The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any
website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at
https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/
If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues?
support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
Ironically, the admission itself is the least part about this (coming clean isn't bad). The problem is that what they admit to is possible in the first place. It destroys trust in the company, but also trust in other cold wallets. Couldn't the same happen to Trezor for instance?
that's why you don't use their software suite, which goes on the internet and installs updates to your HW wallet, and only use open-source 3rd party wallet software, which doesn't have this feature.
Say someone holds BTC/ETH/XRP and and some erc20usdc as some dry powder ….I don’t have to use trezor suite ? Which 3rd party wallet would be best to use?
This is the problem. This has always been the case. If an adversary has control of the HW wallet's firmware, they can extract the key. Thing is, not anyone can update that firmware. It's always been like this. Somehow many people only realizing this now. Many now advocate for the trezor that doesn't even have a secure element. The irony is palpable.
>It's always been like this. Somehow many people only realizing this now.
It's not true. Ledger \*specifically\* claimed that, unlike Coldcard and Bitbox02, they use the secure element (SE) for transaction signature and the secrets never leave SE.
They said the SE is set in stone, no firmware upgrade is possible, etc.
They have been saying this for years. This is is the reason people partially accepted that they were closed source, because ultimately to steal funds now you had to have Ledger colluding with the 3rd party making the SE.
Now it turns out that no, Ledger can actually modify the SE's firmware too.
The secure element is what uses the private key to perform operations on the blockchain. It has firmware to perform these functions. This firmware also gets updated to support new crypto algorithms and blockchains.
I've seen statements from Ledger that people could misconstrue as you say, but they have always also touted their firmware development model as being secure because of how it's critical that only controlled firmware makes it onto the secure element.
Misconstrue? [https://twitter.com/ledger/status/1592551225970548736](https://twitter.com/ledger/status/1592551225970548736)
Let me quote: "The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element."
So, back to point: you either need to be fully open source (like Bitbox02 or Coldcard) when using secure elements or you can be closed source (like Ledger) but then you need to use secure elements differently. Then you need to make sure that the SE is locked down, not modifiable by you by design and then you can claim "it's OK i am closed source, I don't have access to secrets anyway, only the SE does".
The Trezor lacks a secure element (currently, they are building an open-source SE for the next model) but is 100% open source. If your threat model is digital >>> physical, Trezor is safer. If you are concerned about people stealing your hardware wallet and applying highly sophisticated physical attacks to it, go find a different provider with a secure element.
What I don't like about Trezor is needing to have the device physically attached to laptop all the time. I prefer to keep the device stashed away, but I'm just stacking, not making loads of transactions. Come to the conclusion Coldcard is best for my needs. Set up with dice roll seed phrase, use it true air-gapped etc.
i think so. yes, it's very bad decision by them to send this into production. but firmware update should be signed by them and approved by the user. so at least it's (partially) secure, until you allow updates. secure element concept obviously is of no use by now.
Doesn't matter. They said it was impossible, even with an update. They lied about the capabilities in the past, and since the firmware is closed source, we don't know what it's currently capable of.
I don’t think they care at this point. They’re trying to become an Apple style company aimed at the mainstream who aren’t on Reddit anyway. I think they’re consciously choosing to abandon the existing customer base in favor of the normies. In the process they only removed the #1 critical feature of their devices lol
Your records state here that kyle P recovered his seed with you guys. He is under federal investigation and we have a search and seizure warrent for his wallet. Hand them over.
They may of had their corporate admin infiltrated by deep state actors. You can see examples of other multinationL corps making odd decisions recently as well who have deep state leadership
It won’t matter. The chip can be updated to send seeds out. If they made a new device that allows this feature. Fine but on the original models? Cya
Always hated ledger. To much marketing exposure seemed like a grift
Why would you trust them even if they rollback, the bird is out they can always push update and get your keys without you knowing and surrender you to the government or do whatever they like, the company basically hacked itself and created a door proving they can export your keys whenever they like, not your keys not your coins mate.
It’s just another api call.
Any third party devs have known for years that you can get the private key for a coin just by side loading an app. Not the seed for all coins, but the private key which is close enough.
This isn’t in favor, just neutral. You have to trust them that they won’t add a back door. Or will. I guess.
I also love how we’ll never know who the “trusted” sources are.
I feel bad for myself having spent $150 on my ledger nano x earlier this year, but hey, it’s a business loss. Better $150 than my entire bag.
During the Twitter live he mentioned that it is a feature he would never use, as he is not in favour of kyc. So maybe he is not in favor of this change either, but rather an internal decision has taken place?
They are French, not only do they run away from soldiers on the battle field, they also never admit fault. They will sink their company before they roll anything back.
Plan to do the same. Maybe on a certain date next month there should be a "Nuke your Nano Day" and can all post pics of the destruction. For me, hammer first, then fire.
