Avatar
Pablo Xannybar 2y ago

Ledger has just announced to the world that their devices contain a backdoor allowing the private keys to be accessed from any device it's connected to.

A backdoor is a backdoor. It exists whether you turn the stupid "upload your private keys to AWS and give us KYC" erm... "feature" on or not. Either way this is a new attack vector that renders the entire point of owning a cold wallet utterly useless.

For all intents and purposes a Ledger is not cold storage. You might as well just keep your private keys on a USB stick. Same security.

I kinda started to suspect Ledger were becoming 🤡🤡🤡 with that chain and all the product placement in rap videos hence buying a Trezor.

My hunch was right. Moving 100% of my on-chain BTC to the Trezor now. Nothing on Ledgers.

Reply to this note

Please Login to reply.

Discussion

Avatar
Neo ⚡️ 2y ago

🎯💯

64
6484df04... 2y ago

Ok that did it. I'm gonna be moving. Bitbox here cold card on the way. The assholes at Ledger have just lost my trust.

Avatar
Pablo Xannybar 2y ago

Good move.

Ledger no longer have any credibility at all.

Avatar
IntuitiveSoundRadio🎧☯️ 2y ago

Wait.. trezor has his recent turmoil also. Probably Coldcard is the ultimate solution.

Avatar
Pablo Xannybar 2y ago

Choose whatever alternative you want as long as it's open source.

The only controversy over Trezor I'm aware of is their use of Wasabi's coinjoin. But that's an optional feature in the client that doesn't impact the fundamental security of your wallet.

The difference with Ledger here is they have coded a method of obtaining the private keys from the wallet to any device it connects to. This undermines the entire purpose of the device.

Avatar
+boldmouse096⚡️ 2y ago

Trezor is a shitcoin brokerage, too.

Use #Bitcoin only signing device (connected to sparrow wallet and your own electrum server).

Avatar
TanukiBTC ⚡ 2y ago

Trezor had a supply chain attack not long ago ...

Avatar
2Pac 2y ago

Wasn’t from Trezor but a third party reseller. Always buy from manufacturer.

Avatar
Johano 2y ago

What mobile wallets work well with coldcard?

Avatar
hzrd149 2y ago

Im not sure about the MK3 but I know the MK4 works with https://nunchuk.io/

Avatar
Johano 2y ago

Thanks!

Avatar
hzrd149 2y ago

Do we know if the device itself has a backdoor? or is the KYC seed backup simply something you do when your setting up the device and you have the seed in front of you?

Im not defending Ledger here. but the device itself dose not have internet, so either their software would have to upload the seed or you would have to upload it yourself.