Ledger Hardware Wallet Risks!? Here's Everything We Know!
ฝัง
- เผยแพร่เมื่อ 10 พ.ค. 2024
- 🛒 Get The Hottest Crypto Deals 👉 www.coinbureau.com/deals
💸 Trade Crypto on ByBit 👉 www.coinbureau.com/review/bybit/
📲 Insider Info in our Socials 👉 www.coinbureau.com/socials/
👕 Our Merch Store 👉 store.coinbureau.com
🔥 TOP Crypto TIPS In our Newsletter 👉 www.coinbureau.com/newsletters/
~~~~~~
📺 Useful Vids 📺
Top Hardware Wallets 👉 • Top 5 BEST Hardware Wa...
Self Custody 👉 • Is Your Crypto SAFE!? ...
Trezor Shamir Backup 👉 • SAFEST WAY To Store Yo...
~~~~~~
⛓️ 🔗 Useful Links 🔗 ⛓️
Ledger Nano S Plus Review: www.coinbureau.com/review/led...
Best Hardware Wallets: www.coinbureau.com/analysis/b...
Twitter Thread by CTO: / 1659187049331654658
Twitter by Haseeb: / 1658740448947765250
Podcast: • Ledger Recover with Pa...
Kraken Security Labs Trezor: • Kraken Identifies Crit...
~~~~~~
- TIMESTAMPS -
0:00 Intro
0:27 Background
5:04 How Devices Work
7:52 Open Source Solution?
10:53 Going Forward
14:26 Outro
~~~~~~~
📜 Disclaimer 📜
The information contained herein is for informational purposes only. Nothing herein shall be construed to be financial legal or tax advice. The content of this video is solely the opinions of the speaker who is not a licensed financial advisor or registered investment advisor. Trading cryptocurrencies poses considerable risk of loss. The speaker does not guarantee any particular outcome.
#Bitcoin #Crypto #Ledger
What do you guys think of the Ledger fiasco? Would love to know! Don't forget that you can follow me on my socials 👉 guy.coinbureau.com/socials/. You also have to check out my deals page for the best promos, discounts and bonuses of up to 40k 👉 www.coinbureau.com/deals
Ledger should have launched a new hardware wallet product for users that want this kind of service instead of putting the security of existing users at risk. It's one of the worst PR disasters ever, let alone just for crypto.
CEO of ledger expressed that it was his honor to speak for the 2020 WEF meeting at Davos - tells us all we need to know
@@ronregnier2179 Didn't know this, but it sure makes sense and validates my concerns.
I believe this is just the beginning. All devices and companies will be regulated and forced to comply. Wallets without this feature will be banned and blocked of exchanges. Wake up, this is just the beginning. I believe this was the plan from the start.
trezor and wasabi??? trezor is a no GO too
They should have released a separate product with this backed up seed phrases concept. Not, just upgraded ALL existing users. Thats shady.
sooo angry and disappointed, imagine if they did';t communicate that or they have already done something before to our firmware.... DO NOT LIKE IT AT ALL!
No point now. Seems they have lost the TRUST of the majority of the Crypto community
If Ledger should ripp people they won't have long time to use the Coins anyways 😂.
They was forced to do it, same way how exchenges was forced to lower thwir staking rewords like CRO
thats not the point, the very fact your current ledger can be completely centralised by ledger with a simple firmware update and you would have no idea as its closed source. all ledger did was expose their centralization like a bank thanks to being subpoenaed by government if a situation ever arise. they admitted this in a podcast. you have zero self custody and Ledgers response is "trust me bro".
I think Ledger should offer a full refund for all those that do not want this firmware upgrade or be sued for false advertising and mis representation
the update could be forced_installed by any hacker. It's the end of ledger
I agree, refunds should be issued to all ledger customers ghat don't want the upgrade
start a class-action lawsuit. sue them out of business so they don't risk other people's funds and in the lawsuit make it require them to provide all details on how it works so people can open source it easily and let a community take over it's development.
@@KingsRight agreed
@@cachecacheboris but you need physical access to ledger. Trezor can be voltage-hacked too, by physical access. They are the same
I hate how Ledger keeps talking about 'trust'. If you have to ask for it, you definitely don't deserve it.