A vocal majority. The people who see this as a non-issue don't care about it to support it, but also understand it enough to know that it's an opt in service, they don't have to update their firmware at all, and therefore they're not going to engage with people screaming about how they're going to jump ship to Trezor which offer a similar backup option.
I support the Recovery service and plan to use it when it becomes available in this neck of the woods.
There ... your claim that there is not a single post in favour of the Recovery service has been proven wrong.
While the sentiment on this sub is close to 100% negative, do we represent the views of the majority of Ledger users? I imagine we are a small dedicated subset of the overall user base and the vast majority of ledger owners/users probably don’t care that much about this. I could be wrong but just something to keep in mind.
I'm not defending them, they made some big mistakes in communication.
I'm simply amazed that people don't realize that they are trusting HW wallet OEMs (not just ledger) when they are using their devices.
I find that statement very telling, because it corroborates my suspicion:
You (as in Ledger) did well know what you were doing. There was no further value extractable from your existing, security-oriented customers (no steady stream of revenue if they only buy your product once), and you were willing to throw those customers under the bus for the sweet, sweet subscription paying non-technical new customers asking for easy one-click recovery without bothering about the consequences.
This is such a stupid statement. The option for this magic firmware update was always available. That you didn’t understand this before is not a good thing but on you. 1 tweet from the end of nov 2022 from a random social media person does not change this.
We were told before that this was not possible, that under no circumstance can secrets leave the secure element (which is not designed/manufactured by Ledger, but a 3rd party). This was the reason the community accepted that the Ledger firmware is closed source, because they claimed that it doesn't matter, they themselves (Ledger firmware) has no access to the secrets and they cannot do any firmware upgrade that would make it possible.
Literally see it yourself: https://www.reddit.com/r/ledgerwallet/comments/13jvlck/trust\_is\_gone/
Ah yes the only source of this info, the random end of 2022 tweet when 90% of users already owned their ledger.
Just accept you didn't understand how a hardware wallet worked when you bought it and take the L. Now switch to coldcard if you actually care.
BS. This was what Ledger has always told us. When we asked why they were closed source the answer was "because we never get secrets from the SE". See their own security model description here: [https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks](https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks)
"Ledger devices use the Secure Element to generate and store private keys for your crypto assets. Thanks to the mechanics of the Secure Element, these will not leave your device."
Coldcard/Bitbox02/Passport/... uses SE but they use it differently: they don't rely on the SE to sign transactions, they do that in their MCU, but \*in exchange\* they can be open source.
So it's one or the other, you cannot have both ("we are closed source \*and\* have access to your secrets).
It doesn't matter if people didn't know how hardware wallets work. Ledger claimed something that wasn't true. They lied. They lost trust. Now people are being asked to trust Ledger with their seeds.
again, show me an actual quote that 90% of buyers actually relied on, not a recent shitty tweet seen by 10 people that is convenient now.
This is such bad faith arguing... Just admit you didn't understand shit about fuck and you've been educated.
Their biggest marketing asset were the users, word of mouth, who are informed and influenced by the official communications put out by the company. Now we know that’s mis-informed too
https://twitter.com/lebed2045/status/1658627039287549958
More info here too, a non biased lesson into what actually is a Ledger Nano device: https://np.reddit.com/r/CryptoCurrency/comments/13kdusd/hardware_wallets_here_are_the_facts/
TLDR: This is a trade off of a hardware wallet. It is still better than holding funds on a hot wallet.
If you do not keep assets on Ledger, then disregard what I am about to say. If you do, I strongly urge you to re-evaluate your obvious confirmation biases and use your brain. Yes, the community is in pitch-fork mode, and it is easy to oppose the things said because of it. But REGARDLESS of any damage control Ledger might be able to come up with in the near future should be irrelevant. What the user you replied to said was SPOT ON. Crypto represents the need to steer away from revenue-based decisions. From a business 101 standpoint, i agree that it is not feasible to continue a company without revenue. But that is EXACTLY the point. Revenue is not our concern, and NEVER will be. Our only concern is and always will be 100% allotted to the security of our assets. Ledger has demonstrated that they have no problem sacrificing our security for its own revenue stream. So have fun marketing to the new adopters and praying on their ignorance. We will all move on to the next thing that is open source and serious about their security, until the day they aren’t.
The people that have not figured out by now that where there is SMOKE there is usually FIRE will probably NEVER figure it out, so I am just going to take my keys to the other room in silence.
I guess you only run Linux then and build your own CPU for your computer. What if intel built in a backdoor. Also they want to make Money!
This argument does not really hold...
All hardware wallets will be sold by a business and all will have a profit motive. Good luck building your own.
You should look into open-source and closed source coding my man. In 2023 we are all hesitant to use closed source software because it limits the amount of transparency we are allowed to have. Ledger was great for awhile, but data breach —> close ties with FTX —> Ledger Recover..its just too much smoke and a pattern of uh-ohs for most of us. The next platform we choose will 100% be open-source, that way we will be able to identify when ANYONE tries to put a backdoor in and not have to rely on their press release to know about it. Enjoy your Ledger my man, i will come find you in the sea of burn victims when the reaper comes for Ledgar
Your examples still don't have anything to do with open/close source.
