I want to know is if one chooses to continue to use ledger, should one update the firmware or not?

How many times can we say no?  Ledger firmware cannot be trusted.

The thing is if I don't update the firmware, would I have issues now doing a transaction of sending btc?  I got to assume not right since even if I got a trezor now... well I still have to send the btc from ledger to trezor.  But if it requires firmware update, you do that and then send btc immediately to trezor?

Here's a step by step guide:

Buy a Trezor.

Let the Trezor create a new wallet with a new seed phrase for you.

Send coins from your Ledger wallet to the addresses at your Trezor.

Someone mentioned if you don't update the firmware, there could be security issues.

You don't even remember who said what...  but somebody said something on the internet, so it must be true.  Come on, man.  You need to learn the basics so you can understand what you're doing and why things like open source matter.

Ledger says as long as you don't opt in the recovery program, then there is nothing to be concerned.

Ledger also said this:

Your keys are always stored on your device and never leave it

Then they wrote code to extract your keys from your device.  Ledger lies.  Ledger lies are even on the boxes for their hardware.

"WE ARE OPEN SOURCE"

https://i.redd.it/dysdk6j9516b1.jpg

The box for Ledger hardware running closed-source firmware says Open Source. That's intentionally misleading if not outright fraud.  Ledger lies.

You don't trust them when they say this?

No.

How much more clearly can we say it?

Now if something was to happen, this would be bigger news than any crypto news out there.

It will be like when Mt Gox collapsed.  Or when FTX collapsed.  Or when Voyager collapsed.  Or like many other times when people kept coins where they shouldn't have.  And people like us will just shake our heads in disbelief because we explained the risks so crystal clearly.

You're desperately looking for someone to come along and tell you to stick with Ledger.  If that's what you want to do, DO IT.  I assume you're an adult.  Make adult decisions.

How much is your Bitcoin worth?  Don't tell me.  Say it to yourself.

How much does securing your Bitcoin matter?  Don't tell me.  Say it to yourself.

Be an adult.  Make adult decisions.