Subnostr

Yeah, that’s the actual point. At first I thought optionality is good and that it makes holding bitcoin more approachable for normies. But you are right. The ability to extract the private key seems wrong. Need to read more about how they do it.

On the other hand you are also able to extract your own private key. So will be interesting if they found a secure way to do it. But most likely it’s an additional attack vector.

rieger_san 2y ago

A big vector 🫣

Reply to this note

Please Login to reply.

Discussion

Toshi 2y ago

Yeah

Neo ⚡️ 2y ago

At least we know that #Ledger is good at keeping customer data safe, so what can go wrong 😅

https://decrypt.co/65917/ledger-lawsuit-data-breach

rieger_san 2y ago

This can happen to every company. That’s why we have hardware wallets. No online system is secure.

The problem with this special case was how ledger reached to the data breach 🙃

Toshi 2y ago

🤣I bought my first Ledger right after this news came out, thinking that they weren’t going to make the same stupid mistake twice.

rieger_san 2y ago

I can understand your logic behind this 😅

Toshi 2y ago

Would it compromise my multisig setup if one of the devices were a Ledger?

Neo ⚡️ 2y ago

It would compromise this specific key and maybe the xpub as well (privacy related issue). Generally Ledgers are not considered secure for multisig setups. As they create a lot of security issues in such a setup. They are not designed for this. You can find a lot of resources about it.

Neo ⚡️ 2y ago

Here is a detailed report about #Ledger issues for multisig https://medium.com/shiftcrypto/the-pitfalls-of-multisig-when-using-hardware-wallets-9b0e98e4c19c