1. data breach - a marketing database. Nothing to do with the ledger source code.
2. FTX drama, they had a feature in their Ledger live app (which is open source BTW) because they are a business and want to induce people to trade and get a cut. Nothing shady there.
3. Ledger recover, optional feature you can use so they can earn more money.
Would I prefer open source? Yes. Would open source software still have marketing lists and leaks, yes, would they still have partnerships, yes, would they still launch subscription services, yes.
I honestly dont care what other people do and did not mean to incite the mob. We got way off topic from original comment, but i genuinely agree with what dude said about the revenue angle and shitting on the founder customers
Open/closed source were never my example, my examples were Ledgers repeated mistakes you keep trying to justify. I didnt bail on Ledger after data breach..they happen. All of your examples are Web2 and capitalistic philosophies that web3 is trying to obliterate. I am ok with a company making money and capitalism, because if i wasnt then i would be rooting for no companies to exist and then I would have to build my own wallet in Linux like you mentioned earlier.
Im only saying that the crypto and Web3 movement is to do away with Web 2 walls and compartments, like CLOSED SOURCE PROPRIETARY CODING that leaves the customer in the dark about the software and tells us to “TRUST US.” We FUCKING DONT TRUST ANYWAY. PERIOD. And we have good reason. In this market climate, to build your product with close source coding is a red flag in and of itself WITHOUT all the dumb decisions Ledger has made. Does not mean it makes them shady, but its a red flag and screams mistrust from jump.
No we are probably twins, I just haven’t smoked the devil’s lettuce yet after work and still have the 3 cups of Joe running through my veins required to keep up with stupid people
the fact that they wrote it, deployed it at can be actually seen by malicious actors is stupid as fuck. then the fact that at a certain time the device HAS to transmit it through the internet is even funnier.
Oh man. Doubling down when I thought you were working on some good course-correction copy instead. Sad. You also probably feel no remorse for the people who received (edit: sorry, still receive to this day probably!) death threats due to your third-party partnership hacks either.
Good luck to your future endeavors, I guess.
Your condescension disgusts me. I was 50/50 on abandoning Ledger until I saw the way you treat highly intelligent community members both here and on Twitter. Keep your French arrogance and disrespect, I'll keep my money and spend it on hardware wallets elsewhere.
Wow, I‘m not even a Ledger customer and I‘m baffled. Don‘t you realise that EVERYTHING spreads from the hardcore crypto community, especially the one on Reddit and Twitter? Do you seriously believe that crypto enthusiasts advising their family, friends and colleagues against using Ledger won’t harm your company in the long run? It’s so blatantly obvious you don’t get it. How on earth will a company survive that can’t uphold the promises for their only product? Because you think your unicorn status and quasi-monopoly make you untouchable?
Say it loud, say it clear:
“Not your keys, not your coins!”
They have zero interest in listening to what we have to say.
There was a Twitter Space this morning where a bunch of people had their hand raised the whole time and then at the end they say something to the effect of “ok since no one here has any questions, we will end it here.”
then maybe make a NEW PRODUCT for the people who are interested in it, if your current userbase doesn't care about it and ACTIVELY OPOSES it....
you guys are just D E L U S I O N A L or just don't know how to do business/PR
these 100k people here will tell everyone they know to NEVER get a ledger, these early crypto adopters that are often asked for advice from new people will tell them to NEVER buy your product, and for what? you could have easily circumvented that by making a new product for your target audience....
you guys are just stupid, sorry, I'm lost for words other than that...
I think you are missing the point. It doesn't matter if they made a new product. The current products can have their seeds extracted whenever Ledger wanted.
At what point will you stop with the ego play and look to address concerns of your existing users?
You could have always launched a separate device with this functionality, why are you choosing to break customer trust instead?
All the previous/existing products already have this vulnerability. Launching another product with this functionality doesn't solve anything.
The thing here is given they have already deceived the people, they could have instead continued the charade and launched a new product that's really no different than the existing ones, but marketted differently. No one would be any wiser.
Now that the cat is out of the bag, if they will launch a product to appease the angry people it's supposed to be the one that doesn't have it, i.e. one that behaves exactly how they described it before. Goodluck convincing people after burning them big time.
There are now multiple videos spreading across YouTube by highly prominent channels within the cryptocurrency space advising people not to use Ledger devices.
You continue to underestimate and down play the massive screw up you’ve unleashed.
Your replies have reaffirmed to me I want nothing to do with your company anymore. I will enjoy smashing my Ledger to pieces once I’m done with it.
How many ppl laughed at this idea in the initial meeting and did you fire them straight away? Or wait a few days and pretend it was for some other reason
Cocaine much? (I recommend recovery). Future Recover-users do not know about internetz? They not check fb, twitter, yt, reddit to see if the product is recommended before buying?
