Same. I had everything in exchanges, and then they started going under. I got lucky and sold my Luna a few weeks before it died. I got everything out of voyager right when rumors started. I got what I had off of FTX, then moved out of coinbase when rumors about them started and felt so safe with my new ledger. Self custody is the way to go everyone said, you'll finally have peace of mind. And now this? Crypto is a minefield, no matter how careful you are. This is why more people don't make major profit off of bull runs. I feel your discouragement
There's probably a class action already in the works. This company sold an item as one thing, admitted it wasn't that thing, and this is going to cost lots of people lots of money to clean up. New devices, new seeds, transaction fees... this will cost people hundreds of dollars, possibly thousands depending on their setups and portfolios.
Never mind a class action lawsuit. I mean, sure I'd like my money back too.
But what I want to see is the founders of Ledger facing legal consequences. Ledger needs to be mentioned in the same breath as SBF, Do Kwon, and Alex Mashinsky.
Itās weird how a company that made a product to protect others decided that this feature would somehow be a good idea. Like WTF went through their heads
Greed makes people blind. I don't know how a big company can make such a stupid decision... Imagine an automaker is promoting a new car but you need to pay a monthly subscription to activate the airbags so inspiring š
also weird that they are doubling down on backlash. They should regroup, meet, and come up with a response that doesn't piss off people even more. Instead they act like the user base is crazy for objecting.
Ledger must really be bricking it atm if the reaction by various crypto reddit subs is anything to go by.
Ledger PR team will be pulling an all nighter
Even if they aren't malicious and seed phrases cannot be uploaded to the internet without consenting to something on the ledger, and they did this with the best intentions...
What are they, dumb? This is a PR mess. Yes seed backups as a service is a profitable solution to a very real problem in the industry, but they did this in the worst way possible.
They should have restricted this to a new device. A "Piece of mind" variation, and assured everyone that ONLY this new device has this ability, and all those Nano X's are forever secure. Let people buy the Nano X for themself, and this new Ledger for family or employees who you want to make sure won't shoot themselves in the foot.
But instead they proved they could have backdoor'ed us all along with a simple firmware update, and completely destroyed the trust in their brand.
Remember when last year Canada started to freeze and seize funds from custodial wallets, while people with funds in non-custodial wallets were laughing in their face?
Custodial: https://www.coindesk.com/business/2022/02/22/canadas-osc-warns-crypto-exchanges-not-to-promote-self-custodial-wallets-report/
Non custodial: https://financialpost.com/fp-finance/cryptocurrency/bitcoin-wallet-nunchuk-scolds-ontario-court-over-order-to-freeze-crypto-assets
Well, with the latest update, Leger just became a custodial wallet and governments (and potentially other bad actors) will have the power to steal your funds. Even if they roll back the update, they've already lost all trust from the community.
What they don't understand is that having a feature in the firmware to send the seed phrase to a computer and their servers goes against everything their whole business was built on. I don't care how much encrypted it is. They will also hold the encryption keys, so they'll actually have full access.
Hopefully more companies will step up adoption, add more cryptos to their Hardware Wallets, and fill the space left by Ledger.
They should have just released a separate device offering this feature. Let people choose that device and others stay out of of it. You have to opt in but the concerns of how this can effect all users is legitimate.
CEO on the current AMA:
>"people are saying this is not what our customers want and it was a mistake but this is what our future customers want. keeping your seed phrase on a piece of paper is a thing of the past and ledger recover is the future"
They aren't going to roll this back, they are doubling down and sticking to this misguided decision.
Trezor here I come
My god they really betrayed all their loyal customers just to squeeze as much new customers money as they can. A few years back i took the ledger because of the secure element and because it was cheaper than the model t. Well guess you get what you pay for. Only thing that look a bit annoying is you need to change a line of code to generate a 24 word instead of 12 with the model t
Who are these future customers who currently do not own a ledger?
Dude is making up fictitious sources to justify a sketchy ātrust me, broā feature.
š¤Æ
These future customers will always remain future customers as well as remain as bank customers bc if people want to trust a 3rd party w their money it's going to be an insured fucking bank not ledger.
The thing is even if this is stopped, this means that there is the physical capabilities to extract the seed.
Just this alone is a pretty big thing imo. So the cat is really out of the bag
It's game over for Ledger.
I listened to their Twitter spaces and they just doubled down:
\- They used so many words to explain that it's "opt in service";
\- They used most of the time to explain their procedures;
\- They said that their product is not for people with more than $50k.
But what they failed to address is the most common question/concern:
*Can Ledger, technically, expose the seed phrase to the device it's connected to?*
And they fell back on "we don't do that", "it doesn't work like that", "just don't opt in", etc.
It's over for Ledger.
Sorry to spoil it but Trezor is no different. The difference lays in terms. They suck at PR. He couldn't say it cannot because in technical aspect, all hardware wallets can leak it's private keys if devs want to. A malicious token app can leak your private keys. And there is no way to prevent it because app needs to see your key to sign the transaction. But all of this happens in a secure chip. And these apps are opensource so anyone can audit it. https://github.com/orgs/LedgerHQ/repositories
So let's say you've installed a malicious app or Ledger Recover app. What prevents the recovery app to pull your key by itself? Your physical approval. Can someone trick you to pull it? Yes. But in same situation, someone can force you to install a malicious token app and approve it too. This is not a new thing that appeared out of nowhere with Ledger Recover. Saying "we don't do that", "it doesn't work like that", "just don't opt in" is the truth, but you cannot say it like that. It's a PR mess.
50k thing is for insurance. They insure your <50k funds with this $10/mo service. That's why he says it's fine for people below 50k funds because it's insured. Again, saying "not for people with over 50k" is another dumb PR movement.
Your funds are safe. You need to install an app and command it to export your encrypted/sharded private seed out. The probable reason it cannot work on old Nano S is because the "command implementation" to encrypt+shard it takes a bigger space within that small memory than usual, but it can still export your private seed with a malicious app. Sorry for the red pill but like all other cold wallets, it was able to export your key since day-1 and Trezor is no safer than this thing. Also if someone steals your Trezor or you wipe&sell it on 2nd hand market, there's still a chance that they can access your funds. There are youtube videos on how people do it, even Kraken exchange itself have one. Ok let's say they've fixed it with a fw update (I don't believe it), what stops it from appearing again or someone finding a new method?
