Real Problem With Ledger Wallet

[BitGoba]

In this video, a Bitcoin Security Expert explains why using a Ledger wallet may not be the best choice. It’s especially useful for beginners who want to understand the potential risks in a simple and clear way.

https://www.youtube.com/watch?v=v4JGLTaqbGs

If you know someone who uses Ledger, send them this video immediately.

[Laura Mitchell]

Seen a few similar opinions about Ledger. There are some fair points, especially regarding trust and firmware, but calling it a bad choice overall is already too much. Nevertheless, it’s still much safer than leaving funds on exchanges.

[Zaguru12]

In this video, a Bitcoin Security Expert explains why using a Ledger wallet may not be the best choice. It’s especially useful for beginners who want to understand the potential risks in a simple and clear way.

https://www.youtube.com/watch?v=v4JGLTaqbGs

If you know someone who uses Ledger, send them this video immediately.

Personally I think anyone who actually still needs this information here to actually stay away from ledger wallet will be definitely a total newbie or some who seriously is never negligent and doesn’t values his bitcoin security, the video has explained somethings which has been the most warned about issues here for the past few years about ledger hardware. From their data breaches to their close source been an alarming warning to the most ridiculous means of wallet recovery. Combine this then using ledger wallet is no different from using all those in built exchange wallet because you’re definitely not using a self custody wallet.

Don’t get me wrong OP this is great information for outside forum consumption most especially the X social media platform were ledger is usually recommended due to their promotion their. But for any long term forum member this warnings are all over the forum,

I will rather use an electrum on my old device as airgapped (even though they might be flaws) than actually go for ledger now

[Lucius]

~snip~
I will rather use an electrum on my old device as airgapped (even though they might be flaws) than actually go for ledger now

It is the safest way to create a wallet, and if you store the seed in the appropriate way, you don't have to be afraid that someone will hack you or that you will become a victim of something as trivial as clipboard malware. Hardware wallets are a good thing for anyone who wants more security for their coins, although there are exceptions which are discussed in this topic.

I would honestly feel safer with a hot wallet on a desktop computer than with any Ledger device considering all the bad things that have come from them over the years.

[Zaguru12]

~snip~
I will rather use an electrum on my old device as airgapped (even though they might be flaws) than actually go for ledger now

It is the safest way to create a wallet, and if you store the seed in the appropriate way, you don't have to be afraid that someone will hack you or that you will become a victim of something as trivial as clipboard malware. Hardware wallets are a good thing for anyone who wants more security for their coins, although there are exceptions which are discussed in this topic.

I would honestly feel safer with a hot wallet on a desktop computer than with any Ledger device considering all the bad things that have come from them over the years.

Yes a properly set up hot wallet in an airgapped device is actually the best method provided the device is completely airgapped that is it has never been online before or would it go only again, and provide the hot wallet is also open source and can sign transactions offline. It’s far more better in my opinion than a hardware wallet because I am confident on my device my self any developer

The reason why i compared this type of wallet with ledger is because I said old device which means it’s not totally airgapped since it might have visited the internet before and could have contacted something I wouldn’t know. Which makes it less secure than a proper airgapped device but still better than ledger to me

[FinneysTrueVision]

If you are a frequent user of the forum, then you are probably already aware of the many issues with Ledger. If you were using Ledger hopefully you have already moved your funds to something that is more open and secure. The video brings up a good point about Ledger being more focused on how they can get more money out of you than on improving their product. Ledger has done everything possible to destroy their reputation, so anybody that is serious about protecting their assets should avoid them at all costs.

[bitmover]

Seen a few similar opinions about Ledger. There are some fair points, especially regarding trust and firmware, but calling it a bad choice overall is already too much. Nevertheless, it’s still much safer than leaving funds on exchanges.

I think people are over reacting about ledger flaws, which exist. Specially about personal data leaks. And the ledger recovery feature.

If you do not turn on the ledger recovery, ledger is still a hardware wallet and way better than most wallets.

