Sirwin
Sirwin

DO NOT UPDATE YOUR LEDGER - Potential Backdoor

By ⚡ Daniela ⚡ | Me and Bitcoin | 17 May 2023


The latest Ledger update (version 2.2.1) introduces a new Recovery feature. With this feature, you can divide your keys into shards and distribute them online among different custodians for future recovery purposes. I'd like to reread the last sentence and take a moment to reflect on its meaning.

Are you back? Great! do you understand what that means? With the recent update, Ledger's new Recovery feature raises questions about the company's access to users' keys. Since the Ledger wallet is not open source, there is speculation that Ledger may already possess this capability. This situation calls for careful consideration and evaluation of the implications for the security and control of your keys.

This situation raises serious concerns. The ability of Ledger, through a firmware update, to potentially share user's private keys is undeniably a significant red flag.

744c9fef50ee8c2fd83733d365d5a8a60a3c1fcb43e1ab98d403a93317dd5225.png

Get Your Government ID Ready

That's correct! Ledger want you to link your device with your ID to be able to recover your backup in the future. What could go wrong? This request comes from the very company that experienced a massive data breach, exposing the email addresses of 1,075,382 individuals who subscribed to the Ledger newsletter. To make matters worse, a more sensitive database containing the names, physical mailing addresses, and phone numbers of 272,853 customers who purchased a Ledger device is now available on the darknet.

 

With this information readily accessible to malicious actors, the implications are worrisome. Not only do these bad actors know what products customers bought, but they also have access to their personal details, including their names, phone numbers, and physical addresses. Many affected customers have already fallen victim to phone number swaps, receiving unwanted calls, emails, and letters from scammers.

The prospect of linking your Ledger device with your ID raises valid concerns about the security of your personal information. It's crucial to carefully consider the potential risks and drawbacks associated with this requirement, especially given Ledger's previous data breach. Prioritizing privacy and exploring alternative options for secure storage becomes all the more important in light of these revelations.

Another possibility is Executive Order 6102 scenario. Executive Order 6102 was an order issued by U.S. President Franklin D. Roosevelt on April 5, 1933, during the Great Depression. The order prohibited the hoarding of gold coins, gold bullion, and gold certificates by U.S. citizens, requiring them to be turned in to the Federal Reserve in exchange for paper currency. The government effectively confiscated private gold holdings and made it illegal for individuals to own or possess certain forms of gold. Linking your hardware wallet to a government ID will makes this really easy.

 

Exploring Alternative Options

First, don't ever consider linking your hardware wallet to an ID at this scale. Do you want a backup for inheritance? Here's and easy to do, two out of three keys solution. You can entrust one key to a solicitor, ensuring the security of your assets. Another key can be given to your next of kin, providing them with access to your digital wealth when the time comes. Lastly, consider setting up a dead man's switch in your Gmail account, where the final key is stored. This comprehensive strategy helps safeguard your Bitcoin assets and ensures they can be properly transferred to your chosen beneficiaries.

There are many other options before you consider sharing your ID with a company really bad at own security and paying the $9.99 per month for this service. This is just a backdoor for governments and scammers - disaster waiting to happen.

In addition to implementing a multi-key solution and creating a backup plan for inheritance, it's advisable to explore alternative hardware wallet options. Look for hardware wallets that are open source, as this provides greater transparency and reduces the need to place blind trust in a single company. By opting for an open-source hardware wallet, you can have more confidence in the security and integrity of your holdings. This way, you mitigate the risks associated with potential red flags like the recent concerns surrounding Ledger. Prioritizing open-source solutions can provide you with peace of mind and enhance the overall security of your digital assets.

Good hardware wallets to store Bitcoin:

  • Blockstream Jade is a hardware wallet developed by Blockstream, a well-known company in the cryptocurrency industry. Jade provides a secure and user-friendly solution for storing and managing your digital assets. With its robust security features, including tamper-proof packaging, secure element chips, and passphrase encryption, Blockstream Jade ensures the protection of your private keys and prevents unauthorized access to your funds. The wallet offers a seamless user experience through its intuitive interface.
  • Trezor - a popular hardware wallet that provides a secure way to store and manage cryptocurrencies. It offers offline storage and encryption, protecting your private keys from online threats. With its user-friendly interface and strong security features, Trezor is a trusted choice for many cryptocurrency enthusiasts. By keeping your cryptocurrencies in a Trezor wallet, you can have peace of mind knowing that your assets are safely stored and under your control. It's open source and can store multiple currencies - although I prefer the Bitcoin only version due to smaller attack surface (less code = less chances of hidden bugs).
  • BitBox02 is another open source hardware wallet developed by Shift Cryptosecurity, a company focused on creating secure solutions for cryptocurrencies. The BitBox02 offers a secure and user-friendly way to store and manage your digital assets. With its minimalist design and durable build, the BitBox02 provides a compact and portable option for securely storing your private keys. It features strong encryption, secure element chips, and a microSD card for offline backups, ensuring the highest level of protection for your cryptocurrencies. The wallet is compatible with various cryptocurrencies like ETH or Solana (Bitcoin only option available too) and can be easily managed using the BitBoxApp, which provides a simple and intuitive interface.
  • SeedSigner - my favorite wallet. It is an open-source, DIY hardware wallet project that allows users to build their own secure wallet using a Raspberry Pi. It offers an alternative to commercial hardware wallets, providing control over private keys and offline seed generation. Community involvement ensures transparency and security. Users should exercise caution and follow instructions carefully. SeedSigner empowers users with a self-built, open-source solution for managing Bitcoin seed words.