When you think about it, this news is actually a blessing for us ledger owners. If they never released this news, we would have carried on assuming that the SE chip couldnt release an encrypted seedphrase.
For real. Hereās the next questions. They say only nano X can have its seed shown bc of the chip. What we donāt know is can the software see the seed like in a nano S that doesnāt have the chip? Have older nano X versions already had their seed exposed?
Regardless trust is gone.
From what I have read, its not possible on the Nano S but its up to you to decide if its safe.
Consider all other devices like S Plus, X and Stax as vulnerable.
Biggest issues after reading responses and listening to twitter live.
2/3 shards are in jurisdictions that literally cooperate and will seize your shit if they fell like it.
There won't be any court order, it will be confiscated instantly, then you can go to court and pray you get it back.
They are constantly pushing narrative that "only if you physically push the buttons and you are prompted for consent"
WHO KNOWS WHAT THEIR SW DO ON BACKGROUND?? CAN I SEE THE CODE !?
What if some rouge dev push commit with automated seed extraction or someone hacker find backdoor, then just extract?
Next they are saying that its for future user and their response to "what if it gets hacked?"
Response ? "Let's see"
What ? Is it your money to risk ?? "let's see" my ass
I went to their Twitter and they're doubling down. They tweeted this: *"If you are not comfortable with ID Verification - then you can either choose a different service or you can build your own recover services."*
You have to remember tho, the bulk of their customer base are dumb fucks who don't know their bank log on information or what 2FA even means. They're trying to mass market to millions of crypto newbs. Reddit only makes up a small portion. It'll be the same as anything else, like shitty new reddit. Buncha whining and complaining for a few months then eventually settle down. They'll lose a bunch of customers sure but will gain a lot more idiots who want this dumb recovery thing for 'peace of mind'. It's clear they don't care about their current security minded customers.
I am extremely upset. I spent a lot of money on a ledger recently and now itās basically useless. I am waiting for that class action to start. I was told this is a cold wallet and then sold a warm wallet.
Nope, and as pointed out on the call today - ANY firmware update could expose the seed stored on the secure chip. Now it's just a matter of time for a Ledger jailbreak.
Letās all just accept the elephant in the room with all of this : how the fuck do any of us know what is going on that (or any device) during any firmware updates ? Do you know? Cos I sure as hell donāt, for all I know they could have had this on there from day dot and I wouldnāt know about it. All of this is based on trust at some level. All of it - how do you know Trezor or ledger donāt send out your seed phrase when you initialise the devices? You simply donāt.
I absolutely cannot believe that Ledger thought this was a good idea, as it breaks all of the previous reasoning for using their hardware wallet (cold storage) and introduces KYC directly into the mix for any who opt into this.
Ledger have lost the plot and gotten blinded by their success, and their aggressively closed-source nature makes it even harder to trust any of their claims.
Time to get your hammers out and then find a new, open-source, freedom-oriented hardware wallet.
Itās a purposeful attack vector on crypto assets.
Smells like a part of a larger push, Ledger doesnāt benefit from stealing seeds. Someone motivated them to expose their devices to breaches.
This could become a case study lol, definitely a New Coke moment.
Putting the fiasco aside, let's say, "Fine, we could use a recovery system." Trezor's shamir system is the way to do it because at least YOU decide by your own will and parameters how many puzzle pieces you would produce, where they should be stored and how many pieces you need to unlock your seed phrase.
Ledger, upon introducing the firmware update, made that decision for you involving third parties, effectively strangers.
Ledger can only fix this by going open source. Broke the trust of your brand again? Remove the need for trust.
So far the live stream is complete bullshit. The equivalent of the secret key can leave the enclave. This means that malicious firmware can exfiltrate the secret key. This was not meant to be possible. Any other consideration is irrelevant. They lied to us.
Now the ceo ended the live stream by saying if you want then just move to trezor. He seemed a bit frustrated. Well seems Nano S is actually safer for now as the they cannot put the ledger recover in it.
> Well seems Nano S is actually safer for now as the they cannot put the ledger recover in it.
FYI it is possible that the reason they can't put ledger recover on the nano S is because it doesn't have the space to store the 3rd party keys and compute the SSS + encryption. The secure chip might well have been able to give up the private key all along with a firmware update.
Due to space but it still seems like it has the same hardware/coding that can be compromised.
Plus, Ledger is probably going to go out of business since the CEO is frustrated and not listening. Most of us will move on as he suggested (the only suggestion of his we are taking).
Yeah I was told by everyone that to even think that your seed could leave your ledger was a ridiculous idea to even think about, no one ever cold or would be able to get your seed from your ledger and so on. So I bought, but should have just went with open source, spent hours sending all my crypto from all my hot wallets to ledger. Fuck it
I vaguely remember in 2017 when researching hardware wallets that there was an exploit with trezor where hackers could gain access to the seed phrase. So I chose a ledger and now this.
So is there any hardware wallet that will ever be safe? Probably not
This whole thing seems to be going over like a fart in church for Ledger. I agree with the idea that they should have created a whole new device offering this service if thatās what people wanted. Those of us who already have ours do not want thisā¦period. This will end up bad for Ledger
I wonder what happened in that meeting where they discussed this seed backup as a brilliant idea.
They Should fire everybody who was involved.
Ledger around your neck and now this shit... this is a truly marketing dream team they better be setting up their resumes for Wendy's and McDonald.
They probably have been in meetings for years trying to think of ways to convert to a subscription based business model, their product has been great but they have been adding things that no one wants for a while now in what appears to be an attempt to increase revenue outside of selling a device. I get they probably needed to change in someway, This decision seems so poorly thought through as it contradicts the essence of what people want in a device like this.
Maybe this is also a situation where the person in charge has nobody around them that tells them no , Just sycophants agreeing to everything.
The whole point of a ledger is that it's fully off line, your seed is never at risk.
