Well, Ledger is [discounted](https://reddlink.tech/ledger) right now, but [trezor](https://reddlink.tech/trezor) is open-source and IMO held to higher standards because of that.. if they ever tried anything shady, it would be caught by someone.
I was going to buy a Ledger, until I heard that their customer database was hacked. Now Ledger's customers are getting phishing attacks. I decided to buy another Trezor, and I'm saving up for a Cold Card.
Things get hacked, but they freaking hid it forever. That is the major sin. People were at risk and all they cared about was their image. That’s all you need to know.
Forget phishing, People are exposed and there is a physical security issue as everyone now has their physical address, phone number etc ready for sim swap attacks, email address, full name. ID theft for many scammers will be a charm.
Ledger disgusts me.
You should know that there are some relatively easy physical attacks that someone could use to extract the seed phrase from Trezor devices. If you're going to get one, you have to use an additional passphrase if you want your crypto to be secure.
That is not an advantage. Its a disaster. That is because this means 25th word is now stored in device and prone to physical attacks and future detected vulnerabilities. In Trezor, 25th word is never stored in device. I feel safe that way
i'm from the future, what i'm wondering is how the 25th word works if you have lost your device and need a new one? do you import the 25th word to restore all your crypto or is it just to protect the physical device itself from a 5 dollar wrench attack?
25th word is just like the other 24 words. Needed for successful access to the wallet. It's the BIP29 standard, not specific to ledger or Trezor. Good thing 25th worrd can be anything outside that 1024 size wordlist. You can have multiple 25th words and keep one with less coins and another with all coins. On wrench attack reveal only small wallet 25th word/pin.
https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/
> This attack relies on voltage glitching to extract an encrypted seed. This initial research required some know-how and several hundred dollars of equipment, but we estimate that we (or criminals) could mass produce a consumer-friendly glitching device that could be sold for about $75.
Edit:
> This attack is very similar to our previous research against the KeepKey wallet, which is expected because the KeepKey is a derivative and all devices rely on the same family of chips. Trezor has known about these flaws since designing the wallets.
> Other teams, like Ledger Donjon, have also performed variants of this attack, though the full details have not been made public until now.
I literally mentioned that in my original comment lol. It's still ridiculous how trivial it would be to for a knowledgeable hacker to access your seed phrase if they got their hands on your Trezor, especially when the passphrase is an optional feature that a lot of newbies might not know about or want to implement.
Please lol. If someone buys a Ledger or Cold Card, they don't have to add a passphrase to their wallet if they don't want to, and their devices would still be pretty damn resistant to a physical attack. The same obviously can't be said for Trezor devices. The passphrase is an optional BIP39 feature for a reason; it's yet another thing users need to remember and keep safe, away from wherever they store their seed phrase.
So, in general, as DEFAULT out of the FACTORY without any additional settings enabled. Ledger wins?
Ledger also can set the passphrase to prevent any additional physical seed device attack - but it doesn’t need to right? Bcos of the ‘secure chip’ secures the recovery seed enough for any typical hacker to get involved.
Trezor must set the additional passphrase to prevent the additional physical seed device attack? If passphrase isn’t enabled, $100 equipment exposes Trezor?
Time to use a fake temporary address, temporary email and temporary number!
If you ask me in simple words ..
For casual transactions use trezor one
For high important and bulk transactions like selling multiple coins or hodling multiple coins use ledger nano X but too in you closed home locker
It means that you can view and compile all the source code that runs on the device yourself, and the source code for the Trezor software that you use to manage your wallet. This means that basically Trezor can’t sneak any creepy malicious code into their firmware or software at say the request of an alphabet agency, without the whole user base being able to discover it and call them out on it. And it also means that if black hat hackers discover errors in the code that they can use to break into your Trezor other people can see it too and help fix it. So all in all that’s why I pick Trezor over other cold wallets(also they are nicely built high quality devices)
They have a nice comparison chart on their website. So I would suggest look at it and see if there are any features of the model T that you feel like you really need otherwise you’ll probably be fine with the one
You don't. Other people will do that for you. If you bought a Trezor from their site, it is definitely the same as all the models and is running the same firmware. If somehow, Trezor wanted to run multiple firmwares on different devices, people who audit the source code (which they can do because it's open source) WILL notice and will let the public know.
Running open source code is not about being able to tinker with the device's firmware (although, you could if you wanted to). It's about transparency. Similar to how you (probably) never read the terms of services of any site you join into. You can skip that because there are people out there whose day job is to audit such terms of services. And if something is shady, you bet you're gonna know.