But they do
@@pomp4401 I don't know that and neither do you, because there's no way to verify it. If there was, they would be telling us not to take their word for it.
@@ieroen You must trust someone when storing your crypto. With CEX, you have to trust them they don't go bankrupt. With hot wallets you must trust them they don't take your seed phrase + hackers won't hack it. Cold wallets must be trusted as well, as we saw with Ledger. The most trusted way is holding it physically in your hand. With crypto this isn't possible. So trust will be needed, no matter where you keep it
@@Miklos211 Dr Matthew Kratter of Bitcoin University IIRC states that for Bitcoin maximalists, Blockstream Jade is probably the safest because it's fully air-gapped. But it only accepts Bitcoin. If only Trezor would create and sell a fully air-gapped addition to its devices, even as a separate device.
Like my ex.
At this moment, it is crucial for individuals to prioritize investing in alternative streams of income that are not reliant on the government, particularly with the existing worldwide economic crisis. Investing in stocks, gold, silver, and digital currencies can still be profitable during this period. Therefore, it is advisable to explore these investment options to secure one's financial future.
You're correct!! I make a lot of money without relying on the government. Investing in stocks and digital currencies is beneficial at this moment.
@@Adukwulukman859 I'm new to crypto and stock investing; My $200k portfolio is now down to $55k. "How can I profit from the current market?" I mean, I've heard of folks getting up to $250k in a couple weeks during this downturn, and I'd like to know how.
I diversified my $400K portfolio across multiple market with the aid of an investment advisor, I have been able to generate over $900k in net profit across high dividend yield stocks, ETF and bonds in few months.
@@Adukwulukman859 Please can you leave the info of your investment advisor here?
@@Adukwulukman859 who is this individual guiding you? I lost over $9000 just last week, so I’m in dire need of a broker who can manage my portfolio
Thanks for the update. I have watched a few vids since Ledgergate started and there seems to be a common misconception that newbies won't be able to handle the responsibility of holding their own keys. I was 60 when I got into crypto last year and I didn't find it daunting or confusing. Taking responsibility seems to put in the too hard basket these days.
Ledgergate! I like that.... their demise. I am ditching them.
It’s mind blowing that people refuse to recall a 24 phrase password worth thousands to millions. But they’ll remember all sorts of bollocks instead
❤ my vote for best comment.
Accepting responsibility (or accountability in general ) seems to have ‘done a runner’ from our culture.
Chapeau! to you. 😁
You clearly don't understand people. I work in IT and almost half our tickets are related to passwords. You expect the masses to keep track of a key that stores their life savings? Never going to happen.
@@kevink9365 You are confirming his point. Although it sounds like the point is not 'too hard' but perhaps 'too stupid'
As a engineer with 20+ years experience in reverse engineering, Ledger hardware wallet secure element works like this: if it is locked, no apps or coins can read the private key. If you enter your PIN to unlock it, you give all apps and coins installed on the device access to the private keys. Anyone with physical access to your ledger and knows your PIN code will be able to extract your keys. Regardless of the “backup” firmware update or not.
Shortly put, the ledger hardware wallet will NOT become any less secure than before this “backup” update.
Exactly. Well put. I’ve read other info on this and it’s exactly saying the same as u just did
Ok, so explain how you're supposed to regain access to your keys with the "backup" firmware if you don't know you pin code or keys
@@tbtitans21 I do NOT trust their backup service because they will store a copy of your keys on their servers. But I still trust their hardware wallet secure element. The ledger hardware wallet will still be as secure as before as long as you never subscribe to the online backup service.
This is even worse than I thought. I always thought that the secue element only signs the incoming data with the key stored there locally and then outputs encrypted /signed data without the microcontroller being able to access the key itself.
Tbh that isn't even bad, just use a good password like any other form of encryption.
I keep my crypto on an tails USB drive in the persistent storage which I have backups of in multiple locations. Though this is pretty complex to setup so I highly doubt most people would do this. Also it opens up the attack surface in other ways
I think Manufacturers are over complicating this issue. We just want a device that stores our keys cryptographically and that no 3rd party apps or the manufacturer themselves can have access to our keys. If the maufactuer goes beyound these basic specs then in my opinion they are not providing the secure service we demand.