Update 01: Trezor is currently running a 15% promotion, possibly due to the whole situation.

cc88bf211a5fc4bf9e955d014b7cb32a82ed2936f6aa35c3dedc2b4618ed15c7.png

 

In conclusion, the latest Ledger news has left many in the cryptocurrency community shocked and disappointed. The introduction of the new feature that links your device with your ID essentially transforms your hardware wallet into an ID-linked Metamask wallet. This goes against the core principle of hardware wallets, which is to keep your private keys completely offline at all times, ensuring the highest level of security for your digital assets.

One of the main reasons why hardware wallets have gained popularity is their ability to provide an offline and secure storage solution. By keeping the private keys isolated from the internet, hardware wallets offer a strong defense against potential hacking attempts and unauthorized access. They give users peace of mind, knowing that their funds are protected even if their computer or mobile device is compromised.

Many in the community are disappointed because Ledger has been widely regarded as a reputable and trusted brand in the hardware wallet industry. This new feature has raised concerns about the company's commitment to privacy and security. Users who have relied on Ledger for their storage needs are now left questioning the integrity of the product and seeking alternative options that align with their security requirements.

It is crucial for users to have full control over their private keys and maintain the highest level of security when it comes to managing their cryptocurrencies. This recent development with Ledger serves as a reminder of the importance of open-source solutions and transparent practices in the cryptocurrency ecosystem.

 

Update 02: Official Ledger account tweeted that the keys never leave the chip.

7a4dea658a4877503a323c90fd49c4c270045ae8ad8f58384e940a90faff59ce.png

But Ledger can tell the chip to send it out. And that means the company can tell the device to send the "encrypted shards of the seed" in an encryption format Ledger or other third party, can decode, if they want or are told to do so.

The backdoor IS REAL.

 

This is like any random hot wallet, just worst. They also link it to your Government ID.

 

 

Update 03: Memes everywhere

 

efef989aa7e03c0f51f304240c029991cd71c37641a8867f2b24a0dcb338623d.jpg

2b9b01e8cc2925d2f5cab7b4659fe16d311d52d98cb07bd98f812a7fdc4d5f48.png

4a36ee1d47acc8af0dc12f3d30fca87e0ecd71e9312e207b3c908e8d9a76ffc1.jpg

7f3cb31d204302dbaa8099afc78049e906fe01537e5924f43e35d82d7aaede13.png

8c0d145dbbafebe549b5c83ef8696d61e18d93fcf72cd7546561ed46e0db92b5.jpg

d450a6d57b0d1a39d379163be8477d93b2d0cbe625ee98cc35f240bb4122fd31.png

3fdba3b869ca453ff7c024dd0adf8eac62755791e3559786a5eb4d3709b53ea8.png

Update 04: Ledger just confirmed the backdoor.

  • Ledger 11/15/22: "your private keys never leave the secure element chip" - apparently funds are safu

  • d7cff64422580ded7aa45bdb2a6d56077349474f2ebbe6683dee9870dc3ac39a.png
  • Ledger 05/17/23: "technically speaking it is and always has been possible to write firmware that facilitates key extraction" - funds are not safu no more

  • c9690d9664614a535b58ebbf583bdd75619f7b43e7fd1099a0ad1326e68624dc.png

Goodbye Ledger...

DO NOT UPDATE YOUR LEDGER and get a better, OPEN SOURCE hardware wallet. NOW!!!


I kindly invite you to share your thoughts in the comments section regarding what you enjoyed or found lacking in this piece. As a novice writer, I highly value any constructive criticism that can help me improve my skills and deliver better content in the future. Your feedback is greatly appreciated.

Thank you all.

 

How do you rate this article?

30


⚡ Daniela ⚡
⚡ Daniela ⚡

As a passionate writer with a keen interest in exploring innovative technologies, I discovered the captivating world of Bitcoin. Here to write my thoughts.


Me and Bitcoin
Me and Bitcoin

This blog focuses exclusively on Bitcoin, covering various aspects related to the cryptocurrency. It explores Bitcoin's history, its economic principles, and its potential implications in the financial world. The blog also delves into the potential impact of Bitcoin adoption on economics, politics, and society as a whole.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.