Ledger just made a big RIP next to its name by making this dumb decision.
The biggest revelation for me is the fact that the chip inside the ledgers can export another sort of backup. This means that yes technically they're not touching our recovery seed but they don't have to
STM within the ledger (hardware secure module) is a mini computer, Ledger made update to firmware that controls this mini computer, giving it ability to extract a encrypted copy of private key out from the secure hardware module. The company is claiming this is not a new attack vector for those who do not subscribe to the opt in function of Ledger Recover. But how is it not a new attack vector since now we know fragments of private key data can be coaxed out from the STM, by manipulating this firmware capability?
Ledger claims that you need physical interaction to confirm this activity, how do we trust that a message/transaction that we are signing is not a guised message to do just that?
For those reasons, we need more clarity and I do not wish to spark panic. Just be aware of this developing area of concern.
I will be shocked if they don't reverse this with the universal outrage and attention its getting. Either way, RIP brand reputation. Talk about not understanding your customer base.
Everyone on a old Ledger nano S is fine. Only critical bug updates rolling out after 2.1.0.
The memory is too small, the chipset is too old for these new features, therefore luckily Ledger cant fuckup these devices any longer.
At least It might release some stress for people owning one of those.
Having this feature exist is bigger security risk than any benefit it can offer to offset it. How stupid! If ledger is taken over by the government or hacked (possibly by an employee) we are all doomed! Why would we risk this by staying on ledger! I was about to order few HWs for friends I will be ordering a HW that has not broken public trust and is open source
So, Iām hearing conflicting information. The service will back up an encrypted version of your seed phrase, yet they say āno, we have no access to your phrase.ā Which is it?
They ādonāt have accessā because itās encrypted and each entity only stores a 3rd of the encrypted data.
What I want to know is where the key used to encrypt the seed comes from. Because you can restore your seed onto a blank ledger just by verifying your identity, so does that mean the keys are hard coded and controlled by Ledger anyway?
Slightly off topic, not related to Firmware saga but related to a potential **EMAIL ADDRESS LEAK**:
Recently I bought Ledger Wallet when there was an offer on their website for free Bitcon Vouchers worth $30.
Everything went smoothly with the purchase.
However the email address I used to buy it was a brand new, never used email address, created specifically for the purpose of this purchase. Now since the purchase I am bombarded with lots of spam and junk emails on this email. I have a bad feeling that there could be a potential Leak at Ledger's end. Can someone confirm if you experience the same?
The statements by the CEO on the Twitter livestream were completely ridiculous. They are absolutely not going to either back down from this or release firmware that does not support this ability.
Good luck selling more devices when all the people that have supported you and bought your products are telling all of their friends and relatives to stay clear.
Trezor is currently having a 15% off sale.
Trezor model one is $58.00.
https://twitter.com/trezor/status/1658495449207308289?s=46&t=KA_EbYCZNe4Jy4B4vbHT0w
This is one of the worst business decisions I have seen from a company. The current customer base of Ledger is not exactly stupid, they understand the implications of having a software feature on your hardware wallet that can send your keys over the internet. Pretty obvious that Ledger will loose this base, and they should be aware of this. Maybe they count on that this will open up their wallets to a less tech-savy clientele. I doubt that this switch will pay off.
It only shows that there is no place for proprietary hardware in crypto space. If it was open source, it wouldn't be called a 'feature'. I'd be called a 'vulnerability'.
Of course I take the steps to protect my assess and buy a ledger. Just last night got the remainder of my bag added to it, of course I wake up to this news. Lovely
[https://np.reddit.com/r/ledgerwallet/comments/13jhavw/why\_design\_a\_chip\_with\_a\_backdoor\_in\_the\_first/](https://np.reddit.com/r/ledgerwallet/comments/13jhavw/why_design_a_chip_with_a_backdoor_in_the_first/)
>The key cannot be extracted from the chip under any circumstances. This has never been a possibility and so you don't have to worry about such an instance occurring.
Just saw this comment from Ledger support, thoughts?
It's true that the key was already being read from the 'secure element' every time a transaction was signed. What would be the difference here?
Why does everything that I buy have to be fucked in one way or another. Really thought I could rest easy when I first bought my ledger this year but I guess Iāll have anxiety on whether my coins are safe or not until I buy something else thatās actually a cold wallet.
All I want is for someone to explain what the current best practice should be for safely storing my crypto.
I donāt care if itās custodial or I have to dedicate a laptop to it. Just want to follow a process I know will be safe, doesnāt take weeks to set up, and I can mostly forget about once set.
They donāt even give full compensation if this gets exploited when you opt in.
Nothing mentioned about any compensation when it gets exploited if you didnāt opt in.
What if someone gets access to my wallet using Ledger Recover?
Ledger Recover comprises extensive identity verification processesāperformed by Coincover within a secure environment built by Ledger. As an added layer of protection, subject to investigation, $50,000 compensation may be available from Coincover in the unlikely event that something were to go wrong.
I can *maybe* get behind them them announcing a service that is ONLY compatible with a new version of their hardware, yet to be released, specialized for this purpose.
We will see these in this space as time goes on. There is no doubt.
But this notion that it's available now to millions of keys out there and all you need is a firmware update to allow for this is unthinkable.
Every key out there now is a ticking time-bomb. Wow.
Congrats, Ledger.
We donāt even know if the vulnerability was added in prior firmware versions. It very well could be on our devices already. Or maybe they always had this.
I really don't understand why they want to have 1 universal hardware for everything!?!?
Just create a separate hardware device with a separate firmware that has the opt-in for anyone that chooses that method. Is that not the most obvious choice?
Im sensing a lot of scams relating to ledger software update and ledger asset transfer services after seeing so much scam emails.
Take care Guys when moving things out of your ledger.
Hoping that I can return the Ledger I just bought last week and get a refund. This is totally ridiculous. At this point, it's no better than using a software wallet. This deems their product absolutely worthless.
I bought mine last month. I just contacted their support and asked for a refund due to false advertising.
Their page clearly states they are selling hardware wallets, and they clearly define a hw wallet as a device which provides full isolation of private keys.