If you want to provide a multi sig wallet, thats fine. but make that a seperate product.
Seems that diversification is the only safe avenue. Hope to see more videos on this if better products and methods are identified.
Open sourcing the code is good, but only one part of the solution. You also need a way to verify that the firmware image that you're installing has actually been built from the code that is published. Which means you need reproducible builds, as well as the ability to actually manually inspect the firmware being installed.
Very good point here mate. There is really no silver bullet here.
@@CoinBureau As I understand it, any firmware image should have a checksum created. If the correct build software is used to compile the correct open source code the checksum generated along with the image file should match up with the one in the firmware's release notes. If it doesn't then its probably best not to install it on your device. Still comes down to trust in independent verification of the code to ensure that no back doors are sneaked in, but at least you will know that the image has been built from the open source code.
If they provide the build env (Docker, instructions, pre-build script…), you can build from the public sources and install your own FW by yourself. Disadvantage is, that there will be malicious firmwares everywhere.
100% trust less will never exist in this life.
Crypto is dead
That's when signed checksums come into play. It almost seems necessary at this point, but it also makes the process of updating your device even more cumbersome and complex for end users who will need to understand cryptography tools like PGP.
2022: "not your keys, not your crypto"
2023: "not your hardware, not your wallet"🙃
Absolutely 👍
Haha first world problem. Paper and pen is the way to go!
@@penitenttangent7346 *hand sketches QR code*
@@penitenttangent7346 Fact all my seed phrases are hand written 😂
I think Ledger really really made a huge mistake and it is going to cost them. The cost maybe so bad that they go out of business. It is going to take a lot of hard work for them to build up the trust they have lost. So far they keep digging themselves into a deeper and deeper hole.
It not only exposes ledger, but other wallets have issues (as discussed in the vid), so it makes for even more complexity spreading your assets across multiple wallets. Multiple seed phrases needing to be safeguarded, that could be a real problem. As for Leger - I'd agree, people will bail out and the company becomes unviable.
they have already done huge mistakes and are still there. It's sad but they bought some many youtubers and influencers that newcomers will just buy a ledger
Yeah ledger has been pushed by TH-cam influencers so much
@@ammarhussain1267 And Trezor is another option I'd say, but nothing is absolutely foolproof.
@@altbinhax yes that's the issue. Crypto is an amazing innovation but industry in all its spheres is full of shady actors which is really off-putting
Thank you Coin Bureau for always coming to the table with unique information about finance and crypto. I recommend your channel to all my friends. Keep up the good work.#respect
In pursuit of a profitable investment many gets scammed of their hard earned money, I was a victim too but I was lucky and able to recover my stolen crypto.
Wow how did you manage to pull that off?
A reputable firm that specializes in scam recovery.
tell me more
with cutting-edge technology and collaboration with government agencies they are able to get the job done.
How can i get hold of this company? I lost all my assests
As everything is connected to the internet I think that having important documents on paper is a MUST
I certainly agree with the conclusion!
One of not so many video I enjoy in your channel. Fair and objective presentation. TY
Maybe they need backdoors for the big guys, and as always it's for our safety. It's a different control tool for the social scoring system. Even if you try to be anonymus, bigdata can track you easily with AI.
With trezor, you need physical access to device and you can exploit it via voltage hack.
With ledger, you can update, not opt-in for that service, but one would still need physical access to the device to potentially hack it and extract recovery phrase.
So they are the same, security-wise.
I really love this channel,i used to watch stupid videos on youtube now i only binge watch this channel and plus i learn something every time 🎉
Dear guy this was a great video so helpful thanks so much for covering this so important problem
The level of security you should should be proportional to the amount of wealth you need to secure. If you're planning on retiring off of your crypto, use a Trezor with a shamir backup scheme stored on metal engravings. If you're saving your crypto for an emergency fund, an Exodus software wallet with a single paper backup stored in multiple obscure places is good enough. If you just want to be able to purchase a few items with your crypto, it's fine to print out the entire public and private keys and stick them in your wallet.