Trezor is the best hardware wallet, not doubt about it.

But if you have a ledger, you should use it until you buy a new hardware wallet.
It is safer than using other methods.

 lots of people  lost funds using hot wallets or airgapped methods. But nobody ever lost funds using a ledger wallet (only by user fault)

[Lucius]

I think people are over reacting about ledger flaws, which exist. Specially about personal data leaks. And the ledger recovery feature.
~snip~

You sound like one of the top people working for that company who have the same attitude, regardless of the fact that they are responsible for leaking the data of hundreds of thousands of their clients who have been victims of every possible attack that exists online for years. Besides, to believe someone who claimed that seed cannot be extracted from their devices, and then suddenly that changes overnight is really strange.

Everyone is entitled to their own opinion, but not if it puts others at risk - Ledger devices are a risk that should be avoided at all costs.

[bitmover]

I think people are over reacting about ledger flaws, which exist. Specially about personal data leaks. And the ledger recovery feature.
~snip~

You sound like one of the top people working for that company who have the same attitude, regardless of the fact that they are responsible for leaking the data of hundreds of thousands of their clients who have been victims of every possible attack that exists online for years. Besides, to believe someone who claimed that seed cannot be extracted from their devices, and then suddenly that changes overnight is really strange.

Everyone is entitled to their own opinion, but not if it puts others at risk - Ledger devices are a risk that should be avoided at all costs.

I don't  work for ledger.

You just mentioned that a hot wallet is safer than ledger.

With all the knowledge you have, I find very strange you spread false information like this. You know this is wrong. This is precisely what you said I did: you put others at risk.

Even bybit uses ledger (and they were not hacked because ledger was hacked, but a human error and a complex attack in third party software). But you are basically saying that you know better and they should use a hot wallet instead.

They are not among the best wallet anymore. bUt ledger is still a hardware wallet and is safer than any hot wallet .

About that leaks, I am sure basically every company out there leaked some data already. Just yesterday I received an email that booking leaked user data.

[PrivacyG]

bUt ledger is still a hardware wallet and is safer than any hot wallet .

Debatable.  Back when Ledger claimed their seed could not be extracted from the device it could have been considered that way.  When you realize that was actually a lie and the Seed can now be extracted from it and stored at THIRD PARTIES, you are naive to think that is safer than any hot wallet.  If they lied about the seed never leaving the device, what makes you think the closed source side of the device is not doing any malicious things behind your back?

About that leaks, I am sure basically every company out there leaked some data already. Just yesterday I received an email that booking leaked user data.

That is not a good excuse at all.  In fact.  When so many companies practice such a bad security and get their data bases leaked and sold away, it is the companies that actually care we should be looking at.

[bitmover]

bUt ledger is still a hardware wallet and is safer than any hot wallet .

Debatable.  Back when Ledger claimed their seed could not be extracted from the device it could have been considered that way.  When you realize that was actually a lie and the Seed can now be extracted from it and stored at THIRD PARTIES, you are naive to think that is safer than any hot wallet.  If they lied about the seed never leaving the device, what makes you think the closed source side of the device is not doing any malicious things behind your back?

That is not how it works.

This is a paid feature. You have to actually pay to use it , it is a subscription.

Also,  you have to physically click the device to authorize it. They cant just extract your seed magically without your consent.

I agree that this is a bad feature. But it is an optional service. It is also paid. You need to confirm the action by physically tapping your Ledger device.

Too much hate and misinformation around it.
https://support.ledger.com/article/9579368109597-zd?redirect=false

[satscraper]

bUt ledger is still a hardware wallet and is safer than any hot wallet .

Debatable.  Back when Ledger claimed their seed could not be extracted from the device it could have been considered that way.  When you realize that was actually a lie and the Seed can now be extracted from it and stored at THIRD PARTIES, you are naive to think that is safer than any hot wallet.  If they lied about the seed never leaving the device, what makes you think the closed source side of the device is not doing any malicious things behind your back?