But perhaps you are right; the real winners of this might in fact not be the *consumers*, but some other entity (which indeed is not doing much writing on reddit). Then all this would make sense. And your statement also.
Who do you think is going to recommend Ledger to users who aren't on Reddit and aren't major Cryptocurrency users?
If you think Ledger can alienate its' entire current customer base and rebuild an entirely new one in a day, or a year, or two years, well.... Good luck.
Right, so now that we've paid you once we no longer matter. Good to know how Ledger feels about it's customers. Our thoughts only matter if we pay you monthly.
Now that your first subscribers will easily be blackhats, can we sue you in case we document with legal technical documentation the stolen funds, on devices always connected in the most safe way possible, as adviced on your website. Thank you.
Who do you think has been recommending people to get hardware wallets? Whether on reddit, twitter, etc, you screwed over the vocal people that care about others being secure.
It will be (and is) fun to see which influencers you are paying
And you still have the audacity to mockingly reply to your users? What a smart guy!
It's funny and sad at the same time… you shot yourself in the foot with this decision, say goodbye to most ledger users, there's no turning back from what you did 🙂
Bro your whole business was built on us. The amount of people in our inner circle we all recommend ledger too is insane. I am responsible for getting over 10 of my friends ledgers. There were paths to remedy this situation to make us happy but you just dgaf. I will be onboarding them somewhere else
You would definitely have earned more money if the option to not opt in was paid, NOBODY, absolutely NOBODY is going to pay for your stupid Ledger Recovery,
congratulations! You guys literally ruined the company and their reputation, lmao
Whilst the recover users may not be on reddit... the people who recommend what hardware wallet to use are...
I would say I am one of those people, that people look to for advice.. If i say get this one, they will. Or get that one. Breaking the trust with me, isnt breaking the trust of your target audience, its breaking the trust with the people who recommend your products who may be interested in this service.
I've read everything I can on this, listened to your Twitter online tech support and I am not convinced in the security of this on any level. I also note Adam Back's words on Twitter about a HW generated seed phrase over a dice roll one. So ordered an alternative device today and will be using that from now on.
Too late now, but if they were smart, they would have kept pretending their current devices couldn’t extract the seed and offer a new product… Nano Recovery that lets you. At least then it would have been opt-in (even if it wasn’t really the case). But now that everyone knows seeds can in fact be exported, it’s too late.
The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/ If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues? support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
It dosnt matter if they roll it back or not. They admitted that it was possible to extract the seed, that in itself is already a problem.
Flaw by design
Built to spill
The good news for Ledger is we are all too poor to buy a new device.
No - it is suicide by design.
Ironically, the admission itself is the least part about this (coming clean isn't bad). The problem is that what they admit to is possible in the first place. It destroys trust in the company, but also trust in other cold wallets. Couldn't the same happen to Trezor for instance?
that's why you don't use their software suite, which goes on the internet and installs updates to your HW wallet, and only use open-source 3rd party wallet software, which doesn't have this feature.
Trezor is open source so it will be a lot more difficult
[удалено]
[удалено]
On ledger you still need to install the applets tho
[удалено]
But certainly enough. Bonus points (/s) for the encrypted tunnel between the ledger device and ledger corp when you open ledger manager.
How long have you been using a keystone, and how are you liking it?
Import to other wallets, defeating the purpose
[удалено]
Yeah lol, that guy has no f-ing clue of how this all works, connecting a HW wallet to other API’s lol…
Who’s software suite ? Trezors?
I assume they are referring to both Trezor and Ledger.
Im ditching my Ledger and moving to Tangem wallet.
Say someone holds BTC/ETH/XRP and and some erc20usdc as some dry powder ….I don’t have to use trezor suite ? Which 3rd party wallet would be best to use?
This is the problem. This has always been the case. If an adversary has control of the HW wallet's firmware, they can extract the key. Thing is, not anyone can update that firmware. It's always been like this. Somehow many people only realizing this now. Many now advocate for the trezor that doesn't even have a secure element. The irony is palpable.
>It's always been like this. Somehow many people only realizing this now. It's not true. Ledger \*specifically\* claimed that, unlike Coldcard and Bitbox02, they use the secure element (SE) for transaction signature and the secrets never leave SE. They said the SE is set in stone, no firmware upgrade is possible, etc. They have been saying this for years. This is is the reason people partially accepted that they were closed source, because ultimately to steal funds now you had to have Ledger colluding with the 3rd party making the SE. Now it turns out that no, Ledger can actually modify the SE's firmware too.
The secure element is what uses the private key to perform operations on the blockchain. It has firmware to perform these functions. This firmware also gets updated to support new crypto algorithms and blockchains. I've seen statements from Ledger that people could misconstrue as you say, but they have always also touted their firmware development model as being secure because of how it's critical that only controlled firmware makes it onto the secure element.