Trezor had a massive problem no-one ever mentions.. the trezor Bridge pop up usually always immediately disappears when connected to Metsmask, or Rabby, when interacting with dapps for staking etc.. meaning that tx cannot be signed in order to proceed, resulting in endlessly such pending tx.. great job Trezor.. funds so safe you cannot access them..
I'm considering Trezor now, only just bought ledger but this move seems like centralization via the wallets
Thoughts that come across my mind regarding the Ledger situation:
1) You either die a Satoshi Nakamoto or live long enough to see yourself become a Sam Bankman Fried
2) Ledger, the coldest storage now (2014-2023) RIP
3) I paid over $100 to get a Ledger Nano X, and now they are asking me to pay $10/month to get robbed
4) Et tu, Ledger?
5) After Cyprus, Ledger just legalized robbery in the crypto space
6) This is the best advertisement that Trezor can never make themselves
Wtf? I also have nano x so they are asking you to pay 10 euro a month? Wtf.... I not yet used my wallet so i'm lucky i guess?
just threw my ledger x into bin today will be buying trezor for sure
@@michaelcooreman3509it’s optional
@@JM-oi9pktrezor been hacked ledger never been hacked
Trezor will not be immune
I believe this was done to pave the way for compliance with Europe's MICA regulations. Governments want KYC for every transaction, even between wallets. They also want the ability to subpoena the finances of crypto users. The revolutionary concept of private money promised by cryptocurrency is in grave danger. 😮😢
Global bankers and WEF putting pressure on. There will be no anonymity in crypto.
That promise was never sustainable due to government international across the globe
It was always bullshit. It was always a lie. Bitcoin was a Trojan Horse.
MONERO
Paper
Started direcly with air gaped. Ellipal Titan. Open sourced and air gaped sounded good for me from the beginning. hope for the best. And a burnproof seedphrase case helps.
ellipal has issues, they're lying about the tech inside. Keystone is better (or Ngrave if you have the money).I don't think personnally that ledger has a backdoor or that there's a risk more than trezor (unless you agree to "recover"). but from the lies from ellipal, I would trust them less than ledger and as much as FTX.
Great information. Thanks. Could you do a video on the Tangem wallet?
Thank you for clearing that up for us.
if Ledger can (even if they dont) extract the private keys..... the device is not as secure as advertised when sold. Therefore i can not trust Ledger anymore. Ledger should have made a NEW device with these features and advertise and sell as such.
It’s funny because a new device would have been highly successful. Dumb down the product to reach the masses
I see a class action lawsuit in their future..
@Mandatory Myocarditis oh hell yeah i can see it miles away.
I believe them in that it wouldn't be easy for them to extract existing data.
However, generation of a new/restoring an existing private key would be extremely susceptible to a FW update leak, as it is necessary for the FW to have knowledge of the seed value.
I would exercise caution using Trezor. Yes, they may have open source code, but the recent coinjoin feature with Wasabi (that censors which coins that can be coinjoined) is a very concerning move for the company. I think I’m going to be researching coldcard or blockstream jade.
💯
Thank you Sir for the content! As a conclusiun, should we moove our cryptos from ledger to another colt wallet, or we should we still keep our cryptos on ledger? Thanks in advance!
Thanks for the update
I'm starting now considering a move to trezor due to being open source.
Any non open source solution, is biting the same bait!, usually, at a more expensive price than a ledger.
cheaper for a reason, cuz you are their product, all your crypto all you data hell knows that they doing with all that and just not telling us anything
The thing I'm mostly asking myself is if other hardware wallets (like Trezor) are not just able to do the same thing with a firmware update. I'm not knowledgeable about this subject, but why wouldn't they be able to. They are all able to update firmware as this is required to keep up to date with the chains
Trazor is open source so anyone can view the security keys of trazor ..
So, if you make a ,,firmware update,, nothing is happening.For the recovery program, you have to ,,subscribe,, and ,,register,, for it.With an firmware upgrade YOU DO NOT ACCEPT automatically and subscribe for the recovery program, dont compare these 2 things: upgrade / and subscribe (register) these are 2 difference things.
Thanks for the heads up mate!
I really valued this video! I am currently trying out a new way of cold storage… Tangem, no seed phrases! Would really value your opinion…
Ledger should have introduced this as a "New Wallet" feature only. That way it wouldn't feel like Ledger is reducing my existing security.