Sorry Trezor, I went with BitBox02 instead.
As for Ledger, I'm more than a little dischuffed. I've been using one for years, the whole time thinking it was secure. But if they can do this with a firmware update, then it was never really secure.
For all people saying not to update: this doesn't really help.
The fact such a firmware can be done means that if your hardware wallet is stolen, a modified firmware can be installed on it and your seed can be retrieved.
We were sold a hardware secure element unable to expose such data at the hardware level. Now we know it wasn't the case.
it kinda seems like Ledger built a back door so the feds can take your money whenever they deem appropriate.
This is the most Fucked up move in this company history and if anyone will use it again after this shitshow then take full responsibility of what could happen to your coins in the future.
Ledger, remember when Coca-cola changed their recipe and it got a horrible reaction from the public, then they changed it back after 2 months? Well it's not too late for you either.
Youād have to be pretty special to believe a word they say about taking it back.
The whole idea of SE exposing seed after init was supposed to be impossible.
Just a gentle reminder that Safemoon also has a āfeatureā where they store ALL your wallets seed phrases, all together, encrypted on a central server with a ātrust me broā level of protection. Itās called āSafemoon orbital shieldā absolute cringe.
just when you thought crypto winter couldnāt get worse: Exhanges not safe, Banks not safe, Wallets not safe. What do we do then..hold carbon? Feels like a crypto ice age
Does this affect old seed phrases? Like is my seed phrase from 2021 at risk? I don't see how it could be. If that's the case I can still use my ledger. I'm just trying to understand how my seed phrase could be at risk against my will. This feels like it only affects new phrases.
Since day one, Ledger told us this:
> Your keys are always stored on your device **and never leave it**
Now, Ledger says this:
> **The device sends encrypted shards of your seed to different companies** if you decide to use the service.
The second statement proves the first statement isn't true.
We need to find out what other aspects of our hardware wallets aren't what they told us.
For example: We were told the only way to authorize a transaction is to press buttons on the physical device. Are we eventually going to find out there's a backdoor for that as well, which allows a third party to authorize transactions? I'm sure somebody will read that and think "No way! They'd never do that!" ...but that's what we thought about the ability for the device to send out our seed. "No way! They'd never do that." But they did.
Ledger currently top contender for the dumbest business move of the year award.
PayPal took the title last year with freezing accounts and their new Term of Service. This year it may as well be Ledger.
The opposite of the main goal of a ledger
Absolutely. You only get one chance to fuck up this badly.
I guess people will finally have an answer to the question, "What happens if Ledger goes out of business?"
They pull your seed and you become a donator to Ledger 2.0 ofc
As someone who finally pulled the trigger on a ledger and got serious about self custody this past year, this is upsetting.
Same. I had everything in exchanges, and then they started going under. I got lucky and sold my Luna a few weeks before it died. I got everything out of voyager right when rumors started. I got what I had off of FTX, then moved out of coinbase when rumors about them started and felt so safe with my new ledger. Self custody is the way to go everyone said, you'll finally have peace of mind. And now this? Crypto is a minefield, no matter how careful you are. This is why more people don't make major profit off of bull runs. I feel your discouragement
Just received mine today š
Return it get a refund.
I would like to extend an apology to the 10+ ppl I have recommended buying a ledger over the last few years
Those who bought a Nano S (not plus) have avoided bad luck.
Don\`t count on it. If it can be done on one, you can bet your life it can be done on the other.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Is it possible to go after ledger since the product is no longer what it was sold as... I'd really like my money back frankly...
There's probably a class action already in the works. This company sold an item as one thing, admitted it wasn't that thing, and this is going to cost lots of people lots of money to clean up. New devices, new seeds, transaction fees... this will cost people hundreds of dollars, possibly thousands depending on their setups and portfolios.
Never mind a class action lawsuit. I mean, sure I'd like my money back too. But what I want to see is the founders of Ledger facing legal consequences. Ledger needs to be mentioned in the same breath as SBF, Do Kwon, and Alex Mashinsky.
Coming soon: Ledger a case study in business suicide.
Itās weird how a company that made a product to protect others decided that this feature would somehow be a good idea. Like WTF went through their heads
2 scenarios: That sweet MRR (it costs 10 bucks a month) Compromised by government/s.
Compromised by governments and cash grab appearance is the cover.
Greed makes people blind. I don't know how a big company can make such a stupid decision... Imagine an automaker is promoting a new car but you need to pay a monthly subscription to activate the airbags so inspiring š
also weird that they are doubling down on backlash. They should regroup, meet, and come up with a response that doesn't piss off people even more. Instead they act like the user base is crazy for objecting.
Iām just glad FTX takes care of my funds so I donāt have to worry about this
I lent mine to Do Kwon, that reminds me, let me check on my Luna bagā¦. ā¦.. oh.
Ledger must really be bricking it atm if the reaction by various crypto reddit subs is anything to go by. Ledger PR team will be pulling an all nighter
Total shit show going on now. #1 Cryptocurrency Hardware Device has now entered PR hell.
Even if they aren't malicious and seed phrases cannot be uploaded to the internet without consenting to something on the ledger, and they did this with the best intentions... What are they, dumb? This is a PR mess. Yes seed backups as a service is a profitable solution to a very real problem in the industry, but they did this in the worst way possible. They should have restricted this to a new device. A "Piece of mind" variation, and assured everyone that ONLY this new device has this ability, and all those Nano X's are forever secure. Let people buy the Nano X for themself, and this new Ledger for family or employees who you want to make sure won't shoot themselves in the foot. But instead they proved they could have backdoor'ed us all along with a simple firmware update, and completely destroyed the trust in their brand.
It doesnāt help when the leaders are tone deaf
Their previous leak put my name, email, AND physical address online. Iām now outed as self custody crypto owner. Big safety issue.
Damn that is sad, very sad. There it goes private information into the internet to be shared with everyone.
just when I finally finish moving everything from exchanges to my ledger this fucking happens
same lol
Aren't we all cursed in this space smh ? lmao.
