đ¨ LEDGER ALERT đ¨
If you have a Ledger, you should know:
1. Ledger is closed-source
2. The company has said it's possible for their software to extract your seed
3. This means your funds are not safe!
Get a new wallet: https://bitcoin.rocks/wallets
Their software can extract your seed? Mind sharing any resource regarding that statement?
Look at that Ledgerâs ceo interviews. Not only did he announce this feature but he also said that the option was always there despite not being announced.
FUD Alert. I prefer coldcards, but saying their software letâs you extract the seed without explaining that the user has to choose to implement the recovery protocol where 3 custodians store a piece of the seed is disingenuous. Also it being closed source doesnât necessarily mean itâs not secure same how being open source doesnât magically make things secure.
How can you verify that you must opt-in for Ledger to extract the seed if the code is closed source?
I know some parts of their OS is open, but for the sake of this argument lets assume everything is closed source. In this case then obviously you canât verify what the firmware is doing as has been the case the whole time with ledger. Users canât verify the firmware running in their device is not malicious, but they also canât verify the firmware is malicious as you are hinting to. People that use ledger have always had to trust the company is not malicious (until they open the firmware, which is in their roadmap according to them). The fact that there have not been any instances of ledger users getting rugged or devices being broken into is what gives people confidence to continue to use their products. Not everyone will choose to take this trade offs, but asserting that funds are not safe if youâre using a ledger device without providing evidence is FUD.
Don't trust, verify.
You can't verify with Ledger.
So dump Ledger before you get rugged. Don't take the risk.
the ledger live source is here. however I don't know of anyone who has built it