It might cost a little to move my coins (if I wanted to use it), but it would feel better if this was a separate account service and not the one that's got coins locked away in a safe place.
I agree. Only issue is people who are interested have to move their coins to that new wallet, an added task in their view.
So, if you make a ,,firmware update,, nothing is happening.For the recovery program, you have to ,,subscribe,, and ,,register,, for it.With an firmware upgrade YOU DO NOT ACCEPT automatically and subscribe for the recovery program, dont compare these 2 things: upgrade / and subscribe (register) these are 2 difference things.
Well said mate. Have you considered airgap wallets? You can use an old mobile phone for it, completely cut it off from all network access, and use the camera / QR code system. Good because it's free! Seems legit, but would be nice if you talked about it, as I think it'd fit your audience
Excellent idea. Also an iPad or laptop used only for crypto.
I don't understand... HOW can I possibly send my crypto to my old Note 4?
Ellipal is an air gapped wallet
Thank you Guy... very informative
Excellent, excellent video! Thank you!!
Good insights on the trust issues with hardware wallets. But, Trezor's price jump to 220€ from 120€ is a tough pill to swallow. That's an 83.33% increase! I'm all for diversifying assets for safety, but shelling out 220€ for a device that costs around 15€ to make? And why 220€ when 220$ is roughly 199€? I remember when it was around 150€ or 150$ (about 120€ back then). The price hike doesn't make sense. I'm curious, what's your take on this, especially considering the trust issues and the need for diversification you discussed in the video?
They got wind of L edgewater and raised price in anticipation of Ledgers downfall.
The trust is gone with Ledger now. Full stop.
Yeah this is bad, but it also points to the problem of having a third party build a piece of equipment you have to blindly trust.
They are dishonest and hiding so much from us and had data leaks before, no way can they be trusted to hold my crypto
Thank you for the video. I use the Trezor and I am very satisfied :D
Trezor Model T might be the better option and i'll have to consider other hardware wallets. but i don't care for most cryptocurrencies so i can deal with not being able to choose a bunch of different random ones on Trezor Model T.
Any update is a security risk. Remember when microsoft backdoored windows 7 to 10 upgrade, and no one cared?
If your drivers are being updated, they can change any settings they want, and extract whatever they want. Installing an update is more or less equivalent to having physical access to your device.
This is pure trust in company not to fuck you over, like you trust your bank. For all purposes its basically the same thing.
The video on their CEO in WEF explains everything one needs to know
Thanks for the great updates.
Have purchased Tresor 3 years ago and ever since still not used. But I second guess paper wallet as well. Would like to see a video with solid proof why a certain option is preferred. Cold storage could be flushed away in case of disasters like in Greece. Therefore, my preference is storing somewhere in the cloud.
Thank you for a very informative video
My ledger got cleaned out with all my life savings, people say it was my error and somehow a hacker got my seed but I'm so paranoid about every move I make in crypto so I know it wasnt the case.. Yet it still happened.. I did wonder if it was possible to move funds without the wallet and this doesn't help the case ..
I am completely confused but for the next few months I will not update my ledger. Let's wait and hope all will turn out to be well.
Depends on the model you have
Is the nano s safe?
@@emilioa9695 Yes it is. 👍
@@lennybrewster4673 How about Nano-S-Plus?
This channel is on a whole other level
Great vid! When PulseChain video ?
It seems to me that our ledger devices are just external software wallets but not real hardware wallets. We have been cheated for years.
Never a dull moment in the cryptoverse. There’s absolutely no certainties even with cold storage!!?
Correct! Cold storage is just a hot wallet with more expensive add-on. Can't check funds on cold storage, or remove funds without pairing to their hot wallet software.
Nothing is totally secure.
At some point there is always an element of trust because even if we had the know how to review the hardware and firmware for potential weak points, the vast complexity of those things would still prevent us from doing it all by ourselves.
Therefore we would again have to rely on other people's work and hope that they did an honest job for the part we couldn't do ourselves.
The possibility of a manufacturer's back door is therefore always present.