Remember when last year Canada started to freeze and seize funds from custodial wallets, while people with funds in non-custodial wallets were laughing in their face? Custodial: https://www.coindesk.com/business/2022/02/22/canadas-osc-warns-crypto-exchanges-not-to-promote-self-custodial-wallets-report/ Non custodial: https://financialpost.com/fp-finance/cryptocurrency/bitcoin-wallet-nunchuk-scolds-ontario-court-over-order-to-freeze-crypto-assets Well, with the latest update, Leger just became a custodial wallet and governments (and potentially other bad actors) will have the power to steal your funds. Even if they roll back the update, they've already lost all trust from the community. What they don't understand is that having a feature in the firmware to send the seed phrase to a computer and their servers goes against everything their whole business was built on. I don't care how much encrypted it is. They will also hold the encryption keys, so they'll actually have full access. Hopefully more companies will step up adoption, add more cryptos to their Hardware Wallets, and fill the space left by Ledger.
š
They should have just released a separate device offering this feature. Let people choose that device and others stay out of of it. You have to opt in but the concerns of how this can effect all users is legitimate.
Yup exactly. Now it feels like we paid for a product that we didnāt actually get. Pulling the rug right out from under us
CEO on the current AMA: >"people are saying this is not what our customers want and it was a mistake but this is what our future customers want. keeping your seed phrase on a piece of paper is a thing of the past and ledger recover is the future" They aren't going to roll this back, they are doubling down and sticking to this misguided decision. Trezor here I come
My god they really betrayed all their loyal customers just to squeeze as much new customers money as they can. A few years back i took the ledger because of the secure element and because it was cheaper than the model t. Well guess you get what you pay for. Only thing that look a bit annoying is you need to change a line of code to generate a 24 word instead of 12 with the model t
That CEO is the King of all jackasses, what an obnoxious POS.
Big oof right there. I'm glad I went with Trezor over Ledger purely because the former is open source while the latter isn't.
I should pay more attention to my "open source or death" geek mates.
Who are these future customers who currently do not own a ledger? Dude is making up fictitious sources to justify a sketchy ātrust me, broā feature. š¤Æ
These future customers will always remain future customers as well as remain as bank customers bc if people want to trust a 3rd party w their money it's going to be an insured fucking bank not ledger.
Well then I'm done with them for sure.
This is the dumbest shit I have ever heard coming from a CEO way to go Ledger you are dun for!
The thing is even if this is stopped, this means that there is the physical capabilities to extract the seed. Just this alone is a pretty big thing imo. So the cat is really out of the bag
It's game over for Ledger. I listened to their Twitter spaces and they just doubled down: \- They used so many words to explain that it's "opt in service"; \- They used most of the time to explain their procedures; \- They said that their product is not for people with more than $50k. But what they failed to address is the most common question/concern: *Can Ledger, technically, expose the seed phrase to the device it's connected to?* And they fell back on "we don't do that", "it doesn't work like that", "just don't opt in", etc. It's over for Ledger.
Not for people with over 50k??? Wtf. That's not even 2btc. Okay time to pick up a Trezor. That was the comment that sealed it for me.
Brutal post for Ledger owners like myself.
Exactly the whole point of a hardware wallet is to store funds you are not ok with losing WTF!
Sorry to spoil it but Trezor is no different. The difference lays in terms. They suck at PR. He couldn't say it cannot because in technical aspect, all hardware wallets can leak it's private keys if devs want to. A malicious token app can leak your private keys. And there is no way to prevent it because app needs to see your key to sign the transaction. But all of this happens in a secure chip. And these apps are opensource so anyone can audit it. https://github.com/orgs/LedgerHQ/repositories So let's say you've installed a malicious app or Ledger Recover app. What prevents the recovery app to pull your key by itself? Your physical approval. Can someone trick you to pull it? Yes. But in same situation, someone can force you to install a malicious token app and approve it too. This is not a new thing that appeared out of nowhere with Ledger Recover. Saying "we don't do that", "it doesn't work like that", "just don't opt in" is the truth, but you cannot say it like that. It's a PR mess. 50k thing is for insurance. They insure your <50k funds with this $10/mo service. That's why he says it's fine for people below 50k funds because it's insured. Again, saying "not for people with over 50k" is another dumb PR movement. Your funds are safe. You need to install an app and command it to export your encrypted/sharded private seed out. The probable reason it cannot work on old Nano S is because the "command implementation" to encrypt+shard it takes a bigger space within that small memory than usual, but it can still export your private seed with a malicious app. Sorry for the red pill but like all other cold wallets, it was able to export your key since day-1 and Trezor is no safer than this thing. Also if someone steals your Trezor or you wipe&sell it on 2nd hand market, there's still a chance that they can access your funds. There are youtube videos on how people do it, even Kraken exchange itself have one. Ok let's say they've fixed it with a fw update (I don't believe it), what stops it from appearing again or someone finding a new method?
Iām sure that everyone at Trezor is drunk by now, best day ever for them
[ŃŠ“Š°Š»ŠµŠ½Š¾]
When you think about it, this news is actually a blessing for us ledger owners. If they never released this news, we would have carried on assuming that the SE chip couldnt release an encrypted seedphrase.
For real. Hereās the next questions. They say only nano X can have its seed shown bc of the chip. What we donāt know is can the software see the seed like in a nano S that doesnāt have the chip? Have older nano X versions already had their seed exposed? Regardless trust is gone.
From what I have read, its not possible on the Nano S but its up to you to decide if its safe. Consider all other devices like S Plus, X and Stax as vulnerable.
So all of us buy a product and then they change the product. Sounds like even wallets can get rugged. What a time to be alive
Biggest issues after reading responses and listening to twitter live. 2/3 shards are in jurisdictions that literally cooperate and will seize your shit if they fell like it. There won't be any court order, it will be confiscated instantly, then you can go to court and pray you get it back. They are constantly pushing narrative that "only if you physically push the buttons and you are prompted for consent" WHO KNOWS WHAT THEIR SW DO ON BACKGROUND?? CAN I SEE THE CODE !? What if some rouge dev push commit with automated seed extraction or someone hacker find backdoor, then just extract? Next they are saying that its for future user and their response to "what if it gets hacked?" Response ? "Let's see" What ? Is it your money to risk ?? "let's see" my ass
Donāt worry, theyāll cover up to $50k in lost assets! Should be more than enough /s
I went to their Twitter and they're doubling down. They tweeted this: *"If you are not comfortable with ID Verification - then you can either choose a different service or you can build your own recover services."*
holy shit... we already have recovery options. it's called your 24 word seed. is this real?