That is not how it works.

This is a paid feature. You have to actually pay to use it , it is a subscription.

Also,  you have to physically click the device to authorize it. They cant just extract your seed magically without your consent.

I agree that this is a bad feature. But it is an optional service. It is also paid. You need to confirm the action by physically tapping your Ledger device.

Too much hate and misinformation around it.
https://support.ledger.com/article/9579368109597-zd?redirect=false

As the saying goes “every trickster meets their match.”

It is true that this is the paid service and that you must authorize the extraction, but by acknowledging thatSEED  can be extracted , they are effectively providing assistance to attackers who may use reverse engineering to create modified firmware capable of doing this without your consent. In addition, there is no guarantee that some former employee would not retain the knowledge of how to perform this extraction.

[Yamane_Keto]

Also,  you have to physically click the device to authorize it. They cant just extract your seed magically without your consent.

I agree that this is a bad feature. But it is an optional service. It is also paid. You need to confirm the action by physically tapping your Ledger device.

Buyers might not consider Ledger Recover a bad service and those who aren't overly concerned with reading code, privacy, or even how to store wallet seeds, this could be a feature many are looking for. If House Bill 380 is passed, Ledger will be the only hardware wallet that complies with it.

[Lucius]

I don't  work for ledger.

I know you don't, I wrote that you just sound like their CEO Lord of The Rings who uses the same expressions when talking about recovery or database leaks.

You just mentioned that a hot wallet is safer than ledger.

With all the knowledge you have, I find very strange you spread false information like this. You know this is wrong. This is precisely what you said I did: you put others at risk.
~snip~

I still think so, any hot wallet that is properly created, protected with a unique password, and whose seed and password are stored offline is more secure than a device that has features like Ledger. You are one of the few members who still writes positively about that company and their devices.

About that leaks, I am sure basically every company out there leaked some data already. Just yesterday I received an email that booking leaked user data.

Do you think it is the same if your data is leaked from a company that provides a streaming service or a store where you have a loyalty card compared to data from a company that manufactures and sells devices for storing private keys of cryptocurrencies? Hundreds of thousands of people who bought their devices became potential targets of online and physical attacks, because all data was published, including phone numbers, home addresses and full names and e-mail addresses.

[bitmover]

I still think so, any hot wallet that is properly created, protected with a unique password, and whose seed and password are stored offline is more secure than a device that has features like Ledger. You are one of the few members who still writes positively about that company and their devices.

I am not writing positively about it. I am just correcting all the wrong information that you and other users are writing in this topic which is putting other users at risk.

Ledger is more secure than any hotwallet. Ledger seed cannot be extract without your physical consent.

I am just following the top security practices, while you are recommending the opposite.

Ledger is used in top tier companies, like Bybit, crypto.com and probably even some ETF are holding funds there. But Lucius, an anonymous guy in the forum, knows better and they all should  be using Metamask or Unstoppeable or whatever...... give me a break.....

That is not a good excuse at all.  In fact.  When so many companies practice such a bad security and get their data bases leaked and sold away, it is the companies that actually care we should be looking at.

Do you think it is the same if your data is leaked from a company that provides a streaming service or a store where you have a loyalty card compared to data from a company that manufactures and sells devices for storing private keys of cryptocurrencies? Hundreds of thousands of people who bought their devices became potential targets of online and physical attacks, because all data was published, including phone numbers, home addresses and full names and e-mail addresses.

You just need to be realistic.
Trezor is leaking data too. So what wallet will you recommend now?

Even the hotwalelts which Lucius says are better are leaking. Only companies which doesn't have your data won't leak it.

I think trezor is the best HW. But leaking data is not enough to condemn the product.

https://cryptonews.com/news/trezor-security-breach-exposes-66k-users-phishing-risks-heightened/


Every company out there will have flaws.  

Is ledger the best wallet? no. But it is safe

Are hot wallets safe? No. None of them are safe to use.