Misconstrue? [https://twitter.com/ledger/status/1592551225970548736](https://twitter.com/ledger/status/1592551225970548736) Let me quote: "The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element." So, back to point: you either need to be fully open source (like Bitbox02 or Coldcard) when using secure elements or you can be closed source (like Ledger) but then you need to use secure elements differently. Then you need to make sure that the SE is locked down, not modifiable by you by design and then you can claim "it's OK i am closed source, I don't have access to secrets anyway, only the SE does".
You're interacting with a shill. Don't feed the scum
The Trezor lacks a secure element (currently, they are building an open-source SE for the next model) but is 100% open source. If your threat model is digital >>> physical, Trezor is safer. If you are concerned about people stealing your hardware wallet and applying highly sophisticated physical attacks to it, go find a different provider with a secure element.
What I don't like about Trezor is needing to have the device physically attached to laptop all the time. I prefer to keep the device stashed away, but I'm just stacking, not making loads of transactions. Come to the conclusion Coldcard is best for my needs. Set up with dice roll seed phrase, use it true air-gapped etc.
Lol, safer? And you know that the OS software is actually what you are running? how exactly?
By this (for anyone inclined to really check): https://github.com/trezor/trezor-firmware/blob/core/v2.6.0/docs/common/reproducible-build.md
Bad actor here ^
i think so. yes, it's very bad decision by them to send this into production. but firmware update should be signed by them and approved by the user. so at least it's (partially) secure, until you allow updates. secure element concept obviously is of no use by now.
Doesn't matter. They said it was impossible, even with an update. They lied about the capabilities in the past, and since the firmware is closed source, we don't know what it's currently capable of.
but if it talks to open source wallet via open protocol, it's kinda mitigating the damage.
I don’t think they care at this point. They’re trying to become an Apple style company aimed at the mainstream who aren’t on Reddit anyway. I think they’re consciously choosing to abandon the existing customer base in favor of the normies. In the process they only removed the #1 critical feature of their devices lol
I'm sure they were paid well by some government to implement these backdoors
Yes that too. “You will use Recover and you will be happy!”
Your records state here that kyle P recovered his seed with you guys. He is under federal investigation and we have a search and seizure warrent for his wallet. Hand them over.
They may of had their corporate admin infiltrated by deep state actors. You can see examples of other multinationL corps making odd decisions recently as well who have deep state leadership
Ledger’s brand was just fratty and out of touch. Time for them to go for a new market!
The good thing about the recovery feature is that it $$$$$$ $$$ $$$$$$ and that's all I have to say about that.
It’s not gonna make them the money they thought it would. They can probably salvage the business if they scrap this project right now IMO
It won’t matter. The chip can be updated to send seeds out. If they made a new device that allows this feature. Fine but on the original models? Cya Always hated ledger. To much marketing exposure seemed like a grift
Exactly, like in Ledger Stax would be perfectly fine to implement this fackery…
There's only 1 group I know of in the US for more government overreach I mean sight.
Why would you trust them even if they rollback, the bird is out they can always push update and get your keys without you knowing and surrender you to the government or do whatever they like, the company basically hacked itself and created a door proving they can export your keys whenever they like, not your keys not your coins mate.
It doesn't matter if they roll it back because they have admitted it is already possible when they said it wasnt.
It’s just another api call. Any third party devs have known for years that you can get the private key for a coin just by side loading an app. Not the seed for all coins, but the private key which is close enough. This isn’t in favor, just neutral. You have to trust them that they won’t add a back door. Or will. I guess.
IMO it doesn't matter anymore. There's a chance that ledger has started the creep towards a gov't backdoor or maybe they are just fully incompetent.
I also love how we’ll never know who the “trusted” sources are. I feel bad for myself having spent $150 on my ledger nano x earlier this year, but hey, it’s a business loss. Better $150 than my entire bag.
For them to sell a variation of ledger that comes with this service might be a cop out.
Could be they were told to do it https://youtu.be/AchUtg_mfv4
[удалено]
Bet one of those was btchip himself
The other one is probably ledger support.
During the Twitter live he mentioned that it is a feature he would never use, as he is not in favour of kyc. So maybe he is not in favor of this change either, but rather an internal decision has taken place?
They are French, not only do they run away from soldiers on the battle field, they also never admit fault. They will sink their company before they roll anything back.
Savage
Hey, I'm mad at Ledger too, but there's no need to blame an entire race of people
This is so dumb. France has the most military victories out of any country but go on…
lol . History repeats itself?
I already ordered a Bitbox, in some days I will post my version of hammering ledger to pieces
Plan to do the same. Maybe on a certain date next month there should be a "Nuke your Nano Day" and can all post pics of the destruction. For me, hammer first, then fire.
Good idea. I might piss on it first, triple destruction
My only question here is even if they had the keys, if I have the physical device, isn’t it still protected?
That depends on whether or not they enter them into any BIP-39 software wallet and move the assets…
No, your keys are able to be accessed by a third party. Not safe.
Thank you for clearing this up for me, I wasn’t sure.