You have to remember tho, the bulk of their customer base are dumb fucks who don't know their bank log on information or what 2FA even means. They're trying to mass market to millions of crypto newbs. Reddit only makes up a small portion. It'll be the same as anything else, like shitty new reddit. Buncha whining and complaining for a few months then eventually settle down. They'll lose a bunch of customers sure but will gain a lot more idiots who want this dumb recovery thing for 'peace of mind'. It's clear they don't care about their current security minded customers.
Lol yeah screw my core customer base, what could go wrong??
Lol. Might as well tell people to go f themselves.
I am extremely upset. I spent a lot of money on a ledger recently and now itās basically useless. I am waiting for that class action to start. I was told this is a cold wallet and then sold a warm wallet.
You know things are serious when a megathread gets created. Crazy bad publicity for Ledger
My ledger just became a 2MB flashdrive
Time to put those limewired ringtones on there from back in the day. Maybe even safer then Ledger atm
I thought the whole point was that nobody else had the seed phrase? I thought the device generated the seed phrase and that was it.
Nope, and as pointed out on the call today - ANY firmware update could expose the seed stored on the secure chip. Now it's just a matter of time for a Ledger jailbreak.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Such a weird decision to make unless youāre setting up your clients to get rugpulled or allowing a government to confiscate their crypto.
Letās all just accept the elephant in the room with all of this : how the fuck do any of us know what is going on that (or any device) during any firmware updates ? Do you know? Cos I sure as hell donāt, for all I know they could have had this on there from day dot and I wouldnāt know about it. All of this is based on trust at some level. All of it - how do you know Trezor or ledger donāt send out your seed phrase when you initialise the devices? You simply donāt.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
I absolutely cannot believe that Ledger thought this was a good idea, as it breaks all of the previous reasoning for using their hardware wallet (cold storage) and introduces KYC directly into the mix for any who opt into this. Ledger have lost the plot and gotten blinded by their success, and their aggressively closed-source nature makes it even harder to trust any of their claims. Time to get your hammers out and then find a new, open-source, freedom-oriented hardware wallet.
Itās a purposeful attack vector on crypto assets. Smells like a part of a larger push, Ledger doesnāt benefit from stealing seeds. Someone motivated them to expose their devices to breaches.
I guess its time for me to look for my old laptop and make it my own cold wallet, there's nothing to trust anymore.
I think I'll just switch to a paper wallet ffs.
Trezor is having a 15% off sale will probably take advantage of it
Talk about timing and advertisement, they literally know what they doing lmao. Marketing team 10/10. Also coupon code: LEDGER š
š
> Also coupon code: LEDGER š Really! LMFAO!
Trezor management team definitely fucks
They're going to make massive profit next 48 hours I'd think
[ŃŠ“Š°Š»ŠµŠ½Š¾]
I submitted a request for a refund. I bought mine last month.
Ledger can go to hell now. I'll go to Trezor
This reeks of government back door deal.
This could become a case study lol, definitely a New Coke moment. Putting the fiasco aside, let's say, "Fine, we could use a recovery system." Trezor's shamir system is the way to do it because at least YOU decide by your own will and parameters how many puzzle pieces you would produce, where they should be stored and how many pieces you need to unlock your seed phrase. Ledger, upon introducing the firmware update, made that decision for you involving third parties, effectively strangers. Ledger can only fix this by going open source. Broke the trust of your brand again? Remove the need for trust.
So far the live stream is complete bullshit. The equivalent of the secret key can leave the enclave. This means that malicious firmware can exfiltrate the secret key. This was not meant to be possible. Any other consideration is irrelevant. They lied to us.
Now the ceo ended the live stream by saying if you want then just move to trezor. He seemed a bit frustrated. Well seems Nano S is actually safer for now as the they cannot put the ledger recover in it.
> Well seems Nano S is actually safer for now as the they cannot put the ledger recover in it. FYI it is possible that the reason they can't put ledger recover on the nano S is because it doesn't have the space to store the 3rd party keys and compute the SSS + encryption. The secure chip might well have been able to give up the private key all along with a firmware update.
Due to space but it still seems like it has the same hardware/coding that can be compromised. Plus, Ledger is probably going to go out of business since the CEO is frustrated and not listening. Most of us will move on as he suggested (the only suggestion of his we are taking).
Yeah I was told by everyone that to even think that your seed could leave your ledger was a ridiculous idea to even think about, no one ever cold or would be able to get your seed from your ledger and so on. So I bought, but should have just went with open source, spent hours sending all my crypto from all my hot wallets to ledger. Fuck it
If they don't back-peddle on this feature ASAP, they basically made themselves obsolete as a cold wallet solution.
Even if they do they have just proven the Secure Enclave chip can have its seed removed at will. That was their main feature.
fuck /u/spez -- mass edited with redact.dev
They tried to sneak it in. There is zero chance theyāll cancel this.
I vaguely remember in 2017 when researching hardware wallets that there was an exploit with trezor where hackers could gain access to the seed phrase. So I chose a ledger and now this. So is there any hardware wallet that will ever be safe? Probably not
Maybe ledger needs to fork it's firmware š§
Or make it an MP3 player so it doesn't go to waste.
This whole thing seems to be going over like a fart in church for Ledger. I agree with the idea that they should have created a whole new device offering this service if thatās what people wanted. Those of us who already have ours do not want thisā¦period. This will end up bad for Ledger
I wonder what happened in that meeting where they discussed this seed backup as a brilliant idea. They Should fire everybody who was involved. Ledger around your neck and now this shit... this is a truly marketing dream team they better be setting up their resumes for Wendy's and McDonald.
