🚨If you use a Ledger, please read this, the safety of all of your bitcoins is at stake! 🚨
This is our first main post on Stacker News, apologies if we've messed anything up, but we wanted to reach out and go through some of the subtle horrors that result from the new Ledger Recover feature.

tldr: Get your bitcoins OFF Ledger NOW!

And no, that is NOT overstating things, it's REALLY that serious! πŸ‘‡πŸ‘‡πŸ‘‡πŸ§΅

What Is Ledger Recover?

In a nut shell this new feature claims to help be a "backup" for your precious Seed Phrase
They encrypt your Seed Phrase, break it up into 3 shards, link it to your account/ID and then store those 3 shards
  • 1 with Ledger
  • 1 with Coincover
  • 1 with an unnamed entity
If you lose your Ledger or forget your Seed Phrase, they remotely restore 2 out of the 3 shards, decrypt them and your wallet is restored

Why It's Bad

So why is this new feature offering so dangerous? Let's count the stupid shall we?
You have to KYC with government ID and a selfie recording meaning they know your full legal name, address, date of birth, face and voice patterns
That data is collected by and shared with Onfido and Electronic IDentification, their ID verification partners. Onfido also collects a slew of other information to profile you such as social security number, email, IP, location, device details, clipboard data. There really seems to be no limit to what data they will collect and store of you, much of it, unchangable
All this private data is collated into "1 profile to rule them all", combined with the fact that you own a Ledger and thus, likely lots of crypto Through the Ledger Live app, it's trivial for Ledger to also know all your wallets, their balances, all your addresses and your total crypto net worth
As if adding insult to injury, your entire stash is now linked to your real world identity forever, even if you've never used a KYC exchange. You just doxxed yourself and your entire stash 🀦🀦🀦
(BTW you should always buy bitcoin from No-KYC Crypto Exchanges)

Are You Nervous Yet Anon?

Did you know that Ledger has already been hacked and had their customer list stolen and distributed to criminals? Those customers are now targeted by scammers and hackers
Totally cool and normal πŸ‘
If you sign up to this new Recover feature this highly detailed and disturbing profile of yours will be created and shared between god knows how many companies. Yes. Shared!
You're paying them $10/m for this amazing service!
Now all that data is shared with unknown companies and govs. Will it get hacked / stolen? Of course it will. It always does as it's literally a giant honey pot of extremely valuable data!
Will it get sold to finance/investment companies looking for new clients? Almost certainly

Encrypted Shards

Let's now turn to those encrypted shards. They're kept with 3 providers and they're encrypted which is great right? Wrong
This is describing a 2-of-3 quorum but guess what?
YOU'RE NOT PART OF THAT QUORUM!
This means that the government, Ledger, hackers etc now just need to get two of the shards (or maybe they get the entire database of all shards), decrypt them and steal every bitcoin on every Ledger that uses this service without those customers Ledgers even being turned on or connected to anything!
Ledger likes to point out that the Seed Phrase shards are "encrypted locally on your device" which sounds nice, but the key for it by definition must be kept with Ledger or some other party, not you
This is because the whole point of the service is to be able to fully restore a lost Ledger. So if you lose your device and then buy a new one... that new device couldn't possibly have your decryption key on it! Thus, Ledger or one of the other providers must have that key
So they have your encrypted shards AND the key to decrypt those shards. With this system in place, it would be trivial for the gov to issue a court order to 2 of these companies, retrieve the 2 encrypted key shards of a specific person and the decryption key to decrypt it
Boom. They can now REMOTELY seize all your bitcoins and you can't stop them

Just Don't Opt In Bro

OK fine. So you just never "opt in" to this right? No problems... right? Right?
Wrong. Extremely wrong.
Even if you never opt-in, there's STILL even more horrors to behold. This just gets worse the more you look at it! The entire point of a Hardware Wallet is to (essentially) do one thing:
To be a purposefully built device that secures your Seed Phrase by ensuring it cannot ever be transferred off it
Your Seed Phrase should NEVER touch anything digital (except a replacement Hardware Wallet). This is one of the key Bitcoin Security principles we teach. With the introduction of this feature, whether you use it or not, it now means all Ledgers have the firmware and capability to send your Seed Phrase off the device
It violates the whole point of a "cold wallet". It actually turns it into a "hot wallet"! You bet your ass that hackers and criminals will actively be working to remotely crack this. Imagine your computer getting infected with malware that tricks your Ledger into sending your Seed Phrase to "Ledger". Make no mistakes, this is a sanctioned and intentional back door that will be exploited.

Just Trust Us Bro

To once again add insult to injury the code for this increases complexity which often reduces security. It's easier to build / code for ZERO access to something than to build / code for only the "right" access as hackers will exploit it. Complexity is NOT your friend when it comes to security!
All this code, how things are encrypted, sharded, transferred etc is all closed source and proprietary too. No one can verify what's happening and security researches or the general bitcoin community can't review the code. Who knows what garbage security or bugs are in there? Only Ledger

Conclusion

This is an absolute abomination. No matter if you use this new feature or not, Ledger has turned their HWW into a Hot Wallet. Hackers will figure out how to remotely exploit this and start stealing users funds
🚨In short: Get your bitcoins OFF Ledger NOW!🚨
I am glad I chose Bitbox02 as my cold wallet. Can be connected with your own node also.
See comparisons table with Ledger: https://shiftcrypto.ch/bitbox02/?ref=yL9qwLUYqv
reply
Use Bitbox02 with bitcoin-only firmware
reply
This is one of our top recommendations. Others include COLDCARD Mk4, Blockstream Jade or SeedSigner πŸ‘
reply
Sir please don’t jump. Back away from the ledger.
reply
Are there differences in the hardware of other wallets like, Coldcard MK4, Blockstream Jade or SeedSigner, such that something like this wouldnt be possible on these other wallets? Which other ones can pull this same shit?
reply
Each of those uses a different security model (CC uses a secure element, SeedSigner is stateless, etc). The main difference is that all the hardware devices that you listed are open-source or source-verifiable, while Ledger is closed source, making it impossible to audit the code.
reply
I see, ty, lol people were buying a closed source HWW? jeezus
reply
What the hell is this writing style? We're not children you know...
reply
Sounds like a bad idea.
reply
reply
Every list of No-KYC exchanges MUST include lnp2pbot.com
reply
What's the trouble with just using your brain as your off-grid wallet? Also, I have trained myself such that any service requesting my identity is poison. It takes some getting used to, but I get along just fine without it.
If they have your private key, and you have to give them your identity, how is it any different from a bank? Using a bank to hold your bitcoins kinda defeats the purpose of owning bitcoin.
reply
The trouble is you can't spend from your brain (can't sign)
reply
Good write up! Now copy and paste this on a new site ledgerisascam.com
Getting off all of my friends and family from Ledger.
Very good explanation that counters Ledger's P.R. push point by point.
reply