On the other hand, a hot wallet has all the vulnerabilities of the whole computer, plus it's own vulnerabilities that could not only be exploited by the manufacturer but also by malicious third parties.
Therefore a cold storage wallet is still the better choice.
After all we should be careful not to put all eggs in one basket. Multiple Cryptos on multiple wallets plus other asset classes like metals, stocks and real estate.
@@CryptoIncursionnot completely correct. Plenty hard wallets that are open source and can check funds without directly connecting.
ColdCard and Keystone are few.
Jesse I agree. Wouldn't a seed phrase on a metal plate be best? Make 2 & keep in different locations?
Mohamad Wouldn't a seed phrase on a metal plate be best? Make duplicates & keep in different secure locations?
I love Ledger, never been hacked
I learnt a lot. thank you
I've been a ledger user for a few years and I've had suspicions about their security for a while now. Somehow all my coins were stolen out of the wallets I had set up on my first account with them. All the online forums and customer support could tell me is that someone must have somehow got hold of my seed phrase, but I'm almost positive that this wasn't possible. Luckily I only lost a few hundred meme coins so it wasn't worth much, but it still caused me to have a few sleepless nights.
very suspicious
Thanks. I will be adding Tangem to my array of cold wallets. It does all get more complicated though 😞
Be careful with Tangem. It is not bip 39 supported. This is a huge red flag to me.
Is the idea of Tangem being Open Source of any benifit?
This is the first I've heard about the possibility of them exposing our secret code very alarming thanks for this info
I listened to the Twitter chat & I can say that they have eased my concerns
As this issue concerning cryptocurrency security continues to expand, more people will
simply have second thoughts about getting into this space, period!
As much as we hate to admit it, we have to find a way to attract the novice to crypto if we want it to become mainstream. They are not going to self custody or want to use our exchanges that go belly up.
Thank you guy for having no bias and saying there is no silver bullet 👏
Hi guy, very informative as usual, have you ever reviewed the ellipal titan wallet?
No reply from Guy, very disapointing
Whilst I see the theoretical concern, ledger doesn't know the keys that they have distributed. They also don't know which user has which key ( the ledger live app signs in with just a password not an email or username ) which is why the KYC element is needed in the new service . As such the poison firmware wouldn't be able to target an individual .
sorry, don't understand your point. "ledger doesn't know the keys that they have distributed" Do you mean the shards when you say keys? Also " the poison firmware " is the new one with the Recover option or a theoretical one that could be used and targeted after KYC. Interested to understand. Thanks
@@whenwasnow6062 I'm saying unless you complete KYC there is no way to link you with the key as there is no way they can possibly know it before that time regardless to what's in the firmware. With no KYC authorities cannot seize you assets with or without a warrant. Ledger new feature was designed to get the elderly and people who don't understand how the technology works and think it's too complicated to be able to use crypto. Instead it just shows how little everyone understands about it obsessing about the theoretical one in a trillion event whilst at the same time ignoring the daily and bigger problem or falling for phishing scams , downloading dodgy extension and signing any transaction that appears on the little screen. The aim is to get everyone safe on hw not fill the news with theoretical issues which will put many off buying any hw wallet not just ledger
@@PabloTBrave With the caveat that we've used a VPN every time we log in to Ledger Live. Though they most likely don't record our IPs anyway (famous last words, LOL)
@@PabloTBrave so its safe if we dont opt in and KYC?
Ledgergate absolutely shocked me. I thought they were amongst the best? Before buying a Ledger, I had been using an Ellipal Titan Mini air gapped wallet which was utterly brilliant to use. That was until Ellipal rolled out an upgrade and everyones crypto disappeared! Despite upgrading, I lost my entire XRP bag for almost 2 weeks! It aged me! After countless emails to Ellipal customer service, they eventually responded and asked for my wallet details … but not the seed phrase.! Without me even connecting my device, they somehow managed to return my XRP, which left me wondering if they were somehow able to access my account? Though the airgap / scan code system is brilliant, I just couldn’t trust Ellipal again.
Ellipal is based in China which means the CCP has some semblance of control of that company. That's why I never bought it.
