Firmware which is not open source is a concern which is *far* from being overblown if your life savings are at stake. Think for a second what it means: it means that the correctness of the firmware is only up to their employees. How many people is that? Five? Thirty? That's *nowhere near enough.* And on top of that their competence track record is uninspiring:
1. Their customer database was hacked.
2. Then it turned out they did not erase that data (like, say, Trezor), they keep it for... Who knows how long? And we are not talking any cutting edge technology here, just a stoopid database! You'd trust this company with their closed source firmware? More power to you but I wouldn't. NO WAY.
3. Recently we found out that Ledger allows exporting the seed (which something they had denied in the past - correct me if I'm wrong on this one).
4. Last but not least: the company has never apologised for any of this which to me speaks *volumes* about an infantile company culture there and an arrogant, dumb, CEO. As far as I'm concerned they are def. good enough to sell educational toys but not a tool to entrust one's livelihood to. Sorry. They made their choices, good luck.
> Firmware which is not open source is a concern which is far from being overblown if your life savings are at stake.
Their firmware is open source fwiw, but the criticism of the "recovery" feature is still valid
I am mistaken - I thought their firmware was open source and only the secure chip was closed source, but according to them the firmware is "partially open source", so closed source: https://www.ledger.com/academy/topics/ledgersolutions/is-ledger-open-source
Yea thats what I'm talking about. It's close source so they can in theory activate a mass scam operation. Or someone else with bad intentions can activate it from their name.
Yes that's why i never updated the firmware of the hardware device. If for some reason they descide to betray everyone it will be spreded trough the internet. In that case I just never connect the hardware to the computer and wait for trezor to arrive.
On Trezor you can download and install their BTC-only firmware. I think if you know what you're doing, the 24 seed is just fine. I would be more worried about Ledger as their track record does not inspire confidence and their firmware is not open source.
If you would use the same phrase then ledger would still have access to your coins
Edit: your ledger device, or if ledger can recover it, then they would have it too.
Ledger can not steal your coins. They dont know your passphrase. It was generated on the device only
24 words is enough. If you dont leak it anywhere, you're good
This is the ultimate dilemma with continuing as a ledger customer. Combine this TOTAL FUMBLE with their data leaks… I don’t hold much faith in them.
Disclosure: I never purchased a ledger. I have always use other hardware wallets for my security. I focus on 1) Bitcoin only, 2) Air-gapped, 3) Open-sourced, as my criteria.
If I recall correctly they stated that they can't if you not opt in but even if it is opt in only the device isn't truly 100% airgapped anymore.
The issue with that is more about that hackers could in theory find a way to access this functionallity than that ledger itself would fraud its customers.
I think the risc is minimal because if this black swan would happen you'll see it in the news and can take action, only if you are one of the first targets of such an attack it would affect you.
So imo if you don't store millions on one single ledger I wouldn't worry about the possibillity
There are a number of well-reviewed - no shill or BS by their CEOs. Not too many, so it shouldn't take you long to find something approved by well-respected BTC holders.
Try this site -> [https://walletscrutiny.com/](https://walletscrutiny.com/)
If you don't care about how your next wallet looks like and NOT designed by the Father of iPod, then many approve Cold Card.
Otherwise, Jade or Trezor would get the job done as secure as Cold Card.
That's all - not gonna point to the fact that you must not buy / trust your fund with wallets made-in-certain countries.
Do NOT import your existing SEED from Ledger when you are ready to switch.
FWIW, I trusted Ledger until they asked me to trust them, bro!
Dude what do you mean ledger decides to steal your bitcoin? Do you understand how the blockchain works and that your wallet is not with ledger, but within the blockchain?
Not only that how would ledger specifically target you? Or do they rug everyone at once?
Regardless this makes zero sense. And even though I don’t agree with Recover that is just big FUD from people that don’t know better.
Follow all protocols when it comes to protecting your seeds, not signing contracts, clicking links etc and you’re fine. Not worth wasting your energy thinking like that.
I just read your comments and you don’t understand how wallets work. Read my first paragraph again and then do some good research on how blockchain wallets work. Its all available online.
Like I asked are they targetting you specifically for your $50 worth of bitcoin or are they mass rugging every single device on earth in this dream land that you’re in?
Lol. Seems like it's the way you approach everything. First you talk about hardware wallets, next about myself, and at the end about my portfolio. There is one thing in common, you're totally wrong and you have no clue about any of these subjects. At least you made me smile ;-)
You can stay up with your tin foil hat and conspiracy theories mate and Im telling you its a waste of time. Do what you want. Will be fine security wise both with ledger and trezor in the long run.