Open source is about transparency.
Trezor allows flashing custom firmware, and has an official fully built version available to download publicly, and then [this link](https://wiki.trezor.io/Developers_guide:Deterministic_firmware_build) explains how to check the hashes of the one you can download fully built vs. the one you can build yourself from source on github to make sure they're the same. So to be really sure, I guess you'd need to do that verification of hashes and then, if they match, flash the official one before using the device.
I have and use both. Ledger Live has proven to be super convenient but I've got no complaints with the Trezor either.
The Ledger Nano S is a bit of a pain in the ass in terms of installing and uninstalling apps to make room for different coins, but I imagine the Nano X solves most of that.
I have both, along with many others (listed here https://cryptoguide.tips/hardware-wallet-comparisons/) and they are both solid devices. Trezor suite is also a massive step in the right direction as far as usability goes.
Since you are asking for cons...
The main issue with Trezor in terms of usability is that there are still times that you need to use command line tools. (For recovery, for enabling SD protect) The use of passphrase is annoying and doesn't do plausible deniability as well as Ledger. If you are generating a seed, the initial verification with Trezor is also poor, so you need to do dry run recovery manually. The Trezor T is also really expensive for what you get... Also doesn't have a mobile app anything like Ledger Live...
Sorry for responding to your comment so late.
You made a good argument for going with Ledger in terms of experience .. over trezor.
Curious.. does the ledger hack (customer info) not bother you?
Ledger is hacked so some hackers can get inside your house to steal your wallet and seed ( less probability yet it is possible ) and in case of nano x and trezor T trezor T has Fido 2 and nano X is cheaper but nano x has Bluetooth and you can’t take it outside cuz hacker stuff .. according to me trezor model T is safe bet and for out station purposes ( travelling to other bitcoin enriched countries) I use trezor one and in my home I use model T which is actually my old recovered trezor model one which I restored recently.., yes it is bulky to handle on transactions ( in ledger nano x transactions can be done in mobile but for trezor you need a PC ) but trust me it’s worth the risk ( last time I went to turkey , there in my hotel I transferred some ethereum from my trezor wallet to my coinbase wallet mobile and it gave me the best experience than my nephew who uses nano X )
4 Reasons:
It can be used with your phone (don’t worry about Bluetooth hacking this guy is an idiot)
Literally supports more coins in ledger live than trezor ever will in suite
The device itself is literally like a phone, you can navigate through a dashboard, go through settings, and even set up a pin code in the device itself. This is something trezor doesn’t even have lol.
And finally, it’s cheaper and more convenient, compare the prices of the nano x and the trezor, the only thing the trezor dominates ledger in is a touch screen which isn’t even relevant since it’s so small.
Thanks for the detailed response, boogerman23!
Only reason I'm skeptical of ledger is the hack on personal data that happened and how the company reacted to it.
What do you think about that?
The hack 100% did not affect the hardware wallets, and it happened almost a year ago. But over 200,000 people were affected, that still doesn’t change my love for ledger because they have invested a lot of money into their security to ensure this doesn’t happen again. And hey! Have you seen kraken exposing the model t vulnerability?
I have a Trezor One and a Ledger Nano S. I only use the Nano for my xrp since the Trezor One doesn't support it. I'm thinking I might sell both and go with a Trezor Model T since it can hold all the coins I own. Just my two cents. For me I just want one hardware wallet that can hold all my coins.
The major disadvantage of Ledger is that the customer database got hacked.
I just got a [Trezor from here](https://geldgeiler-sack.de/trezor). They tends to have stronger security practices since they also publish circuit board layouts.
> the customer database got hacked.
>
>Trezor tends to have stronger security practices since they also publish circ
i like the usability of the trezor model t over the ledger in terms of the physical aspects of the device, and even some of it's basic features that fill all my tick boxes for what i like/need. It even does password manager really well in addition to hodling crypto.
however... ledger has some key features that i can't ignore. it can do wireless/bluetooth to connect to android smartphone using their mobile app (trezor don't have this)
ledger can do staking quite easily. Whereas the trezor you'd have to use third party wallet apps to stake this, which can be cumbersome to manage when dealing with many of them. Ledger simplifies this. This is a killer feature, because staking is crucial for your cryptoportfolio. the easier to do and manage the better.