I think the best wallet is Trezor. Is it perfect? Probably not. But no product is.

[Meuserna]

Seen a few similar opinions about Ledger. There are some fair points, especially regarding trust and firmware, but calling it a bad choice overall is already too much. Nevertheless, it’s still much safer than leaving funds on exchanges.

I think people are over reacting about ledger flaws, which exist. Specially about personal data leaks. And the ledger recovery feature.

If you do not turn on the ledger recovery, ledger is still a hardware wallet and way better than most wallets.

You can't prove that Recovery doesn't allow internet access to your wallet even if you don't enable that feature.

It's closed source firmware.

A cold wallet is a device where the keys can't be reached over the internet. Ledger created an API to allow internet access to keys on a Ledger device, and they baked that API into their firmware. Even if you don't enable it, it's a danger to your wallet.

People are going to downplay that danger until it causes them to lose their coins. Then, those same people will be screaming from the rooftops about how they weren't warned about the dangers of hardware wallets having key extraction baked into the firmware.

The real problem is that most people don't understand hardware wallets. They think the hardware wallet connects to the internet. Nope. The only thing your hardware wallet should be able to share with an internet-connected device (your phone, computer, etc) is your public keys and transaction signatures. Your hardware wallet should never be able to share your private keys with internet-connected devices. That's dangerous.

[Zaguru12]

I am not writing positively about it. I am just correcting all the wrong information that you and other users are writing in this topic which is putting other users at risk.

Ledger is more secure than any hotwallet. Ledger seed cannot be extract without your physical consent.

I am just following the top security practices, while you are recommending the opposite.

The argument might have emancipated from my post, I think to provide clarity there is never any hot wallet been used as an hot wallet will ever be better than a cold wallet like hard ware wallet which categorically ledger falls into it. This is not the basis of my statement I am emphasizing on electrum wallet been used as a cold wallet which actually is by using an airgapped wallet, for me it’s the better option  only if set up well most especially if the option is against ledger wallet due to some cons as not so clear mode of recovery and also closed.

And rightly yes as you have said, the electrum wallet doubling as a cold wallet actually has its risk because if it’s not set up well like the device isn’t actually fully airgapped then it’s simply risky because one is just using a hot wallet portraying as a cold wallet, but if everything is perfectly done I don’t think ledger which is also a cold wallet is better.

Would i recommend this electrum as a cold wallet to a total newbie? I will say no rather they opt for options like buying an hardware wallet because I think they would definitely not get the right set up as it’s someway a little bit technical to set up

[The Sceptical Chymist]

I think people are over reacting about ledger flaws, which exist. Specially about personal data leaks. And the ledger recovery feature.

If you do not turn on the ledger recovery, ledger is still a hardware wallet and way better than most wallets.

Someone tell me if this isn't true, that when Ledger announced the Recover option they inadvertently disclosed that they can access the private keys from Ledger devices (except for the Nano S), and that this was always true regardless of whether someone used that service or not.  This is all coming from memory, as well as the update that included the Recover option being important as well.

I read all about it at the time, and it was enough to make me decide never to use any Ledger product, ever.  If the above is even mostly true, then data leaks are the least of Ledger users' worries.  So far nobody has reported any of their crypto going missing (into Ledger's hands I mean), but who knows what might happen down the road?

And also if there's truth to the above, I don't know why anyone who cares about security and/or privacy would support them.  However, I'm going to await confirmation of my memory of the Recover debacle or any arguments against.  My mind is open, but damned if I don't think I'm right on this.

[bitmover]

You can't prove that Recovery doesn't allow internet access to your wallet even if you don't enable that feature.

It's closed source firmware.

A cold wallet is a device where the keys can't be reached over the internet. Ledger created an API to allow internet access to keys on a Ledger device, and they baked that API into their firmware. Even if you don't enable it, it's a danger to your wallet.

