Apparently ledger pushed an update yesterday that adds a “feature” that encrypts and uploads your seed to third parties? lmao.
https://www.reddit.com/r/ledgerwallet/comments/13itm7u/is_there_a_backdoor_yes_or_no/
Login to reply
Replies (80)
Who’s running that place lol
Clearly shitcoiners
🤦🏼♂️
looks very serious.... Always rember to keep SAFU
The CIA
"The device sends encrypted shards of your seed to different companies if you decide to use the service. You can of course still choose to backup it yourself."
Well, that's at least good to know it's not enabled by default for everyone. That said, knowing that your Ledger now has the capability for your seed phrase to leave your device is damning.
If you use Ledger, it's time to switch to something else such as Coldcard, Passport, or Jade.
As funny as this is, it also creates more distrust for people needing to cold storage their Bitcoin. Who can you really trust?
Wtf?
You mean to tell me they worked on this for who knows how long without considering the PR backlash it would cause? Asking for gov ID when they can’t stop their clients from getting doxxed to just to make cold wallets hot and charge an outrageous monthly fee?
a huge step backwards for Ledger
Unchained uses Trezor … is there any reason to believe that will change? #[4]
Not understanding what the author of that reddit article is trying to say 🤔
Trezor is fine to use too.
I noticed trust wallet has it you can back up a seed to Google drive now. I feel a lot of hot wallets and cold storage device companies are going to start doing similar things. I'm not for it. But eventually I do see this similar service everywhere . Will be interesting to see how it plays out.
😲
Before everyone loses their shit, how is this different than you _voluntarily_ just storing your seedphrase in cloud storage or using the backup only in multisig in lieu of Casa/unchained?
I guess it’s more of a honeypot than the other options but let’s not pretend there are no legitimate use cases for 3rd party key storage.
NFTs, “crypto” advertised on their site. Seems a fiat company. Likely have fiat incentives.
@Guy Swann is bitbox02 still good?
View quoted note →
What if you’re only using this backup in a multisig, so the other keys remain private? How is that different than Casa?
This article clears it up big time. Already noticed trust wallet also has a way you can back up to Google drive. They are trying to make adoption easier which I applaud them for. Not everyone is a as smart and tech savvy as all of us. They are trying to get over that hurdle.
Your missing thr point. Government Id is only required if you pay for the service. You don't even have to pay or use the service.
What’s the best hardware alternative?
Well thanks Ledger. I now have all my coin in a hot wallet while I wait for my passport to arrive because that feels safer than whatever the fuck you are doing over there. Might be overreacting, but better safe than sorry.
As if everyone’s data leaking wasn’t enough?
How has anyone trusted ledger after that?
I have one sitting in my drawer as a reminder about how that company treats people. I would never use a ledger.
It helps adoption. Not everyone is as tech savvy as we are. This solves this. Same with wallets storing it on a cloud server. Definitely not the safest route. But some people only know how to keep on exchange which is even more sketch. I was against this till I read more. Pays to not assume .
So glad I stopped using their products and deleted all their software. I should’ve known when they were pushing alts and staking that they weren’t reliable. Bitcoin only + open source is the way to go.
Also read it is for ledger nano x. But not the other models.
I use trezor and coldcard
What are your thoughts on Blockstream Jade?
storing your seed words in the cloud is bad. is it easier, sure, but that doesn't mean it's a good idea.
Trezor at its core is a shitcoin wallet. Sure, it’s open source and has so far been a much better run business than ledger. But any wallet which supports hundreds of shitcoins has bad incentives built in and worse security by nature due to increased complexity. Get a Bitcoin only hardware wallet and use Bitcoin only companies.
Lol
but we can opt-out... right 😟
I never said it's a great idea, I would never do it, and never recommend it to anyone. But there are people that are not tech savvy as us. Another point also is. How do we really know Trezor and other cold storage device companies aren't going to follow suit. 🤔
Have heard positive feedback!
The point is not to trust, verify.
I'm with ya. Just not sure how people can verify what these companies are really building within their products. Other companies are probably doing the same crap.
That’s what happens when you give carte blanche to a bunch of PMs that don’t get the ethos of Bitcoin
they could, but i believe any bitcoin-only company would be less likely to follow suit. and if one does, you move your funds to another wallet.
Omfg who decides those things?
I was using Trezor, but lost it while I was on a boat last summer 🥲
I don't trust any company.
Thanks Will.
I read it’s optional, isn’t it?