@@lennybrewster4673 I hear you. For me, it was a lesson learned. I had three years worth of xrp in that wallet. Thought i’d lost the lot. And now the Ledger fiasco ensues. Hopefully it all gets sorted out.
You should send them an email and ask them how they done it and let us know
@@aaronb1188 I asked them that after my xrp balance was reinstated. They blamed faulty code and wouldn’t really elaborate on it any further. Was not a good experience. With hindsight, I should have just purchased another ERC compatible wallet and got my coins back that way …. lesson learned. Surprisingly, I would still say the Ellipal was the best wallet ive ever used. Perhaps it was just code? Perhaps i just had a bad experience?
keep us tuned
Awesome video
much thanks
They didn't roll back the update, they just didn't list the firmware changelog on their website in the first place
More shady practices from Ledger, hiding the code, capabilities and now even the firmware update reference. Their whole mentality, approach and mgt style is duplicitous and sketchy
Is the trezor code provided by trezor or has it been extracted from the device to be reviewed? If it's provided by trezor, there is another trust-factor as they could push out any code they wanted without it having the back door element.
I personally am abandoning HW wallets as long term storage. Probably will use ledger for interacting with defi but only with smaller amounts of crypto. Never again are my main wallets going to be connected to internet in any way. It's all offline generated paper wallets from here on...
Also, if anyone knows a good offline wallet generator for cardano, please let me know
Keystone wallet, it doesn't have USB or WIFI or Bluetooth, it will never be connected to the internet
@@LordNementon that looks very interesting. I'm gonna dig into that and see if I wanna give it a try 👍
@@Proximax9 And it is the only wallet that have a secure chips and an open source firmware (less the propriaritary code of the secure chips itself, all secure chips manufacturers require the vendor to sign an NDA)
Good deep digging!
As always, The Best GUY 🙂
lmfao I put somoe background rain music while listening to this and it sounds so deep xD
im going to start doing that with all your episodes lol
Trezor has its issues too
Bitcoin university no longer recommends Trezor because of an upgrade that effectively allows for a wallet identity leak to occur. The video is worth the watch.
Ledger needs to open source its firmware. It has already own sourced other parts of its code, just not the firmware
Bitcoin University's latest video still accepts using Trezor as one of a few different devices, but Dr Matthew Kratter condemns Trezor's partnering up with another actor to make coinjoin possible. This "other actor" would hand over KYC info to the authorities if asked. He also doesn't like that Trezor hosts many different cryptos and he further cautions people not to instal Trezor updates and not to keep too much value on Trezor.
That's the issue though. They're going to have a hard time open sourcing it due to NDA's with the secure chip manufacturer.
Its not enough that my crypto prices are in the toilet , the government wants to ban my cryptos now i have to worry about my ledger not being as safe as advertised...🤦
Thank you Guy!
I once had a Ledger but switched after the first craziness a few years back.
I was on Ledger live and was asked to do an update and i got most of my crypto stolen!! Will never use it to store any large amount of crypto again, this probably happened because of the data breach a few years back and since i get endless spam
Sorry for the loss
Even if I ever lost my mind and actually wanted to do this, 9.99 is expensive. Over $100 a year to give my crypto away.
Honestly people would be better off leaving their cryto on the biggest exchanges than put it on a ledger of they are this worried about losing their seed phrase
@@ura9390 tell that to the users of FTX & MTGOX
You just don't need to use it, just keep your assets on ledger, everything left the same
Great vid!
been watching your vids for a while, finally looked this word up haha.
caveat
noun
A warning or caution.
A qualification or explanation.
A formal notice filed by an interested party requesting postponement of a court proceeding or other action until the filer can be heard.
Bitcoin fixed the trust of currency problem, while simultaneously introducing the wallet/key problem 😂
I have come to the conclusion that Bitcoin and its blockchains were made for now, for CBDC and the future of digital stuff. We just supported it with funds along the way.
100% trust less will never exist in this life.
@@GuitarNewz So perhaps a DARPA or cia spook created Bitcoin in order to create a CBDC reaction and further along technocratic control.
@@d.bcooper2271 we're going to Utah boys! (Sorry, couldn't resist).
The older Nano S does NOT support the firmware update since it has limited memory or some other limitation. Does that make it OK, or at least preferable to the X or S Plus?