People are going to downplay that danger until it causes them to lose their coins. Then, those same people will be screaming from the rooftops about how they weren't warned about the dangers of hardware wallets having key extraction baked into the firmware.

This is a good critic and you are right. There is a risk.

However, I doubt you consider a hot wallet safer than ledger  

Ledger may be dangerous. Hot wallets are dangerous.

Nobody ever lost funds there.

Someone tell me if this isn't true, that when Ledger announced the Recover option they inadvertently disclosed that they can access the private keys from Ledger devices (except for the Nano S), and that this was always true regardless of whether someone used that service or not.  This is all coming from memory, as well as the update that included the Recover option being important as well.

Not exactly.  They can access the seed only if you update the firmware,  click the button in their software and physically tap the button in the device. You literally have to authorize it. They cant access by their own. And no hacker was able to do so.

Reading the posts here it looks like that ledger can just download your seed wihout your knowledge.  they can't.

Nobody ever lost funds using a ledger, it is safer than basically any other solution. Bybit and crypto.com use it, for example.

[PrivacyG]

Someone tell me if this isn't true, that when Ledger announced the Recover option they inadvertently disclosed that they can access the private keys from Ledger devices (except for the Nano S), and that this was always true regardless of whether someone used that service or not.  This is all coming from memory, as well as the update that included the Recover option being important as well.

I believe you may be talking about this answer on their Recover 'Q and A' thread on Reddit,

https://old.reddit.com/r/ledgerwallet/comments/13j5cna/introducing_ledger_recover_answering_your/jkea6xw/

The secure element chip in the device is a little computer that is completely programmable. The program that runs on this chip can access and manipulate your seed, so obviously the security surrounding this code is very very important.

There are strong security mechanisms in place that ensure that only code that is written by Ledger can run on your device, and that any code with access to the seed cannot be modified by an attacker.

If the program can access and manipulate the Seed and the program can obviously only be written by Ledger AND it is closed source too then there is no way we can check if that code is not silently extracting and transferring the Seed to Ledger servers over the air.  Even if it is not now and even if 10 separate companies audit the closed source code themselves, a single cunning future update may be enough to change that.

I did not extensively research the way this Recover mechanism works but having the Seed Phrase split up into 3 fragments and sharing one of them with one different backup service means communicating the three fragments over the internet.  Which if only 2 out of 3 are necessary to recover the funds, it means only 2 of them need to be exposed for the seed to become compromised.  The software being closed source, how do we know these fragments are in fact not being relayed to the three companies THROUGH Ledger servers in the first place.

I do not know how it can even be guaranteed that the three companies do not communicate with each other either.  What happens if the identity of a future FBI wanted criminal is stored together with their seed fragments by these companies?  Only 2 out of 3 companies have to comply with FBI to seize the seed.

Anyway.  The debate should stop at 'closed source'.  Nobody knows what the hell is going on behind that code and Ledger users rely ONLY on Trust.  Plain and simple.

-----

However, I doubt you consider a hot wallet safer than ledger  

Ledger may be dangerous. Hot wallets are dangerous.

To be honest with you.  If I think it through.  I am pretty sure I actually consider an open source hot wallet safer than a wallet that suddenly added a way to SHARE THE FRAGMENTED SEED over the internet through a code I did not write and can not check to servers I do not own from a device I can not manually verify due to closed source components and code.

Reading the posts here it looks like that ledger can just download your seed wihout your knowledge.  they can't.

Nobody ever lost funds using a ledger, it is safer than basically any other solution. Bybit and crypto.com use it, for example.

I have seen at least ten threads or topics written by people complaining that their Bitcoin has suddenly disappeared out of their Ledger.  I always took them with a little grain of salt but what if?  Can you prove half of these were not caused by Ledger?  They can not even prove there is not a backdoor in their device,

https://old.reddit.com/r/ledgerwallet/comments/13itm7u/is_there_a_backdoor_yes_or_no/jkbvys7/

There's no backdoor and I obviously can't prove it