Ledger just added a bug to your Ledger Nano hardware wall, they are calling it Ledger Recovery and promoting it as a feature, and a good thing for users, but it is, not at least for those who want to custody their private keys without the need of a custodian or any other third party.

Appearing only the Ledger Nano X will be the one that will be receiving the new firmware update, and supposedly the other version won't receive that update. The problem is that Ledger Secure Chip is not open source and as such the community can't verify that new software updates will introduce the vulnerability to other hardware devices on their list.

Ledger X is the only device that will receive this bug that will cost $10 a month and is for new customers but also old customers, those all customers were very happy custodial their private keys.

Ledger Nano S and S Plus could receive this update bug in the future and Ledger may decide to not inform customers so that they don't receive a backslash from current users, so the only real solution is not to trust Ledger at all and to verify instead of trusting.

The recovery function could be tricked, and the hardware device once online or connected, a hacker could find a way to trick the actual device to send the 3 fragments to them instead of the actual custodians, in other words, it opens up attack vectors, for any device because you don't know if Ledger won't update all devices with the same buggy firmware.

The solution will be to use AirGap wallets, and that means you will need another device that never connects to the internet and a device that will be only to store your private keys. I would also add that if you use an Android device you make sure you input a very hard password to guess as well as encrypt it with a password that has never been used before anywhere else online or offline.

The Ledger company should receive a warm welcome from the community and that means we should all dump their hardware devices because we don't like backdoors.

I wonder if Ledger is not being pressured by government agencies and regulators to move their user base to permission and backdoor devices so that the government can confiscate your holdings once the fiat system collapses.

We are some solutions or alternatives if you are interested in changing your wallet.

1
$
User's avatar
@Aml7yati posted 1 year ago

Comments