Hardware wallets wont fix your terrible pc opsec

[CryptoVoyager24]

Literally everyday someone is crying here about their ledger getting drained. Nwsflash: the hardware chip is fine. U got social engineered.

Dropping $150 on a physical device is completely pointless if u plug it straight into the exact same windows desktop u use to click sketchy discord links and run pirated games. Fake guis bypass defender easily now. If u actually type 24 words into a desktop popup just cause your monitor asked nicely... thats a layer 8 pebkac issue.

Separate your environments. Boot tails or a strict linux distro for crypto. Stop treating a daily driver gaming rig like Fort Knox.

[Aanuoluwatofunmi]

So many people are making mistake that they don't even know the cause of what is happening to them and how they are being attacked, having a hardware wallet is not the end of the security challenge, you must ensure that you are being mindful of the device you are using and what you are doing on it, we are expected to avoid unsolicited links and downloads on our device because we could be hacked through such, also, ledger wallet does not maintain high level of privacy, it's not bad if we can consider any other brands like Trezor.

[tech30338]

So many people are making mistake that they don't even know the cause of what is happening to them and how they are being attacked, having a hardware wallet is not the end of the security challenge, you must ensure that you are being mindful of the device you are using and what you are doing on it, we are expected to avoid unsolicited links and downloads on our device because we could be hacked through such, also, ledger wallet does not maintain high level of privacy, it's not bad if we can consider any other brands like Trezor.

Most of time the issue is not the hardware wallet but the user itself, sometimes the culprit is their family members stealing their funds without knowing, and yes the way you handle your devices where you put wallet, clicking links or even email links, will put your computer and devices at risk.
Attacks are done with malware, a software that we install with virus, pirated software with hidden virus etc, so if you want to be safe from anything with regards to our wallets make sure to never use, them on things that can make your devices computer to be infected, it will drain your wallet when it happens.

[Lucius]

Literally everyday someone is crying here about their ledger getting drained. Nwsflash: the hardware chip is fine. U got social engineered.

It's strange how the users of that device complain, and not the users of some other hardware wallets.
Of course, I'm not saying that they were hacked, and you're probably right, but the fact that their complete database of user data was leaked at least twice gives hackers a great advantage in social engineering.

Besides, it is the only hardware from which it is possible to extract the seed and send it to third parties for safekeeping, which means that it is only a matter of time before some skilled hacker exploits this vulnerability.

Dropping $150 on a physical device is completely pointless if u plug it straight into the exact same windows desktop u use to click sketchy discord links and run pirated games. Fake guis bypass defender easily now. If u actually type 24 words into a desktop popup just cause your monitor asked nicely... thats a layer 8 pebkac issue.

Separate your environments. Boot tails or a strict linux distro for crypto. Stop treating a daily driver gaming rig like Fort Knox.

Why even think about plug-in devices when there are air-gapped ones? Although some people probably wouldn't be helped by such devices because they don't understand what a seed actually is, so they share it with others just because they asked nicely.

[SquirrelJulietGarden]

So many people are making mistake that they don't even know the cause of what is happening to them and how they are being attacked, having a hardware wallet is not the end of the security challenge

Securing your bitcoin requires many things, from Bitcoin wallets, wallet backups, to your devices, and how you secure your initial wallet, wallet backups and the device. It's not a single step for securing your bitcoin, but in fact there are many steps, step by step, with relation to each other, and together if you do these steps well, you are able to secure your bitcoin and keep it safe.

you must ensure that you are being mindful of the device you are using and what you are doing on it, we are expected to avoid unsolicited links and downloads on our device because we could be hacked through such, also, ledger wallet does not maintain high level of privacy, it's not bad if we can consider any other brands like Trezor.

Hardware wallet is only one type of Bitcoin wallets and Bitcoin users can secure their bitcoins with software wallets (hot wallets), but if they practice bad they still can lose their coins with hardware wallets.

Any wallets they choose to use, they must know about that wallet, read reviews, and prioritize to use open source and non custodial wallets with good review, and reputation history.

Open Source Hardware Wallets
[GUIDE] How to buy a Hardware Wallet the right way
https://walletscrutiny.com/

[Hatchy]

Why even think about plug-in devices when there are air-gapped ones? Although some people probably wouldn't be helped by such devices because they don't understand what a seed actually is, so they share it with others just because they asked nicely.

I've come to realised actually that just a few percent of crypto users do keep their seedphrase safe.. most online influencers who own crypto reply on third party for the safety of their keys. They claim that it's much easier to access in times of trouble, but the real trouble they don't know of is the third party apps which could be exploited by criminals and their funds stolen.

.

Separate your environments. Boot tails or a strict linux distro for crypto. Stop treating a daily driver gaming rig like Fort Knox.