Dont you hate it when you have a great question and no one reaponds.
They would presumably just update the firmware in time to be able to "infiltrate" the Nano S as well.
With Trezor Shamir Backup -
You can for example have 4 shares of your seed & require any 3 to restore your wallet
Then you can keep 2 paper/physical copies
& 2 digital copies in a password manager
A physical attacker will never have enough information to hack your wallet
A digital attacker will never have enough information to hack your wallet
Only you have access to all the information when needed.
Traveling internationally with your seed? - airport security at most can only find half the seed - they will never see the digital shares.
I can’t join in recommending Trezor. They have joined in working with others to kyc coinjoins. Stay clear
I need a refund on my ledger x, like right now 🤬😡
Hey, coin bureau! I have a great suggestion for your next video topic: Bware Labs. They are pioneers in Web3 infrastructure solutions and their product, Blast, is a game-changer. With its staking protocol, integrity checks, and lightning-fast performance, Blast is a must-have for developers in the blockchain space. Featuring Bware Labs in your next video will not only educate your audience but also showcase the incredible potential of Web3 technology. Don't miss out on this opportunity!
Just wondered if you have done a video on XUMM and their security, as that is a ripple product for xrp?...as I say still learning
I hate having to update EVERY time I use something. I wish there were a simplified version for people only storing bitcoin, a version with NO updates. You've shown it works, stop trying to fix it.
The whole point of cold wallets is lack of trust. Do not ask anyone in this industry to trust. It NEVER works out. I would like to opt-in to a service that has no updates and ignores the heaps of sh**-coins.
Cold offline wallet, with electrum and Tails is better 😅
Electrum also had some flaws, memba that guy that lost 1400 BTC cos of a patch
@@cybersechs1368 I think that User installed a malicious version of the wallet that automatically transferred the funds to criminals. That's not how Cold/Offline Wallets work.
for sale 4 nano x cost about 500 Euros, plus shipping, offers welcome
we need an opensource arduino wallet so we can build our own hardware wallet.
When transfering from an old to a new cold storage, is it better to use the seed to transfer or to transfer each crypto one by one? I'm worried about Ledger already having my seed phrases, so that would be a risk even if i transfer to another wallet so im thinking of just stomaching the fees and moving crypto one by one to a new wallet with newly created seed phrases. Thoughts?
Bought a Keystone so im wondering.
Personally, I'd create a brand new wallet and ditch the one on the Ledger. Better safe than sorry.
? Using the seed to transfer.. is not really a transfer. The wallets are the same.
If you are worried, you need to set up new wallets (new seed phrase, and by the way, use also passphrase!!), and create new wallets and make the transfers manually to the new wallets that belong to the new seed phrase..
If you're transferring them because you don't trust ledger not having your current seed phrases, then obviously shouldn't keep the same ones. Need to send everything to new wallet.
Transfering manually one by one seems like the safest bet, thanks guys
Seed is not a way to transfer anything. It is just a backup of the wallet.
If you use the seed you are basically using the same wallet in a different device.
Nice one Guy!
"can't be evil" always beats "a promiss to not be evil" -- Hashoshi
💯🤝
❤
All it takes is an evil entity (government ) requesting it and they fold...
Tangem wallet is in my opinion one of the best alternatives currently. Guy, could you cover this wallet in your next video?
Tangem 👌It seems Guy isn't aware of it yet. No more firmware updates (risks)!
I agree
No please, tangem is no alternative!
@@mikatu Please explain? Seems like they have a different approach that ticks all the boxes?
It is no bip39 compatible.
any thoughts on the cards such as Tangem wallet and Tapsigner? looks like the ultimate sweet spot of cold wallet security and functional usability... and only seems logical that one day soon they could be used for any signing from swipping some sats for a coffee on lightning to entering the building, conference, festival authenticating ownership of assets and memberships... kind of like the nightmare of CBDC's + social credit, but used for good with full control (:
thanks for this, some videos I watched on this were near useless.
I heard that this upgrade doesn't work for nano s that is too old, is that correct?
Hope so..
Multisig across different hardware wallet devices is probably the answer here.
NGrave seems like the best but they really do need to push and go open source.