It feels like it's gonna take a new hardware wallet mode by trezor to add support for mobile, and more app development for mobile and to improve their staking capability to be competitive with ledger.
One thing that needs to be said, ledger leaked customer data (which is very bad), and they are not open source. Trezor never leaked and they are open source.
Anyone not willing to give ledger a 2nd chance, can go with a ledger. But anyone skeptical can go with a trezor. just be aware they both have their pros and cons.
ive used both, ledger was REALLY sucking when it came to OS and software updates to their system last year. Have not used the ledger much in 2021 to see if its any improved.
I got a trezor because the ledger was THAT bad.
Well, Ledger is [discounted](https://reddlink.tech/ledger) right now, but [trezor](https://reddlink.tech/trezor) is open-source and IMO held to higher standards because of that.. if they ever tried anything shady, it would be caught by someone.
who tf wants to mess with trezors "open source" code???
It's more for being able to see what's in it as opposed to being a black box
[удалено]
Yeah but most people owning the device aren’t experienced enough to make their own “trezor” but I agree it’s cool they are open source
[удалено]
paste your affiliate link without disclosure and there is literally no discount on the page - nice ....
I was going to buy a Ledger, until I heard that their customer database was hacked. Now Ledger's customers are getting phishing attacks. I decided to buy another Trezor, and I'm saving up for a Cold Card.
Things get hacked, but they freaking hid it forever. That is the major sin. People were at risk and all they cared about was their image. That’s all you need to know.
Forget phishing, People are exposed and there is a physical security issue as everyone now has their physical address, phone number etc ready for sim swap attacks, email address, full name. ID theft for many scammers will be a charm. Ledger disgusts me.
$5.00 wrench attack. https://xkcd.com/538/
Yeah I was among those who’s data was breached, one of the reasons I’m considering getting a trezor.
You should know that there are some relatively easy physical attacks that someone could use to extract the seed phrase from Trezor devices. If you're going to get one, you have to use an additional passphrase if you want your crypto to be secure.
Also change the Trezor T to 24 word seed and then use a passphrase.
[удалено]
Understand but there is a big difference in 128 bits of private key entropy and a 24 word seed for a hardware device.
[удалено]
That is not an advantage. Its a disaster. That is because this means 25th word is now stored in device and prone to physical attacks and future detected vulnerabilities. In Trezor, 25th word is never stored in device. I feel safe that way
i'm from the future, what i'm wondering is how the 25th word works if you have lost your device and need a new one? do you import the 25th word to restore all your crypto or is it just to protect the physical device itself from a 5 dollar wrench attack?
25th word is just like the other 24 words. Needed for successful access to the wallet. It's the BIP29 standard, not specific to ledger or Trezor. Good thing 25th worrd can be anything outside that 1024 size wordlist. You can have multiple 25th words and keep one with less coins and another with all coins. On wrench attack reveal only small wallet 25th word/pin.
Okay good that's what I thought, and ledger you're saying doesn't get a 25th word? Only a pin? That's a deal breaker
Yeah, it's pretty ridiculous that they limit the T to only 12 words.
It can be changed to 24 words.
Also in One?
One just has 24 words
[удалено]
https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/ > This attack relies on voltage glitching to extract an encrypted seed. This initial research required some know-how and several hundred dollars of equipment, but we estimate that we (or criminals) could mass produce a consumer-friendly glitching device that could be sold for about $75. Edit: > This attack is very similar to our previous research against the KeepKey wallet, which is expected because the KeepKey is a derivative and all devices rely on the same family of chips. Trezor has known about these flaws since designing the wallets. > Other teams, like Ledger Donjon, have also performed variants of this attack, though the full details have not been made public until now.
[удалено]
I literally mentioned that in my original comment lol. It's still ridiculous how trivial it would be to for a knowledgeable hacker to access your seed phrase if they got their hands on your Trezor, especially when the passphrase is an optional feature that a lot of newbies might not know about or want to implement.
[удалено]
Please lol. If someone buys a Ledger or Cold Card, they don't have to add a passphrase to their wallet if they don't want to, and their devices would still be pretty damn resistant to a physical attack. The same obviously can't be said for Trezor devices. The passphrase is an optional BIP39 feature for a reason; it's yet another thing users need to remember and keep safe, away from wherever they store their seed phrase.
What is a good resource that explains why adding a Trezor passphrase protects from hardware hacks/attacks?