Or rather keep your wallets completely off grid? I saw a video online the other day where a young crypto influencer mistakenly showed his keys on one of his live streams.it wasn't an intentional move though, he had his funds on same pc as that of his live stream. Unfortunately for him, his screen was shared and the public saw his keys. Just immediately his wallet was drained..it's better to keep your wallet of grid..

[promise444c5]

Literally everyday someone is crying here about their ledger getting drained. Nwsflash: the hardware chip is fine. U got social engineered.

And if they’ve handled their users data seriously then some of these users who were victims of the so called social Engineering won’t have suffered any loss. Don’t forget this same January there was still another report of a breach on one of the third party payment processor which Ledger uses :

https://www.bleepingcomputer.com/news/security/ledger-customers-impacted-by-third-party-global-e-data-breach/

I know other HW wallet have data breaches too specifically Trezor but it’s not as worse as that of ledger.

Let’s ignore the fact that they introduced Ledger recover on a closed source firmware..

You’re right anyway maybe if everyone do the right thing & also take the right measures then they can avoid most of this mess. Just that you must know that not everyone can really understand deeply how everything works.

[WannaParadise]

Literally everyday someone is crying here about their ledger getting drained. Nwsflash: the hardware chip is fine. U got social engineered.

Dropping $150 on a physical device is completely pointless if u plug it straight into the exact same windows desktop u use to click sketchy discord links and run pirated games. Fake guis bypass defender easily now. If u actually type 24 words into a desktop popup just cause your monitor asked nicely... thats a layer 8 pebkac issue.

Separate your environments. Boot tails or a strict linux distro for crypto. Stop treating a daily driver gaming rig like Fort Knox.

The physical security of hardware wallets is generally adequate. In my experience, the vulnerability of such devices is mostly down to human error. Taking technical measures to prevent user error is critical. I believe that private keys should never be entered on a general purpose Windows machine or in an environment containing suspicious software. I think, the most effective way to create a secure transaction environment is through isolation it makes sense to use a separate system. Such as Tails or a Linux distribution configured solely for crypto transactions. Furthermore, workflows must be designed to mandate transaction approvals and physical verification as safeguards against GUI spoofing. Ultimately, the value of a $150 hardware investment becomes apparent when supported by the right operational processes. In my personal view, user training is just as important as the technology itself...

[Stalker22]

Literally everyday someone is crying here about their ledger getting drained. Nwsflash: the hardware chip is fine. U got social engineered.

It's strange how the users of that device complain, and not the users of some other hardware wallets.
Of course, I'm not saying that they were hacked, and you're probably right, but the fact that their complete database of user data was leaked at least twice gives hackers a great advantage in social engineering.

My thoughts exactly.  Users are not really "stupid" since the company gave hackers access to all of their personal information.

When a hacker knows exactly who you are and what device you have, their social engineering is a lot more believable.  You will receive personalized emails, or fake replacement devices will be sent to your home that appear to be legitimate.

While Ledgers hardware may be safe, their database security was an absolute failure, and their customers are still suffering from that today.

[dkbit98]

Dropping $150 on a physical device is completely pointless if u plug it straight into the exact same windows desktop u use to click sketchy discord links and run pirated games. Fake guis bypass defender easily now. If u actually type 24 words into a desktop popup just cause your monitor asked nicely... thats a layer 8 pebkac issue.

I don't agree with you because hardware wallets are created to be safer option even if your computer is infected with some kind of malware.
And you would basically solve 99% of the those malware issues if you stopped using wind0ws OS spyware, and switch to good open source Linux distribution.
There are even aigapped hardware wallets that are not even connecting to computer when generating seed words.

[KiaKia]

Literally everyday someone is crying here about their ledger getting drained. Nwsflash: the hardware chip is fine. U got social engineered.

Dropping $150 on a physical device is completely pointless if u plug it straight into the exact same windows desktop u use to click sketchy discord links and run pirated games. Fake guis bypass defender easily now. If u actually type 24 words into a desktop popup just cause your monitor asked nicely... thats a layer 8 pebkac issue.

Separate your environments. Boot tails or a strict linux distro for crypto. Stop treating a daily driver gaming rig like Fort Knox.

You nailed it, anyone that don't want to spend money on hardware wallet can use a different NVME to install and boot Linux from there whenever they want to make transactions, this is a good advice.

On the other hand why would anyone go for hardware wallet that needs to be plugged into a computer for transaction purposes? You can lower the risk of this happening by buying a hardware wallet that can operate on its own, for transactions and also for updating the device.

Mind you, I still believe that hardware wallets are safer, you can't beat a device that's created for saving your Bitcoin over a NVME drive that you built yourself running a crypto wallet on an os, a standalone device will always be better.