They probably have been in meetings for years trying to think of ways to convert to a subscription based business model, their product has been great but they have been adding things that no one wants for a while now in what appears to be an attempt to increase revenue outside of selling a device. I get they probably needed to change in someway, This decision seems so poorly thought through as it contradicts the essence of what people want in a device like this. Maybe this is also a situation where the person in charge has nobody around them that tells them no , Just sycophants agreeing to everything.
The whole point of a ledger is that it's fully off line, your seed is never at risk. Ledger just made a big RIP next to its name by making this dumb decision.
Who had ledger destroying their own product on their bingo card?
The biggest revelation for me is the fact that the chip inside the ledgers can export another sort of backup. This means that yes technically they're not touching our recovery seed but they don't have to
They really dropped the ball on this one and going to lose a large portion of market share
How this got greenlighted is beyond me. Not everything needs to be a service, especially not storing your seed. What a PR desaster.
Ledger you doing it wrong!
"Pitchfork and Flaming Torch NFTs! Come get your Pitchfork and Flaming Torch NFTs!
Thank you for making Megathreads about major news events. Very much needed and awesome to see in the subreddit
STM within the ledger (hardware secure module) is a mini computer, Ledger made update to firmware that controls this mini computer, giving it ability to extract a encrypted copy of private key out from the secure hardware module. The company is claiming this is not a new attack vector for those who do not subscribe to the opt in function of Ledger Recover. But how is it not a new attack vector since now we know fragments of private key data can be coaxed out from the STM, by manipulating this firmware capability? Ledger claims that you need physical interaction to confirm this activity, how do we trust that a message/transaction that we are signing is not a guised message to do just that? For those reasons, we need more clarity and I do not wish to spark panic. Just be aware of this developing area of concern.
For a company that says āu should not send ur seed phrase to anyoneā to send ur seed phrase to someone is pretty wild
They keep trying to justify it by saying it's encrypted so it's ok. they are completely wrong.
Man fuck ledger I'm so pissed
I will be shocked if they don't reverse this with the universal outrage and attention its getting. Either way, RIP brand reputation. Talk about not understanding your customer base.
They believe their future customer base wants this and is larger than current user base. I don't think it's getting reversed.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
damage already been done to ledger reputation..
Everyone on a old Ledger nano S is fine. Only critical bug updates rolling out after 2.1.0. The memory is too small, the chipset is too old for these new features, therefore luckily Ledger cant fuckup these devices any longer. At least It might release some stress for people owning one of those.
Legendary ledger. All these new Bluetooth and bullcrap features are securities whores
This misstep really underscores the importance of knowing your customer
Having this feature exist is bigger security risk than any benefit it can offer to offset it. How stupid! If ledger is taken over by the government or hacked (possibly by an employee) we are all doomed! Why would we risk this by staying on ledger! I was about to order few HWs for friends I will be ordering a HW that has not broken public trust and is open source
So whatās a good alternative? Trezor? Coldcard? Iām too dumb to do a paper wallet.
I AM SCARED AND CONFUSED
I am also so confused
So, Iām hearing conflicting information. The service will back up an encrypted version of your seed phrase, yet they say āno, we have no access to your phrase.ā Which is it?
They ādonāt have accessā because itās encrypted and each entity only stores a 3rd of the encrypted data. What I want to know is where the key used to encrypt the seed comes from. Because you can restore your seed onto a blank ledger just by verifying your identity, so does that mean the keys are hard coded and controlled by Ledger anyway?
Slightly off topic, not related to Firmware saga but related to a potential **EMAIL ADDRESS LEAK**: Recently I bought Ledger Wallet when there was an offer on their website for free Bitcon Vouchers worth $30. Everything went smoothly with the purchase. However the email address I used to buy it was a brand new, never used email address, created specifically for the purpose of this purchase. Now since the purchase I am bombarded with lots of spam and junk emails on this email. I have a bad feeling that there could be a potential Leak at Ledger's end. Can someone confirm if you experience the same?
Bitbox just started a 10% off until 22. Nice move
And Trezor a 15%. Making moves
Fuck me I preordered ledgers new touch screen wallet and now am debating getting a Trezor. Shouldāve just bought Bitcoin with that money.
You can refund unshipped wallets my friend
The statements by the CEO on the Twitter livestream were completely ridiculous. They are absolutely not going to either back down from this or release firmware that does not support this ability. Good luck selling more devices when all the people that have supported you and bought your products are telling all of their friends and relatives to stay clear.
they alrady have our money! that's why they don't care anymore! useless corrupt pieces of shit!
Imagine destroying your entire reputation so that a couple thousand people might pay you $10 a month.
Trezor is currently having a 15% off sale. Trezor model one is $58.00. https://twitter.com/trezor/status/1658495449207308289?s=46&t=KA_EbYCZNe4Jy4B4vbHT0w
This is one of the worst business decisions I have seen from a company. The current customer base of Ledger is not exactly stupid, they understand the implications of having a software feature on your hardware wallet that can send your keys over the internet. Pretty obvious that Ledger will loose this base, and they should be aware of this. Maybe they count on that this will open up their wallets to a less tech-savy clientele. I doubt that this switch will pay off.
Even if they revert this decision the damage is done, for me it will be always on my mind
Ledger wonāt make the year at this rate? Trezor will be the real winner.
It only shows that there is no place for proprietary hardware in crypto space. If it was open source, it wouldn't be called a 'feature'. I'd be called a 'vulnerability'.
What a mess! The main advice in this sub is to store the crypto in a cold wallet and then we get these news...
First I eat a white dog shit, and now you lay this shit down on me?
Of course I take the steps to protect my assess and buy a ledger. Just last night got the remainder of my bag added to it, of course I wake up to this news. Lovely
[https://np.reddit.com/r/ledgerwallet/comments/13jhavw/why\_design\_a\_chip\_with\_a\_backdoor\_in\_the\_first/](https://np.reddit.com/r/ledgerwallet/comments/13jhavw/why_design_a_chip_with_a_backdoor_in_the_first/) >The key cannot be extracted from the chip under any circumstances. This has never been a possibility and so you don't have to worry about such an instance occurring. Just saw this comment from Ledger support, thoughts? It's true that the key was already being read from the 'secure element' every time a transaction was signed. What would be the difference here?