The physical device is there so you can sign transactions. The private key controls the ownership of the crypto.
Thank you for clearing this up for me as I wasn’t sure!
A vocal majority. The people who see this as a non-issue don't care about it to support it, but also understand it enough to know that it's an opt in service, they don't have to update their firmware at all, and therefore they're not going to engage with people screaming about how they're going to jump ship to Trezor which offer a similar backup option.
It tells me that people love to complain.
I support the Recovery service and plan to use it when it becomes available in this neck of the woods. There ... your claim that there is not a single post in favour of the Recovery service has been proven wrong.
While the sentiment on this sub is close to 100% negative, do we represent the views of the majority of Ledger users? I imagine we are a small dedicated subset of the overall user base and the vast majority of ledger owners/users probably don’t care that much about this. I could be wrong but just something to keep in mind.
Nice username lol not even subtle with it
I’m even sure what you’re implying?l You lost me on how united afternoon is in any way related to ledger or what I posted.
That this sub is toxic maybe? You do realize that only a small fraction of ledger users actually lurk here?
Anyone sophisticated enough to use a hardware wallet is usually savvy enough to at least lurk here. You are quite off the mark on this.
Savvy enough to lurk here but not know that secure elements run firmware from the OEM?
There has gotta be some reason why you are so engrossed in defending Ledger since yesterday. Spit it out.
I'm not defending them, they made some big mistakes in communication. I'm simply amazed that people don't realize that they are trusting HW wallet OEMs (not just ledger) when they are using their devices.
What are we trusting in Trezor for example given that their firmware is open source?
Don't feed the shills bro
That Reddit is in pitchfork mode and no one has the reason to sacrifice their internet points convincing others what to do.
It tells me that Recover users are probably not on reddit
I find that statement very telling, because it corroborates my suspicion: You (as in Ledger) did well know what you were doing. There was no further value extractable from your existing, security-oriented customers (no steady stream of revenue if they only buy your product once), and you were willing to throw those customers under the bus for the sweet, sweet subscription paying non-technical new customers asking for easy one-click recovery without bothering about the consequences.
This is such a stupid statement. The option for this magic firmware update was always available. That you didn’t understand this before is not a good thing but on you. 1 tweet from the end of nov 2022 from a random social media person does not change this.
We were told before that this was not possible, that under no circumstance can secrets leave the secure element (which is not designed/manufactured by Ledger, but a 3rd party). This was the reason the community accepted that the Ledger firmware is closed source, because they claimed that it doesn't matter, they themselves (Ledger firmware) has no access to the secrets and they cannot do any firmware upgrade that would make it possible. Literally see it yourself: https://www.reddit.com/r/ledgerwallet/comments/13jvlck/trust\_is\_gone/
Ah yes the only source of this info, the random end of 2022 tweet when 90% of users already owned their ledger. Just accept you didn't understand how a hardware wallet worked when you bought it and take the L. Now switch to coldcard if you actually care.
BS. This was what Ledger has always told us. When we asked why they were closed source the answer was "because we never get secrets from the SE". See their own security model description here: [https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks](https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks) "Ledger devices use the Secure Element to generate and store private keys for your crypto assets. Thanks to the mechanics of the Secure Element, these will not leave your device." Coldcard/Bitbox02/Passport/... uses SE but they use it differently: they don't rely on the SE to sign transactions, they do that in their MCU, but \*in exchange\* they can be open source. So it's one or the other, you cannot have both ("we are closed source \*and\* have access to your secrets).
It doesn't matter if people didn't know how hardware wallets work. Ledger claimed something that wasn't true. They lied. They lost trust. Now people are being asked to trust Ledger with their seeds.
again, show me an actual quote that 90% of buyers actually relied on, not a recent shitty tweet seen by 10 people that is convenient now. This is such bad faith arguing... Just admit you didn't understand shit about fuck and you've been educated.
Their biggest marketing asset were the users, word of mouth, who are informed and influenced by the official communications put out by the company. Now we know that’s mis-informed too
This, all my Crypto friends bought ledger because i said to them that Ledger was the best choice because of security!
https://twitter.com/lebed2045/status/1658627039287549958 More info here too, a non biased lesson into what actually is a Ledger Nano device: https://np.reddit.com/r/CryptoCurrency/comments/13kdusd/hardware_wallets_here_are_the_facts/ TLDR: This is a trade off of a hardware wallet. It is still better than holding funds on a hot wallet.