[Cookdata]

Such as Tails or a Linux distribution configured solely for crypto transactions. Furthermore, workflows must be designed to mandate transaction approvals and physical verification as safeguards against GUI spoofing. Ultimately, the value of a $150 hardware investment becomes apparent when supported by the right operational processes. In my personal view, user training is just as important as the technology itself...

TailsOS isn't for everyday use, they are boot on USB flash for short time use and clear everything from your device immediately you shutdown and unplug the USB flash from your device. It's more about privacy rather than keeping it on your system for long time, Linux is better.

There are many other Linux distro and better than windows, all are friendly, you can build everything from source code, even the hardware wallets gives priority to Linux over windows but popularity of windows of end users put Linux in shadows, Linux is 100% better and safe than windows.

It's common to see windows users with a multipurpose functionality, they download and play games that are jailbreak without understanding what was done behind. The same PC operating system don't license keys for windows, they have to download from unreliable source, all these undermine security of PC with hardware wallet.

[CryptoVoyager24]

Yeah the ledger leak gave scammers unlimited ammo, no arguing that. Targeted emails are super convincing now.

But the core issue remains... Why are people typing recovery phrases into windows? The whole point of spending money on cold storage is to only trust the tiny screen on the actual device. If a user blindly trusts a desktop gui over the hardware, its game over. Moving to a standalone linux nvme like @KiaKia suggested is basically mandatory at this point if you hold real bags.

[Rikafip]

If u actually type 24 words into a desktop popup just cause your monitor asked nicely... thats a layer 8 pebkac issue.

If you are capable of doing something that stupid, there is no OS in the world that will be able to protect you.

[Dex_master25]

If u actually type 24 words into a desktop popup just cause your monitor asked nicely... thats a layer 8 pebkac issue.

If you are capable of doing something that stupid, there is no OS in the world that will be able to protect you.

One thing I know about windows is that it is for convenience and compact ability which makes what OP says true for a great attack surface.

I would recommend an air gapped laptop, a standard Linux laptop or a tails laptop for better security.

[Rikafip]

I would recommend an air gapped laptop, a standard Linux laptop or a tails laptop for better security.

I have none of those things, yet I feel pretty safe.

Having said that, I have a solid hardware wallet, I don't download any pirated software whatsoever and I am generally very careful with what I click on the Internet.

[Asuspawer09]

I guess they just need more information about this things, they need to understand how the things happened or something since most of the people that get hack similar to this was not really a techy person or something so they just not normally used to using computers or something so they dont understand how the draining works or something and how obvious it is most of the time. I mean on phisings that is what is usually the method of hackers way to drain some wallet is just copying the webpage of some of the website, tricking you to put your wallet seed phrase or private key, something like that, so you could easily see that it was a red flag if it was asking for your private key for sure.

The thing is if your computer is the one that is compromise it was a different scenario since most likely what happened is you been trick to download the application and you installed it on your computer which is a virus, if they trick you to do that then they would have control over your computer and there was nothing you could do about it if your not aware of it they could pretty much do anything that they wanted on your device. So buying a new hardware wallet or something is not going to fix it.

[Mhizlove]

I would recommend an air gapped laptop, a standard Linux laptop or a tails laptop for better security.

I have none of those things, yet I feel pretty safe.

Having said that, I have a solid hardware wallet, I don't download any pirated software whatsoever and I am generally very careful with what I click on the Internet.

You are already doing what that matters which is safety for crypto and not about many tools rather it's all about discipline and safety mindset, as long as you're not clicking the wrong thing, you don't install nonsense and you do understand that your seed phrase is legit then you have reduced the risk alot. Most people who lose their funds, this don't mean that they don't have hardware wallets but what might have caused it would be that they were a little careless

[promise444c5]

I would recommend an air gapped laptop, a standard Linux laptop or a tails laptop for better security.

With all that you can still lose your Bitcoins.. you only solve the storage problems by setting up a cold storage. You can use a HW wallet, I’m not really a fan of hardware wallets anyway, I don’t have one either..

After you setup, you still need a device that connects to the internet before you can initiate a transaction, what your cold wallet only do is just simply singing it. Your unsigned transaction can be altered when you’re creating  it, and you can loose your bitcoins if you blindly sign it.

Don’t trust, always verify..

[Mia Chloe]

Separate your environments. Boot tails or a strict linux distro for crypto. Stop treating a daily driver gaming rig like Fort Knox.

It's difficult for most people and most times involuntary. Fun fact is many people find Linux difficult to navigate mostly because they prefer a fancy UI from windows for instance to a command prompt on Linux. If you use windows mostly there's a chance you'll make this mistake.

The problem is not just windows and closed source softwares the problem actually is being able to differentiate between a safe software and the opposite. Once your pc is infected, source type can't undo the fact that you're at risk.