Yeah I know I’ve been wanting a new hardware wallet device for like 2 years now. Just don’t want to shell out the cash, I didn’t even want to shell out the $120 CAD for the ledger but I got it before I knew it wasn’t open source. All those YouTube creators shilled ledger for years but since the Celsius and FTX scam I’ve been a lot more worried about ledger keeping keys. They constantly ask me to unlock my device and connect it to my computer to update. Sometimes I can’t even connect my device to Bluetooth to get my wallet address unless I update. Very sketchy even if they don’t store keys they could easily steal them in the future. I hate ledger there’s no reason other than stubbornness or being scammers to make your code open source.
Discussion
Get a Blockstream jade for $65 or if you want a project build a Seedsigner
They cannot steal keys. The only way they can mess up with closed source system is generating keys not randomly but you can always roll dices and make your own keys. Open source is good but it is not the only thing important.
They can steal keys while updating maybe not during Bluetooth connection for wallet keys. However during updating the whole ledger device does a reboot and they update the UI on the device itself. No doubt they could scan they keys stored on that device if they can enter it in boot mode.
Exactly and no one can verify what they are doing because closed source. They also had that huge data leak of customer info and support every shitcoin under the Sun.
Yep every true Bitcoiner knows the saying “don’t trust verify” as much as they know “not your keys not your crypto” your trusting ledger not to steal your keys while updating. The whole point of buying a ledger is for security but then not being open source defeats the whole purpose of having a ledger.
That’s not how hardware wallets work. It is not just a flash usb that any thing can extract any information from it. It is impossible to access keys from any hardware wallet by normally connecting to a computer. A hardware wallet CAN, however, be brute forced (check Trezor hack on Youtube)
Why can’t they build a back door in the software?
They are not entirely closed source. As far as I know only the security chip is closed source which also the reason why Ledger cannot be brute forced even with physical access to the hardware. All open sourced hardware however can.
Interesting that is news to me. I’ll have to look more into that when I have time. From what I’ve heard the ledger device itself is entirely closed source.
You can check here to see what parts are open source on Ledger.
Bookmarked will check out sometime. I’m just ye of little faith for companies in crypto. Even Coinbase is a security waiting to go wrong and rug pull customer assets.
You and Ledger can say that all you want but there is 0 proof Ledger doesn’t have a back door in their own device… remember the whole open source thing we’re talking about?