Sirwin
Sirwin
Ledger wallet

Be your own Crypto Custodian.

By STARDANO | Stardano | 26 Feb 2024


Discussing the security of Ledger hardware wallets, the following information will come in useful for anyone who is looking for the most secure way to be the self custodian of their crypto assets. In other words, moving crypto stored in an exchanges spot wallet into your own wallet for which you hold the keys too. 

You may have already read my previous posts here and here on Ledger but I promise this is the last one I will post on this subject. I have another wallet to tell you about in my next post but this is the final chapter in my Ledger wallet series. 

While Ledger wallets, like any system, are not entirely immune to hacking, they are generally considered one of the most secure ways to store cryptocurrencies. However, it's important to understand that there are different ways a "hack" could occur, and some are more likely than others:

Direct Ledger Wallet Hack:

  • Highly unlikely: Ledger wallets store your private keys offline on the device itself, isolated from the internet. This makes them very resistant to direct hacking attempts because something that is not connected to the internet is air-gapped.
  • Recent incident (December 2023): It's important to note that in December 2023, a security breach did occur through a complex supply chain attack. This exploited a vulnerability in a software library used by Ledger and other companies, not the Ledger wallets themselves. While some users were affected, the issue was quickly resolved and Ledger has implemented additional security measures.

Other Hacking Methods:

  • Phishing: Hackers may try to trick you into revealing your private key or seed phrase through phishing emails, websites, or fake support representatives. It's crucial to be vigilant and never share your sensitive information with anyone. Never under any circumstances enter your recovery phrase into a Web page or an app that claims you have to enter the 24 word seed phrase to use it. 
  • Malware: Malicious software installed on your computer could potentially intercept your transactions or steal your private key when you connect your Ledger wallet but this us, again unlikely because Ledger's hardware achitecture is designed, never to reveal the seed phrase to any app or smart contract. It is however essential that you ensure you have robust antivirus and only download software from trusted sources installed on a device you would connect your Ledger to in order to sign transactions. 
  • Physical attacks: If someone gains physical access to your Ledger device, they could potentially extract your private key through advanced techniques but they would need to have extremely advanced computer science skills to do so. But always keep your device secure and do use a PIN or passphrase to ensure that, if your physical wallet does fall into the wrong hands, that person cannot use it.

Overall:

  • Ledger wallets offer a high level of security for your crypto assets.
  • The recent supply chain attack was a complex issue, but not a direct flaw in the Ledger wallets themselves.
  • Practicing good security habits like being wary of phishing, using strong passwords, and keeping your software updated can further mitigate risks.

Remember, no system is 100% secure, so it's crucial to practice good security habits and stay informed about potential threats.

The fact is, if you do not connect your Ledger to a dodgy contract and you NEVER enter your private key into any web connected device, you are good.

Again, never enter those 24 words, (your private wallet recovery phrase) into any web form or app, NEVER!. No natter how much the site or app tries to pursuade you otherwise!

Could someone guess your seed phrase and recover your wallet on their own device? 

you have more chance of winning both the tri-state lottery and the Euromillions together 100 times in a streak!

If a hacker has no direct access to your physical Ledger hardware wallet itself, the only other way to drain your blockchain wallers is to work out your 24 word recovery phrase from your wallet addresse.

Establishing a crypto wallet 24-word recovery phrase from the wallet address alone is practically impossible. Here's why:

1. Vast Search Space: There are 2^256 possible combinations!

That is a number with 78 digits, and is almost the total number of atoms in the observable universe. A 24-word recovery phrase, uses the commonly employed BIP-39 standard. Guessing the correct phrase through brute force would be computationally infeasible with current technology. 

2. One-Way Function: The process of generating a wallet address from a recovery phrase uses a cryptographic function that acts like a one-way street. While it's easy to derive an address from a phrase, reversing the process to find the phrase from an address is extremely difficult. It's mathematically designed to be practically impossible.

So no one is going to guess or work it out, even if they have a million years to do so!

3. Additional Security Measures: Many wallets implement additional security measures to further protect the recovery phrase. This might include requiring confirmation words or checksums that wouldn't be revealed in the wallet address.

Therefore, attempting to guess or extract a 24-word recovery phrase solely from the wallet address is virtually impossible. You can rest assured that your crypto assets remain secure as long as you keep your recovery phrase safe and never share it with anyone.

However, it's crucial to remember that other vulnerabilities exist. Phishing attacks, malware, and physical access to your device could still compromise your crypto. Always practice good security hygiene, be wary of scams, and keep your software updated to minimize these risks. You wouldn't enter your credit card details into a site you had never heard of before would you? So don't connect your Ledger or sign transactions on contracts you don't understand or know are legit.

If you are looking to get your own Ledger hardware wallet to be the self custodian of your own assets, see my other post at

https://www.publish0x.com/stardano/dont-leave-your-crypto-vulnerable-take-control-with-a-cold-w-xyqwlwv

Check out this fabulous crypto Merch https://truthclothing.io/collections/crypto-shop

 

How do you rate this article?

19


STARDANO
STARDANO

Been an ADA Whale since 2017


Stardano
Stardano

The Star of the Cryptosphere Cardano.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.