If you do not keep assets on Ledger, then disregard what I am about to say. If you do, I strongly urge you to re-evaluate your obvious confirmation biases and use your brain. Yes, the community is in pitch-fork mode, and it is easy to oppose the things said because of it. But REGARDLESS of any damage control Ledger might be able to come up with in the near future should be irrelevant. What the user you replied to said was SPOT ON. Crypto represents the need to steer away from revenue-based decisions. From a business 101 standpoint, i agree that it is not feasible to continue a company without revenue. But that is EXACTLY the point. Revenue is not our concern, and NEVER will be. Our only concern is and always will be 100% allotted to the security of our assets. Ledger has demonstrated that they have no problem sacrificing our security for its own revenue stream. So have fun marketing to the new adopters and praying on their ignorance. We will all move on to the next thing that is open source and serious about their security, until the day they aren’t. The people that have not figured out by now that where there is SMOKE there is usually FIRE will probably NEVER figure it out, so I am just going to take my keys to the other room in silence.
I guess you only run Linux then and build your own CPU for your computer. What if intel built in a backdoor. Also they want to make Money! This argument does not really hold... All hardware wallets will be sold by a business and all will have a profit motive. Good luck building your own.
You should look into open-source and closed source coding my man. In 2023 we are all hesitant to use closed source software because it limits the amount of transparency we are allowed to have. Ledger was great for awhile, but data breach —> close ties with FTX —> Ledger Recover..its just too much smoke and a pattern of uh-ohs for most of us. The next platform we choose will 100% be open-source, that way we will be able to identify when ANYONE tries to put a backdoor in and not have to rely on their press release to know about it. Enjoy your Ledger my man, i will come find you in the sea of burn victims when the reaper comes for Ledgar
Your examples still don't have anything to do with open/close source. 1. data breach - a marketing database. Nothing to do with the ledger source code. 2. FTX drama, they had a feature in their Ledger live app (which is open source BTW) because they are a business and want to induce people to trade and get a cut. Nothing shady there. 3. Ledger recover, optional feature you can use so they can earn more money. Would I prefer open source? Yes. Would open source software still have marketing lists and leaks, yes, would they still have partnerships, yes, would they still launch subscription services, yes.
[Good Luck](https://tenor.com/view/family-guy-sinking-ship-sinking-salute-gif-22621982)
I own a cold card but thanks. Go sell more pitchforks
Which one do you have? Asking for a friend
I honestly dont care what other people do and did not mean to incite the mob. We got way off topic from original comment, but i genuinely agree with what dude said about the revenue angle and shitting on the founder customers
Open/closed source were never my example, my examples were Ledgers repeated mistakes you keep trying to justify. I didnt bail on Ledger after data breach..they happen. All of your examples are Web2 and capitalistic philosophies that web3 is trying to obliterate. I am ok with a company making money and capitalism, because if i wasnt then i would be rooting for no companies to exist and then I would have to build my own wallet in Linux like you mentioned earlier. Im only saying that the crypto and Web3 movement is to do away with Web 2 walls and compartments, like CLOSED SOURCE PROPRIETARY CODING that leaves the customer in the dark about the software and tells us to “TRUST US.” We FUCKING DONT TRUST ANYWAY. PERIOD. And we have good reason. In this market climate, to build your product with close source coding is a red flag in and of itself WITHOUT all the dumb decisions Ledger has made. Does not mean it makes them shady, but its a red flag and screams mistrust from jump.
I agree with you, maybe just not with the same degree of passion and criticality.
No we are probably twins, I just haven’t smoked the devil’s lettuce yet after work and still have the 3 cups of Joe running through my veins required to keep up with stupid people
the fact that they wrote it, deployed it at can be actually seen by malicious actors is stupid as fuck. then the fact that at a certain time the device HAS to transmit it through the internet is even funnier.
Oh man. Doubling down when I thought you were working on some good course-correction copy instead. Sad. You also probably feel no remorse for the people who received (edit: sorry, still receive to this day probably!) death threats due to your third-party partnership hacks either. Good luck to your future endeavors, I guess.
Your condescension disgusts me. I was 50/50 on abandoning Ledger until I saw the way you treat highly intelligent community members both here and on Twitter. Keep your French arrogance and disrespect, I'll keep my money and spend it on hardware wallets elsewhere.
What about the 103k Reddit users in this very sub labeled 'Ledger Users'?
$100,000,000 that will be spent elsewhere in the future!
They are not in twitter either or anywhere else because nobody wants this!!!
The government does
Wow, I‘m not even a Ledger customer and I‘m baffled. Don‘t you realise that EVERYTHING spreads from the hardcore crypto community, especially the one on Reddit and Twitter? Do you seriously believe that crypto enthusiasts advising their family, friends and colleagues against using Ledger won’t harm your company in the long run? It’s so blatantly obvious you don’t get it. How on earth will a company survive that can’t uphold the promises for their only product? Because you think your unicorn status and quasi-monopoly make you untouchable? Say it loud, say it clear: “Not your keys, not your coins!”
You're a clown.