Get one if this. I use #BitBox02 , not using anything else 😉
And it's #Bitcoin only 👍
Ask me or @Tania Lea for info or a promo code
View quoted note →
not event Trust Company? their music is pretty sweet.
That doesn't sound possible, technically. I don't think you can get the secret out of a secure element, but I'm not an expert here.
You can extract a seed phrase from a bitbox02 to an SD card. Better than ledgers model of your phase being stored in 3 different cloud custodians. But proof that a phrase has the technical ability to be extracted from the device!
View quoted note →
Maybe better at hiding stuff 🤔
You trust that?
Not even trust wallet. They think it'd clever to back up to cloud. And there owned by binance.
I don’t know too much 😕 unfortunately I’m going to receive a Nano X I won and now I read these news 😢
With this update it's now possible for your private key to leave the device, whether you opt-in or not. The firmware is also closed source... this is beyond stupid for a hardware device.
You are correct. I think the concern with this one though is the idea that Ledger can retrieve your seed phrase with a firmware update. It isn't clear to me though that this is what Ledger is offering or capable of doing. I think folks are speculating some from the Q&A. This planned service from Ledger may be a thing where you provide your seed phrase in some manner voluntarily, maybe upon the seed phrase creation phase of setting up a device. I have heard it involves encrypted shards and multiple custodians. I am going to wait for more information.
Um did we read the same article? It's a $10 KYC subscription service that sends your private key over the internet to other companies... this isn't about increasing adoption. It's compromising users' security to increase profits.
It's encrypted and sharded to 3 different companies. It's not the best way. I don't recommend it. But it will appeal to some people, possibly older generation. Which helps adoption. It also will backup up to 50,000 euro if lost. I recommend to store on pen and paper. But we are not all responsible or tech savvy.
Time for people to get a cold card
Not your keys, not your Bitcoin.
Doesn't matter if it's encrypted and "sharded". This opens up the private key to middleman attacks and backdoor exploits, not to mention that this information could be forced to be revealed by a court order or government overreach. It's insanely irresponsible.
Every comment I made, I said it's not recommended or safe. But it's all some people can handle/want/trust. And it's not mandatory. If you lose a bank card, you can show ID to the bank and get it back. People want the same thing in crypto, especially old generation. I will always use pen and paper. But I'm also open for other routes to get people on boarded.
Simply speechless. Why would they think this is a good idea. Also the secure element doesn't seem secure if this is possible.
Nah we should not be recommending or supporting this for anybody. If they can't handle their own recovery phrase, then they should use a multi-sig solution service like unchained, where each party holds a private key in a device that doesn't have a potential backdoor like ledger. That's safe and easy for anyone to do.
Shitcoin wallet. Bitcoin only is the only realistic way to be secure
How? Like how can it simply export private key using just software?
I just purchased a COLDCARD™ Mk4 Colour: Purple ! Thanks #[4] 🤙🏼💜🫂
Even if you do trust that, but what are they going to pull next? It's about the underlying value and trust.
As I have said multiple times, I am not recommending it. But it may be the option for some people. Not a smart option. But an option. Which allows for more on boarding.
Yes, I see, you can’t trust anymore.
The concern here seems overblown. You have to opt into this service.
The fact it exists at all is the issue
Do you not feel the same about the existence of Trezor’s chain analysis ties and Terms of Service? Once leashed by the state, there are no take backs, only more demands, a tighter collar, until everyone with integrity has left the company and users are captured.
I trust their devs, they are OG bitcoiners
I guess I can see that. According to Ledger they don’t have access to it unless you give them access. Sounds like trust is the issue which I know many don’t have in Ledger.
Private keys are meant to be air gapped or at least never leaving a device, especially not sent to the internet - no matter what alleged encryption or security is used.
Imagine to get access you need an email and password. They know your email. Now your password. You effectively transformed your secure private key into a short password brain wallet or low time brute force puzzle.
Ledger is not something I’d recommend to anyone, even if it’s fairly mature and nice enough general UX.
Still love my Bitbox and haven't heard any negative news. I've been all about the tapsigners more recently though (for mobile) and have both bitbox and coldcard in my cold storage. Also still use the Trezor and will recommend it, but its not my first pick because of the enormous amounts of shitcoinery.
Basically I go for bitcoin only at the top of my hierarchy and go down. Other hardware wallets I like are the Keystone, I'm interested but have spent too little time with the Passport, and the Jade.
Wtf… bad take from Ledger
They just torched their cold wallet business. What a disaster.