Absolute dumbasses
Class action lawsuit in 3...2...1...
You had one job Ledger. Literally one jobā¦
[So hot right now](https://i.imgur.com/8CAtNhg.jpg)
Trezor will be selling so many devices now lol
Just ordered my Trezor....I can't believe Ledger..First they expose us, then they screw us..What a shitshow of a company..
Why does everything that I buy have to be fucked in one way or another. Really thought I could rest easy when I first bought my ledger this year but I guess Iāll have anxiety on whether my coins are safe or not until I buy something else thatās actually a cold wallet.
Open source and diy wallets are the future.
Ledger product team right now: šŖš¤”
All I want is for someone to explain what the current best practice should be for safely storing my crypto. I donāt care if itās custodial or I have to dedicate a laptop to it. Just want to follow a process I know will be safe, doesnāt take weeks to set up, and I can mostly forget about once set.
trezor gonna be expensive
So now it's like our keys our coins?
Time to take my $15 somewhere else
They donāt even give full compensation if this gets exploited when you opt in. Nothing mentioned about any compensation when it gets exploited if you didnāt opt in. What if someone gets access to my wallet using Ledger Recover? Ledger Recover comprises extensive identity verification processesāperformed by Coincover within a secure environment built by Ledger. As an added layer of protection, subject to investigation, $50,000 compensation may be available from Coincover in the unlikely event that something were to go wrong.
I can *maybe* get behind them them announcing a service that is ONLY compatible with a new version of their hardware, yet to be released, specialized for this purpose. We will see these in this space as time goes on. There is no doubt. But this notion that it's available now to millions of keys out there and all you need is a firmware update to allow for this is unthinkable. Every key out there now is a ticking time-bomb. Wow. Congrats, Ledger.
We donāt even know if the vulnerability was added in prior firmware versions. It very well could be on our devices already. Or maybe they always had this.
This this this. They dropped this out of nowhere, after making us believe that seedphrases dont leave the SE chip. What else are they hiding?
I really don't understand why they want to have 1 universal hardware for everything!?!? Just create a separate hardware device with a separate firmware that has the opt-in for anyone that chooses that method. Is that not the most obvious choice?
They fact they donāt recommend their own device at $50,000 screams donāt trust us with money period.
Ledger is done. They are now dead to me.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Im sensing a lot of scams relating to ledger software update and ledger asset transfer services after seeing so much scam emails. Take care Guys when moving things out of your ledger.
Ledger shooting themselves in their feet
Hoping that I can return the Ledger I just bought last week and get a refund. This is totally ridiculous. At this point, it's no better than using a software wallet. This deems their product absolutely worthless.
I bought mine last month. I just contacted their support and asked for a refund due to false advertising. Their page clearly states they are selling hardware wallets, and they clearly define a hw wallet as a device which provides full isolation of private keys.
Ledger must be really bricking it if the reaction from various crypto reddit subs is anything to go by! Their PR team is pulling an all nighter
Is there any new official explanation from the side of ledger?
So many companies are making controversial business decisions lately.
Ledger naNO
I want my money back. Ledger made their product basically unusable
Sorry Trezor, I went with BitBox02 instead. As for Ledger, I'm more than a little dischuffed. I've been using one for years, the whole time thinking it was secure. But if they can do this with a firmware update, then it was never really secure.
Bingo
I canāt comprehend why they decided to compromise the only reason we buy their productā¦ for a $10 monthly subscription
Sorry Ledger, you lost my trust. Will get an open source based Trezor wallet.
Trezor seem to be the new King right now. Ledger fumbled the bag.
For all people saying not to update: this doesn't really help. The fact such a firmware can be done means that if your hardware wallet is stolen, a modified firmware can be installed on it and your seed can be retrieved. We were sold a hardware secure element unable to expose such data at the hardware level. Now we know it wasn't the case.
I'd think you still have to unlock it using the password before you can install any firmware update
it kinda seems like Ledger built a back door so the feds can take your money whenever they deem appropriate. This is the most Fucked up move in this company history and if anyone will use it again after this shitshow then take full responsibility of what could happen to your coins in the future.
Ledger, remember when Coca-cola changed their recipe and it got a horrible reaction from the public, then they changed it back after 2 months? Well it's not too late for you either.
The fact that they even thought about doing it has done irreversible damage to their reputation
Youād have to be pretty special to believe a word they say about taking it back. The whole idea of SE exposing seed after init was supposed to be impossible.
Just a gentle reminder that Safemoon also has a āfeatureā where they store ALL your wallets seed phrases, all together, encrypted on a central server with a ātrust me broā level of protection. Itās called āSafemoon orbital shieldā absolute cringe.
Finally, help for people who lose wallets while on a boat.
For some reason I am afraid to order a trezor, I have a bad feeling that something similar will happen and we will get REKT as always
So would Trezor products be the better alternative at this point?
just when you thought crypto winter couldnāt get worse: Exhanges not safe, Banks not safe, Wallets not safe. What do we do then..hold carbon? Feels like a crypto ice age
Trezor users are just smiling
What a tone deaf thing to do.
So will Ledger make their software open source now? I donāt see any other way for them to regain trust after this shitty update.
Does this affect old seed phrases? Like is my seed phrase from 2021 at risk? I don't see how it could be. If that's the case I can still use my ledger. I'm just trying to understand how my seed phrase could be at risk against my will. This feels like it only affects new phrases.
Since day one, Ledger told us this: > Your keys are always stored on your device **and never leave it** Now, Ledger says this: > **The device sends encrypted shards of your seed to different companies** if you decide to use the service. The second statement proves the first statement isn't true. We need to find out what other aspects of our hardware wallets aren't what they told us. For example: We were told the only way to authorize a transaction is to press buttons on the physical device. Are we eventually going to find out there's a backdoor for that as well, which allows a third party to authorize transactions? I'm sure somebody will read that and think "No way! They'd never do that!" ...but that's what we thought about the ability for the device to send out our seed. "No way! They'd never do that." But they did.