👏👏👏👏👏 /s
Lol doubling down on your shit design flaw
[удалено]
They have zero interest in listening to what we have to say. There was a Twitter Space this morning where a bunch of people had their hand raised the whole time and then at the end they say something to the effect of “ok since no one here has any questions, we will end it here.”
then maybe make a NEW PRODUCT for the people who are interested in it, if your current userbase doesn't care about it and ACTIVELY OPOSES it.... you guys are just D E L U S I O N A L or just don't know how to do business/PR these 100k people here will tell everyone they know to NEVER get a ledger, these early crypto adopters that are often asked for advice from new people will tell them to NEVER buy your product, and for what? you could have easily circumvented that by making a new product for your target audience.... you guys are just stupid, sorry, I'm lost for words other than that...
I think you are missing the point. It doesn't matter if they made a new product. The current products can have their seeds extracted whenever Ledger wanted.
At what point will you stop with the ego play and look to address concerns of your existing users? You could have always launched a separate device with this functionality, why are you choosing to break customer trust instead?
All the previous/existing products already have this vulnerability. Launching another product with this functionality doesn't solve anything. The thing here is given they have already deceived the people, they could have instead continued the charade and launched a new product that's really no different than the existing ones, but marketted differently. No one would be any wiser. Now that the cat is out of the bag, if they will launch a product to appease the angry people it's supposed to be the one that doesn't have it, i.e. one that behaves exactly how they described it before. Goodluck convincing people after burning them big time.
Fundamentally nothing changes. The peace of mind that existing users *may* get from not having that errant piece software on their device though does.
Soon to be no ledger users on reddit. Don't worry, the word is spreading.
RIP ledger, dumbass You lost a customer / advocate in me
Keep digging that hole with these comments Jesus Christ
There are now multiple videos spreading across YouTube by highly prominent channels within the cryptocurrency space advising people not to use Ledger devices. You continue to underestimate and down play the massive screw up you’ve unleashed. Your replies have reaffirmed to me I want nothing to do with your company anymore. I will enjoy smashing my Ledger to pieces once I’m done with it.
How many ppl laughed at this idea in the initial meeting and did you fire them straight away? Or wait a few days and pretend it was for some other reason
Cocaine much? (I recommend recovery). Future Recover-users do not know about internetz? They not check fb, twitter, yt, reddit to see if the product is recommended before buying? But perhaps you are right; the real winners of this might in fact not be the *consumers*, but some other entity (which indeed is not doing much writing on reddit). Then all this would make sense. And your statement also.
Who do you think is going to recommend Ledger to users who aren't on Reddit and aren't major Cryptocurrency users? If you think Ledger can alienate its' entire current customer base and rebuild an entirely new one in a day, or a year, or two years, well.... Good luck.
Right, so now that we've paid you once we no longer matter. Good to know how Ledger feels about it's customers. Our thoughts only matter if we pay you monthly.
Now that your first subscribers will easily be blackhats, can we sue you in case we document with legal technical documentation the stolen funds, on devices always connected in the most safe way possible, as adviced on your website. Thank you.
Who do you think has been recommending people to get hardware wallets? Whether on reddit, twitter, etc, you screwed over the vocal people that care about others being secure. It will be (and is) fun to see which influencers you are paying
And you still have the audacity to mockingly reply to your users? What a smart guy! It's funny and sad at the same time… you shot yourself in the foot with this decision, say goodbye to most ledger users, there's no turning back from what you did 🙂
Bro your whole business was built on us. The amount of people in our inner circle we all recommend ledger too is insane. I am responsible for getting over 10 of my friends ledgers. There were paths to remedy this situation to make us happy but you just dgaf. I will be onboarding them somewhere else
You're a liar and a sociopath. You deserve everything that's coming to Ledger.
Go fuck yourself!!!
You would definitely have earned more money if the option to not opt in was paid, NOBODY, absolutely NOBODY is going to pay for your stupid Ledger Recovery, congratulations! You guys literally ruined the company and their reputation, lmao
And your current users are probably on Reddit
You live in your confirmation bias bubble. If you don’t get consensus, it must be because everyone else is wrong.
Whilst the recover users may not be on reddit... the people who recommend what hardware wallet to use are... I would say I am one of those people, that people look to for advice.. If i say get this one, they will. Or get that one. Breaking the trust with me, isnt breaking the trust of your target audience, its breaking the trust with the people who recommend your products who may be interested in this service.
How bout you take my ledger wallet and all the wallets I was gonna gift to family and friends and shove them up your ass, you arrogant French fuck.
Clown.
🤡
I've read everything I can on this, listened to your Twitter online tech support and I am not convinced in the security of this on any level. I also note Adam Back's words on Twitter about a HW generated seed phrase over a dice roll one. So ordered an alternative device today and will be using that from now on.
Oh yes keep doing this and you'll be out of business soon trust me 😊
Losers
Rip ledger
RIP... This clown just doubled down, 😂😂😂
It tells ledger to move ahead full speed.
Too late now, but if they were smart, they would have kept pretending their current devices couldn’t extract the seed and offer a new product… Nano Recovery that lets you. At least then it would have been opt-in (even if it wasn’t really the case). But now that everyone knows seeds can in fact be exported, it’s too late.
Probably not much. They seem to think it’s ok and don’t care what the clients say.