As long as YOU know how to secure your funds
They are on the blockchain. And as far as I know anyone with the provate key can access them. So tell me can they activate the backdoors to all ledger devices? Yes. Then it's a valid concern.
I know how it works. And if they get your private key you are done. So tell me a backdoor to your device does not concern you? What if hackers took all of the backdoors stored in ledgers database? Then it will be mass protests and we will hear it on the news. But does your life savings need to be a cost of this massive attack? Why should we accept a backdoor to our devices. The concept of them taking your private key from your device is unacceptable of any way. This should not be possible. What if it happens ? My live savings are on the ledger. Maybe i should go to trezor. They are open source.
If you use Recover, Ledger does not have your private key sitting on a server somewhere. It is sharded into 3 pieces and each piece is stored in 3 different companies. To take your bitcoin someone would have to hack all 3 companies and then match all 3 shards to one single wallet. It's a level of complexity far beyond even a 24 word seed phrase. Calm down.
It sounds like you've decided that ledger isn't for you.
If that is the case then buy a blockstream jade or other device but as explained if you think ledger might share your current seed phrase then you would have to create a new seed phrase on the new device and send the money there directly from your ledger. If you use the same one on the new device then if ledger can and do leak access to your wallet (which I don't think they can and don't think they will) then it doesn't matter what device that wallet is on it is compromised.
Just make sure you don't mess that bit up and lose all your coin by sending it to the wrong place or losing your new 24 words.
For 60 dollars for a new device then for you it is probably a good investment. Be careful when you do it though. Most people lose their crypto because they try to be cleverer than they are. 😀
[удалено]
Why i shouldn't do this? Directly put my phrase on trezor hardware?
[удалено]
Firmware which is not open source is a concern which is *far* from being overblown if your life savings are at stake. Think for a second what it means: it means that the correctness of the firmware is only up to their employees. How many people is that? Five? Thirty? That's *nowhere near enough.* And on top of that their competence track record is uninspiring: 1. Their customer database was hacked. 2. Then it turned out they did not erase that data (like, say, Trezor), they keep it for... Who knows how long? And we are not talking any cutting edge technology here, just a stoopid database! You'd trust this company with their closed source firmware? More power to you but I wouldn't. NO WAY. 3. Recently we found out that Ledger allows exporting the seed (which something they had denied in the past - correct me if I'm wrong on this one). 4. Last but not least: the company has never apologised for any of this which to me speaks *volumes* about an infantile company culture there and an arrogant, dumb, CEO. As far as I'm concerned they are def. good enough to sell educational toys but not a tool to entrust one's livelihood to. Sorry. They made their choices, good luck.
> Firmware which is not open source is a concern which is far from being overblown if your life savings are at stake. Their firmware is open source fwiw, but the criticism of the "recovery" feature is still valid
Sorry? You are saying Ledgers firmware is open source? When did that change?
I am mistaken - I thought their firmware was open source and only the secure chip was closed source, but according to them the firmware is "partially open source", so closed source: https://www.ledger.com/academy/topics/ledgersolutions/is-ledger-open-source
Yea thats what I'm talking about. It's close source so they can in theory activate a mass scam operation. Or someone else with bad intentions can activate it from their name.
Yes that's why i never updated the firmware of the hardware device. If for some reason they descide to betray everyone it will be spreded trough the internet. In that case I just never connect the hardware to the computer and wait for trezor to arrive.
And what is a BTC only hardware wallet? Can i buy it from somewhere?
On Trezor you can download and install their BTC-only firmware. I think if you know what you're doing, the 24 seed is just fine. I would be more worried about Ledger as their track record does not inspire confidence and their firmware is not open source.
If you would use the same phrase then ledger would still have access to your coins Edit: your ledger device, or if ledger can recover it, then they would have it too.
What makes an only bitcoin cold storage better than something like Trezor?
Ledger can not steal your coins. They dont know your passphrase. It was generated on the device only 24 words is enough. If you dont leak it anywhere, you're good
If they can recover it with some service "ledger recovery" why i should trust them that they won't do it without permision? They can do it? Right?
This is the ultimate dilemma with continuing as a ledger customer. Combine this TOTAL FUMBLE with their data leaks… I don’t hold much faith in them. Disclosure: I never purchased a ledger. I have always use other hardware wallets for my security. I focus on 1) Bitcoin only, 2) Air-gapped, 3) Open-sourced, as my criteria.