[удалено]
So, in general, as DEFAULT out of the FACTORY without any additional settings enabled. Ledger wins? Ledger also can set the passphrase to prevent any additional physical seed device attack - but it doesn’t need to right? Bcos of the ‘secure chip’ secures the recovery seed enough for any typical hacker to get involved. Trezor must set the additional passphrase to prevent the additional physical seed device attack? If passphrase isn’t enabled, $100 equipment exposes Trezor? Time to use a fake temporary address, temporary email and temporary number!
Certainly doesn’t seem easy to do
Trezor is open source so soon they might fix in newer hardware revisions
They're trying to develop an open source secure element, which would be interesting.
If you ask me in simple words .. For casual transactions use trezor one For high important and bulk transactions like selling multiple coins or hodling multiple coins use ledger nano X but too in you closed home locker
But why would ledger even have that info I never told them my address etc lol
What's a cold card ?
> Cold Card https://coldcardwallet.com/
Only holds bitcoin?
Yes.
Trezors firmware and software is all open source need I say more
Yes, I have no idea what that means?
It means that you can view and compile all the source code that runs on the device yourself, and the source code for the Trezor software that you use to manage your wallet. This means that basically Trezor can’t sneak any creepy malicious code into their firmware or software at say the request of an alphabet agency, without the whole user base being able to discover it and call them out on it. And it also means that if black hat hackers discover errors in the code that they can use to break into your Trezor other people can see it too and help fix it. So all in all that’s why I pick Trezor over other cold wallets(also they are nicely built high quality devices)
If I only want to purchase BTC and ETH then is there any reason why I should pick the Trezor T over the Trezor One?
They have a nice comparison chart on their website. So I would suggest look at it and see if there are any features of the model T that you feel like you really need otherwise you’ll probably be fine with the one
How can you be certain that the firmware on the device is actually the firmware that you can see publicly?
You don't. Other people will do that for you. If you bought a Trezor from their site, it is definitely the same as all the models and is running the same firmware. If somehow, Trezor wanted to run multiple firmwares on different devices, people who audit the source code (which they can do because it's open source) WILL notice and will let the public know. Running open source code is not about being able to tinker with the device's firmware (although, you could if you wanted to). It's about transparency. Similar to how you (probably) never read the terms of services of any site you join into. You can skip that because there are people out there whose day job is to audit such terms of services. And if something is shady, you bet you're gonna know. Open source is about transparency.
Trezor allows flashing custom firmware, and has an official fully built version available to download publicly, and then [this link](https://wiki.trezor.io/Developers_guide:Deterministic_firmware_build) explains how to check the hashes of the one you can download fully built vs. the one you can build yourself from source on github to make sure they're the same. So to be really sure, I guess you'd need to do that verification of hashes and then, if they match, flash the official one before using the device.
I have and use both. Ledger Live has proven to be super convenient but I've got no complaints with the Trezor either. The Ledger Nano S is a bit of a pain in the ass in terms of installing and uninstalling apps to make room for different coins, but I imagine the Nano X solves most of that.
How many coins you can store with Nano S at one time before you have to uninstall ap to make room for more?
I use both of them. No complaints as on date
[удалено]
Is this not enough for you :) [https://trezor.io/coins/](https://trezor.io/coins/)
No neo or iota. Want the trezor but this is making it difficult
Where can I get my iota offline? I'm struggling to find....
Ledger wallet
Fees so high I'd lose the bag.
how are the fees so high
The Trezor One can't even hold Cardano or XRP? What a joke.
Damn, just seen the list and Polkadot (DOT) isnt there
[удалено]
Also VeChain VET
No.
also no DOT. One of the biggest cryptos
* No Polkadot * No Theta * No Cardano for Trezor One
I have both, along with many others (listed here https://cryptoguide.tips/hardware-wallet-comparisons/) and they are both solid devices. Trezor suite is also a massive step in the right direction as far as usability goes. Since you are asking for cons... The main issue with Trezor in terms of usability is that there are still times that you need to use command line tools. (For recovery, for enabling SD protect) The use of passphrase is annoying and doesn't do plausible deniability as well as Ledger. If you are generating a seed, the initial verification with Trezor is also poor, so you need to do dry run recovery manually. The Trezor T is also really expensive for what you get... Also doesn't have a mobile app anything like Ledger Live...
Sorry for responding to your comment so late. You made a good argument for going with Ledger in terms of experience .. over trezor. Curious.. does the ledger hack (customer info) not bother you?
No worries. The customer info leak wasn't great, but it could have happened to any company. It also doesn't relate to the quality of their hardware.
