The lesson that Ledger hardware wallets gave us.
The lesson that Ledgar gave us is that you must not trust all closed-sourced software or hardware at all, and that includes to a certain extent Bitcoin.com wallet because they have decided not to release their code and as such you don't know if the application sends out your private key to a third party.
Ledger just told us that their new Ledger Recovery can be recovered by a government if your person gets a serpent The 3 companies that hold your private keys will be obligated by law to surrender your private keys to the government, and it will be up to you to fight for your funds back. We all know governments abuse their powers against citizens and not only that you are just one election away from voting a dictator to start the process of losing your civil rights, don't believe me? Look at El Salvador people there are trading security for freedom, I wonder how that deal will end up, I hope Salvadorians don't end up with a dictatorship that is hard on them than any gang groups were and are.
In the case of Bitcoin.com you don't know if the wallet software doesn't a copy of your seeds to Roger Ver servers, you must trust it doesn't instead of verifying by reviewing the source of the software you are using. This is a hard message the Bitcoin Cash community must take to heart just like Ledger betrayed you so can Bitcoin.com because you need to verify not trust. The wallet sends an encrypted backup to your Gmail account, but you can't verify if that is the only backup it will ever exist, not to mention you lose your email account to a hacker your backup could get compromised and be stolen.
I am glad I understood that Bitcoin.com is not open source and as such I migrated away from them a long time ago, but I didn't do my due diligence with Ledger, and now I am walking away from non-open source wallets entirely.
For DeFi I will be using Rabby and Metamask both with AirGap Vault, and using my backup smartphone offline. Since BCH is not supported by AirGap yet, I will just use that wallet as a long-term offline wallet, and once I need to use those funds that wallet's private key will be discarded. I will use my Ledger Nano S as a hot wallet option for transition purposes but my coins will live offline.
Going offline will also help my security because every time I have to use my Bitcoin Cash on my long-term private key I will be creating new ones for the next use case which means I will be changing wallets often. I won't be saving my private keys on online services like OneDrive or Google Drive just to make sure my keys are not exposed to yet another vector attack.
You must not trust closed-source wallets, and also you must learn not to trust narratives like many Bitcoin Core supporters are spreading around, that will also fail just like Ledger did. This is a topic for another article but let me give you the heads up, Bitcoin maxis are now promoting custodian services as the way to go, they are also saying they trust BlockFi more than smart contracts. I guess the next on their list will be to trust closed-source cryptocurrency because they know what they are doing and you should trust them.
I didn't forget to add you must use the Wallet of Satoshi or ChivoWalet because those are real Bitcoin wallets and you don't have to worry about your funds being stolen. If nothing more the future is custodians, high fees on-chain change to custodial accounts, so Ledger is doing God's work.