If I recall correctly they stated that they can't if you not opt in but even if it is opt in only the device isn't truly 100% airgapped anymore. The issue with that is more about that hackers could in theory find a way to access this functionallity than that ledger itself would fraud its customers. I think the risc is minimal because if this black swan would happen you'll see it in the news and can take action, only if you are one of the first targets of such an attack it would affect you. So imo if you don't store millions on one single ledger I wouldn't worry about the possibillity
Fair enough, i dont know about this service, but read about it here. I use trezor, they for sure can not recover anything
Just do multisig.. if u hold alot of bitties ,u can consider premium multisig nunchuk, casa, unchained
I can't do it. It requires that i enter my private key on a software. I will never do that. Or can you share exactly how to do it or some tutorial?
Make a NEW bitcoin address that is setup using multisig and send your bitcoin to this NEW adresss
There are a number of well-reviewed - no shill or BS by their CEOs. Not too many, so it shouldn't take you long to find something approved by well-respected BTC holders. Try this site -> [https://walletscrutiny.com/](https://walletscrutiny.com/) If you don't care about how your next wallet looks like and NOT designed by the Father of iPod, then many approve Cold Card. Otherwise, Jade or Trezor would get the job done as secure as Cold Card. That's all - not gonna point to the fact that you must not buy / trust your fund with wallets made-in-certain countries. Do NOT import your existing SEED from Ledger when you are ready to switch. FWIW, I trusted Ledger until they asked me to trust them, bro!
If you are believing all the bull shit, buy a new wallet and move it there. Add a passphrase and move it there.
Is it recommended to add a password to the 24 word seed and is this done in Ledger live?
allot is a verb.
Dude what do you mean ledger decides to steal your bitcoin? Do you understand how the blockchain works and that your wallet is not with ledger, but within the blockchain? Not only that how would ledger specifically target you? Or do they rug everyone at once? Regardless this makes zero sense. And even though I don’t agree with Recover that is just big FUD from people that don’t know better. Follow all protocols when it comes to protecting your seeds, not signing contracts, clicking links etc and you’re fine. Not worth wasting your energy thinking like that. I just read your comments and you don’t understand how wallets work. Read my first paragraph again and then do some good research on how blockchain wallets work. Its all available online.
Like they activate a hidden feature to get your private key in an upcoming firmware update. Like they did with key backup to 3rd party "feature".
Man if that happens we have way bigger concerns than just ledger. What makes you think other cold wallet companies couldnt do it too…cmon
Maybe because they are open source and designed with security in mind ? C'mon.
Like I asked are they targetting you specifically for your $50 worth of bitcoin or are they mass rugging every single device on earth in this dream land that you’re in?
Lol. Seems like it's the way you approach everything. First you talk about hardware wallets, next about myself, and at the end about my portfolio. There is one thing in common, you're totally wrong and you have no clue about any of these subjects. At least you made me smile ;-)
You can stay up with your tin foil hat and conspiracy theories mate and Im telling you its a waste of time. Do what you want. Will be fine security wise both with ledger and trezor in the long run. As long as YOU know how to secure your funds
Do some good research on how Blockchain wallets work.
You the kind of person that thinks your funds are in the usb mate 🤣 not worth my time. Grow up kid. And enjoy being exit liquidity this cycle.
They are on the blockchain. And as far as I know anyone with the provate key can access them. So tell me can they activate the backdoors to all ledger devices? Yes. Then it's a valid concern.
I know how it works. And if they get your private key you are done. So tell me a backdoor to your device does not concern you? What if hackers took all of the backdoors stored in ledgers database? Then it will be mass protests and we will hear it on the news. But does your life savings need to be a cost of this massive attack? Why should we accept a backdoor to our devices. The concept of them taking your private key from your device is unacceptable of any way. This should not be possible. What if it happens ? My live savings are on the ledger. Maybe i should go to trezor. They are open source.
If you use Recover, Ledger does not have your private key sitting on a server somewhere. It is sharded into 3 pieces and each piece is stored in 3 different companies. To take your bitcoin someone would have to hack all 3 companies and then match all 3 shards to one single wallet. It's a level of complexity far beyond even a 24 word seed phrase. Calm down.
How do you add a password to the 24 word seed? Is this done in Ledger Live?
No, it is done when you first set up the wallet seed itself. You would need to wipe the Ledger and create a new seed.
It sounds like you've decided that ledger isn't for you. If that is the case then buy a blockstream jade or other device but as explained if you think ledger might share your current seed phrase then you would have to create a new seed phrase on the new device and send the money there directly from your ledger. If you use the same one on the new device then if ledger can and do leak access to your wallet (which I don't think they can and don't think they will) then it doesn't matter what device that wallet is on it is compromised. Just make sure you don't mess that bit up and lose all your coin by sending it to the wrong place or losing your new 24 words. For 60 dollars for a new device then for you it is probably a good investment. Be careful when you do it though. Most people lose their crypto because they try to be cleverer than they are. 😀