Nostr Web Client

Ledger has just announced to the world that their devices contain a backdoor allowing the private keys to be accessed from any device it's connected to.

A backdoor is a backdoor. It exists whether you turn the stupid "upload your private keys to AWS and give us KYC" erm... "feature" on or not. Either way this is a new attack vector that renders the entire point of owning a cold wallet utterly useless.

For all intents and purposes a Ledger is not cold storage. You might as well just keep your private keys on a USB stick. Same security.

I kinda started to suspect Ledger were becoming 🤡🤡🤡 with that chain and all the product placement in rap videos hence buying a Trezor.

My hunch was right. Moving 100% of my on-chain BTC to the Trezor now. Nothing on Ledgers.

hzrd149 2y ago

Do we know if the device itself has a backdoor? or is the KYC seed backup simply something you do when your setting up the device and you have the seed in front of you?

Im not defending Ledger here. but the device itself dose not have internet, so either their software would have to upload the seed or you would have to upload it yourself.

Reply to this note

Please Login to reply.

Discussion

No replies yet.