π¨If you use a Ledger, please read this, the safety of all of your bitcoins is at stake! π¨
This is our first main post on Stacker News, apologies if we've messed anything up, but we wanted to reach out and go through some of the subtle horrors that result from the new Ledger Recover feature.
tldr: Get your bitcoins OFF Ledger NOW!
And no, that is NOT overstating things, it's REALLY that serious! ππππ§΅
What Is Ledger Recover?
In a nut shell this new feature claims to help be a "backup" for your precious Seed Phrase
They encrypt your Seed Phrase, break it up into 3 shards, link it to your account/ID and then store those 3 shards
- 1 with Ledger
- 1 with Coincover
- 1 with an unnamed entity
If you lose your Ledger or forget your Seed Phrase, they remotely restore 2 out of the 3 shards, decrypt them and your wallet is restored
Why It's Bad
So why is this new feature offering so dangerous? Let's count the stupid shall we?
You have to KYC with government ID and a selfie recording meaning they know your full legal name, address, date of birth, face and voice patterns
That data is collected by and shared with Onfido and Electronic IDentification, their ID verification partners. Onfido also collects a slew of other information to profile you such as social security number, email, IP, location, device details, clipboard data. There really seems to be no limit to what data they will collect and store of you, much of it, unchangable
All this private data is collated into "1 profile to rule them all", combined with the fact that you own a Ledger and thus, likely lots of crypto Through the Ledger Live app, it's trivial for Ledger to also know all your wallets, their balances, all your addresses and your total crypto net worth
As if adding insult to injury, your entire stash is now linked to your real world identity forever, even if you've never used a KYC exchange. You just doxxed yourself and your entire stash π€¦π€¦π€¦
(BTW you should always buy bitcoin from No-KYC Crypto Exchanges)
Are You Nervous Yet Anon?
Did you know that Ledger has already been hacked and had their customer list stolen and distributed to criminals? Those customers are now targeted by scammers and hackers
Totally cool and normal π
If you sign up to this new Recover feature this highly detailed and disturbing profile of yours will be created and shared between god knows how many companies. Yes. Shared!
You're paying them $10/m for this amazing service!
Now all that data is shared with unknown companies and govs. Will it get hacked / stolen? Of course it will. It always does as it's literally a giant honey pot of extremely valuable data!
Will it get sold to finance/investment companies looking for new clients? Almost certainly
Encrypted Shards
Let's now turn to those encrypted shards. They're kept with 3 providers and they're encrypted which is great right? Wrong
This is describing a 2-of-3 quorum but guess what?
YOU'RE NOT PART OF THAT QUORUM!
This means that the government, Ledger, hackers etc now just need to get two of the shards (or maybe they get the entire database of all shards), decrypt them and steal every bitcoin on every Ledger that uses this service without those customers Ledgers even being turned on or connected to anything!
Ledger likes to point out that the Seed Phrase shards are "encrypted locally on your device" which sounds nice, but the key for it by definition must be kept with Ledger or some other party, not you
This is because the whole point of the service is to be able to fully restore a lost Ledger. So if you lose your device and then buy a new one... that new device couldn't possibly have your decryption key on it! Thus, Ledger or one of the other providers must have that key
So they have your encrypted shards AND the key to decrypt those shards. With this system in place, it would be trivial for the gov to issue a court order to 2 of these companies, retrieve the 2 encrypted key shards of a specific person and the decryption key to decrypt it
Boom. They can now REMOTELY seize all your bitcoins and you can't stop them
Just Don't Opt In Bro
OK fine. So you just never "opt in" to this right? No problems... right? Right?
Wrong. Extremely wrong.
Even if you never opt-in, there's STILL even more horrors to behold. This just gets worse the more you look at it! The entire point of a Hardware Wallet is to (essentially) do one thing:
To be a purposefully built device that secures your Seed Phrase by ensuring it cannot ever be transferred off it
Your Seed Phrase should NEVER touch anything digital (except a replacement Hardware Wallet). This is one of the key Bitcoin Security principles we teach. With the introduction of this feature, whether you use it or not, it now means all Ledgers have the firmware and capability to send your Seed Phrase off the device
It violates the whole point of a "cold wallet". It actually turns it into a "hot wallet"! You bet your ass that hackers and criminals will actively be working to remotely crack this. Imagine your computer getting infected with malware that tricks your Ledger into sending your Seed Phrase to "Ledger". Make no mistakes, this is a sanctioned and intentional back door that will be exploited.
Just Trust Us Bro
To once again add insult to injury the code for this increases complexity which often reduces security. It's easier to build / code for ZERO access to something than to build / code for only the "right" access as hackers will exploit it. Complexity is NOT your friend when it comes to security!
All this code, how things are encrypted, sharded, transferred etc is all closed source and proprietary too. No one can verify what's happening and security researches or the general bitcoin community can't review the code. Who knows what garbage security or bugs are in there? Only Ledger
Conclusion
This is an absolute abomination. No matter if you use this new feature or not, Ledger has turned their HWW into a Hot Wallet. Hackers will figure out how to remotely exploit this and start stealing users funds
π¨In short: Get your bitcoins OFF Ledger NOW!π¨