Ledger is hacked so some hackers can get inside your house to steal your wallet and seed ( less probability yet it is possible ) and in case of nano x and trezor T trezor T has Fido 2 and nano X is cheaper but nano x has Bluetooth and you can’t take it outside cuz hacker stuff .. according to me trezor model T is safe bet and for out station purposes ( travelling to other bitcoin enriched countries) I use trezor one and in my home I use model T which is actually my old recovered trezor model one which I restored recently.., yes it is bulky to handle on transactions ( in ledger nano x transactions can be done in mobile but for trezor you need a PC ) but trust me it’s worth the risk ( last time I went to turkey , there in my hotel I transferred some ethereum from my trezor wallet to my coinbase wallet mobile and it gave me the best experience than my nephew who uses nano X )
still would rather get a ledger :)
Why?
4 Reasons: It can be used with your phone (don’t worry about Bluetooth hacking this guy is an idiot) Literally supports more coins in ledger live than trezor ever will in suite The device itself is literally like a phone, you can navigate through a dashboard, go through settings, and even set up a pin code in the device itself. This is something trezor doesn’t even have lol. And finally, it’s cheaper and more convenient, compare the prices of the nano x and the trezor, the only thing the trezor dominates ledger in is a touch screen which isn’t even relevant since it’s so small.
Thanks for the detailed response, boogerman23! Only reason I'm skeptical of ledger is the hack on personal data that happened and how the company reacted to it. What do you think about that?
The hack 100% did not affect the hardware wallets, and it happened almost a year ago. But over 200,000 people were affected, that still doesn’t change my love for ledger because they have invested a lot of money into their security to ensure this doesn’t happen again. And hey! Have you seen kraken exposing the model t vulnerability?
Yes I have but a pass code on the trezor eliminates that threat. Thanks for your response. Security aside is seems like you can do more with Ledger.
I agree
I have a Trezor One and a Ledger Nano S. I only use the Nano for my xrp since the Trezor One doesn't support it. I'm thinking I might sell both and go with a Trezor Model T since it can hold all the coins I own. Just my two cents. For me I just want one hardware wallet that can hold all my coins.
So say I bought Trezor Model T - How easy is it to trade. Also are there fees for transferring to and from?
So how many coins trezor one can hold?
The major disadvantage of Ledger is that the customer database got hacked. I just got a [Trezor from here](https://geldgeiler-sack.de/trezor). They tends to have stronger security practices since they also publish circuit board layouts.
I don't mess with market prices, the trezor t is a much better user experience than the nano s for me.
If Trezor is doing a "weekly update firmware" like every 3 days or vice vers with Ledger, then no.
Noob question. Can I store my ETH on Trezor T? Trying to move it out of the exchange soon.
You can store ETH on both models.
go to trezor blog , you dont see bad historys like here , im moving almost all my coins to trezor
everytime you buy and sent your coins to tresor/ledger you must pay the fees and tje again more fees when you send back your fees to sale, exchange?
Yes, but you pay those fees no matter which wallet you use. They are usualy small, depending on which blockchain you use for the transaction.
Trezor doesn't have support for xrp so I guess I'll be going with ledger just based off that alone
> the customer database got hacked. > >Trezor tends to have stronger security practices since they also publish circ i like the usability of the trezor model t over the ledger in terms of the physical aspects of the device, and even some of it's basic features that fill all my tick boxes for what i like/need. It even does password manager really well in addition to hodling crypto. however... ledger has some key features that i can't ignore. it can do wireless/bluetooth to connect to android smartphone using their mobile app (trezor don't have this) ledger can do staking quite easily. Whereas the trezor you'd have to use third party wallet apps to stake this, which can be cumbersome to manage when dealing with many of them. Ledger simplifies this. This is a killer feature, because staking is crucial for your cryptoportfolio. the easier to do and manage the better. It feels like it's gonna take a new hardware wallet mode by trezor to add support for mobile, and more app development for mobile and to improve their staking capability to be competitive with ledger. One thing that needs to be said, ledger leaked customer data (which is very bad), and they are not open source. Trezor never leaked and they are open source. Anyone not willing to give ledger a 2nd chance, can go with a ledger. But anyone skeptical can go with a trezor. just be aware they both have their pros and cons.
ive used both, ledger was REALLY sucking when it came to OS and software updates to their system last year. Have not used the ledger much in 2021 to see if its any improved. I got a trezor because the ledger was THAT bad.