Hardware wallet manufacturer Ledger is publishing a new firmware update. The update introduces a recovery feature that allows Ledger to back up seed phrases.
To use the new service users have to send a picture of a government-issued ID.
WTF are you doing Ledger?
Folks NEVER EVER let a 3rd party store your privat key. And don’t use a hardware wallet who offer such services.
NOT YOUR KEYS, NOT YOUR BITCOIN.
To me this looks like a hosted version of Shamir Secret Sharing. I get it that normies might find this comfortable.
But we as a community need to prioritise self sovereignty, and work hard on getting the message out there.
Spread your self soverign risk by using purpose built by tools like Shamir Secret Sharing.
reply
Shamir Secret Sharing: "the secret cannot be revealed unless a quorum of the group acts together to pool their knowledge"
Guess what? The quorum does not include you.
Not only that, this is a KYC service that requires government-issued ID to use.
🚩 Upload your keys to a trusted third party. 🚩 Submit government identification.
This goes against everything the bitcoin community has spent years building.
Might as well save yourself some trouble and use a custodial software wallet.
reply
deleted by author
reply
deleted by author
reply
You know what Bitcoin has that works more securely than shamir secret sharing? Multi-sig. But shamir gets shilled by shitcoiners because shitcoins don't know how to multi-sig lol
reply
My experience with multisig is limited, but IMO SSS is easier than multisig.
reply
Cofounder confirmed the device will transmit encrypted shards of your seed phrase and that it’s optional.
But what the fuck. Transmit my seed phrase ? Fuck you.
I can no longer trust Ledger as a cold wallet so why should I trust that the change is not going to become mandatory. Even if opting out, that implies the capability is still present. Fuck that.
Direct link to cofounder’s reddit comment :
reply
They are feds, end of story. These pricks putting bitcoin user data in dragnets fuck outta here
reply
Yup, wasn’t ledger associated with FTX?
reply
I think they were at least sponsored by FTX, but I'm not sure
reply
They are under pressure from governments. The financial action task force, the supranational body that sets aml standards, has its sights on hardware wallets. This will be a slow step by step boil but they WILL be pressured into compliance
reply
Has this been verified? All I've seen are screenshots, but nothing on Ledger's website.
reply
It seems legit.
reply
Thanks for confirming. This is very disappointing.
reply
This is concerning, if true, it can turn your hardware wallet even less secure than a regular software wallet.
Doesn't sound good at all.
reply
Really disturbing. When I questioned Trezor during the AMA about blacklisting addresses, their answer included "you can opt out." I'm sure that's exactly what Ledger will say now. It's a slippery slope until both manufacturers make this mandatory. Time to move on.
reply
Doesn't make sense for a single key hardware wallet.
I can see it as a reasonable choice in a 2-of-3 set up where you could use your biometric to request use of the 3rd key only (as one option).
Very strange brand destroying stuff.
reply
Disturbing, if confirmed. But logical, as more and more companies are preparing to adapt to coming crypto-regulations, esp. MICA in Europe. Governments will force all crypto service providers (whether it's protocols, wallets or whatever) to KYC.
That's the sad thing about this world. Pretty sure that most citizens of the world praise their right to anonymity but most governments (supposed to represent the people) are against it.
reply
There is always that airgapped old PC in the basement with open-source wallet software on it. Unless they ban Turing-completeness.
reply
I don't understand. This is totally not needed and against their own product. Late April's fool? Lol Their clients didn't ask for this. Also, how does this work? I hope it is not automatically read from the device and you have to manually tell them the words. Not safe in any case. anyway I wasn't going to use any of their products.
reply
That's why I prefer metal plate...
reply
It might be time to dig out an old USB thumb drive and start rolling dice.
reply
Wtf is that Ledger and Trezor going full regulatory carnage, steps by steps, slowly and surely.
reply
The majority of their customers, the crypto boys, will love the idea.
No one seems to remember anymore why Bitcoin was invented. 😔
reply
Ledger and Tezor following rules of State. Sad
reply
Ya, give me your wallet, I will hold it for ya. Trust me bro! :-) They will kick themselves out of the market...
reply
Finally ledger owners could use ledger as the only purpose was designed: as a neckless.
reply
You can't trust hardware wallets that support shitcoins. I would go a step further, don't trust any hardware wallet besides SeedSigner (DIY).
reply
Seems like a government driven backdoor disguised as a Monthly Recurring Revenue money grab. Either way, suicide that may turn out to be case studies in business schools some day.
reply
FWIW, we have NEVER recommended users purchase or use Ledger's as:
  1. They are full of shitcoins, "yields" etc
  2. The Ledger Live app is a PITA / impossible to connect up to your own Full Node, meaning your privacy and security is greatly reduced
  3. They got hacked and had their entire customer database leaked to criminals
And now this. This is stupid on SO many levels. They have to know this too, which means it's a toss up of why they're doing it. Either they're being forced to by govs OR they just want that sweet, sweet subscription action @ $10/m. Or maybe it's both.
We will continue to actively tell our readers to never use any Ledger device as this new "feature" is extremely bad. All Ledgers now have code written into them that allows software on the host device to exfiltrate the private keys. That means it's only a matter of time before criminals figure out how to hack it, which opens up the possibility of millions of Ledger users getting rugged. For shame Ledger.
What do you think, should we add Ledger to our Bitcoin Scams post lol https://www.athena-alpha.com/bitcoin-scams/
reply
Build your own hardware. Verify everything. https://seedsigner.com/
reply
Yeah this is concerning.
reply
been lambasting ledger for a minute now, glad to see people wising up.
reply
When their company goes bankrupt, they can take all of their clients' bitcoins with them. This has happened many times with centralized corporations, don't trust them. Not your key,not your coin. Ledger just another form of FTX.
reply
I really don't get why buying an expensive hardware wallet device and do full KYC to broadcast your seedphrase to a third party.
Success and money got Ledger founders all over their head, they do not care about its users self custody.
reply
CoinKite just posted they are running a 24 hour promo on their ColdCard MK4 unit.
15% off Mk4 with promo "noKYCwSE"
Works on the coloured units as well.
reply
Sweet sweet honeypot…
reply
Maybe someone can check their open source code to see what this is all about. Oh, wait... never mind
reply
Even if they transmit encrypted data you still need to type your seed on an online device. No thanks! Time to find another HW.
reply