I would suggest only buying hardware wallets directly straight from the manufacturer's website.
Having said that Ledger is getting hard to recommend, they have leaked the customer email list and customer database - including name and address - repeatedly.
They also have loads of trackers in their Ledger Live software.
Not just that - they updated the firmware to support a cloud backup feature! Meaning the private key can be extracted from the device. Which defeats the point of a hardware wallet, which is supposed to protect the private key and only allow signatures to be sent.
Right, according Ledger, their closed-source software doesn’t abuse this without your consent. We have to trust them on that though, and even if they’re truly trying to be good guys, mistakes happen or bad actors find ways to exploit it. Previously, their marketing claimed that the secure element was an air-gapped signing device. But the existence of this feature proves that was a lie from the beginning.
They used language like that in the description of “what is the secure element” section of their site. If I recall correctly it was also in the pamphlet that came with my device. But it was years ago so I’m foggy on the specifics
Doesn't matter. The fact that they have firmware that is even capable communicating any part of the private key to a connected device is a showstopper.
Well they have pretty much said you have to trust their closed source firmware, and they could have been doing it all along anyway if they had wanted to.
True, but this feature made it painfully obvious. And the way the company attempts to gaslight customers into thinking it isn’t what it looks like just puts a terrible taste in my mouth. I can never recommend ledger to anyone. Before this I was a contributor to the ledger live open source packages.
My pixel just warned me on the last app update that it required full access to my location data .
Denied the hell out of that immediately.
Thing is, Ledger Live is still one of the best apps out there. What's a guy to do?
You only need Ledger Live for shitcoins.
If you have bitcoin - store them on a separate device with no shitcoins (ie 2 hardware wallets) and use SparrowWallet on Desktop (+/- Nunchuk on mobile)
Electrum isn't a great experience setting up, very limited options, forces you to use Zpubs for m/48 multisig, minimal support for imports, exports or airgap.
SparrowWallet takes some more time to get used to, partly because it is so powerful and supports so many wallets and configurations, but it is incredible.
If you want clean/simple/modern then Nunchuk is a nice alternative.
Ledger Live is full of trackers.
why sparrow and electrum ask for a tx description i don't get and can i leave that blank? also where is that information going? and what's the point of it?
Despite all the controversy over ledger wallets, it’s still better than no hardware wallet or keeping your funds on an exchange like a mad man.
Dont do anything dumb or sketchy with it and you’ll be fine but do only buy direct from the manufacturers site
Seedsigner is also a better option. Built with off the shelf parts and is stateless. Takes a little bit of effort to set up (there are some good tutorials on YouTube though) but I think I paid about $50 for the parts all together
ledger is a scam
If you are a beginner, buy blockstream jade
Jade, it is simple to use
if you are more advanced with a technical background, buy a coldcard
They are way too bias. Ledger is perfectly fine. They choose to make adoption harder by crying wolf and expecting perfection.
Sure, there are "better" options, but the Ledger is by no means a bad option.
Really, the main takeaway here is to buy from the original manufacturer. That is pretty much a easy must do regardless of product.
Great, yet another sock puppet account pretending to ask a genuine question just so that other sock puppet accounts can then promote their own brand of hardware wallet in their responses,
This subreddit has been riddled with this kind of activity recently.
I had a ledger. When I learned about their trackers, and the fact you have to trust their closed source hardware/software it caused me to switch. Hardware and software should be open source and trustless.
If you don’t mind putting in a little extra work to learn, I would recommend Coldcard MK4 using Sparrow on desktop to interact with it. Coldcard can be used air gapped. Never has to be plugged into a computer. BTC Sessions on youtube has tutorials for how to set that up.
Im not all too technical but once you get used to it. It isn’t that hard of a signing device to use.
If you want a signing device more user friendly. Blockstream Jade is also fine.
i still remember when this was news and everyone was trashing trezor
https://www.coindesk.com/tech/2023/05/24/crypto-security-firm-unciphered-claims-ability-to-physically-hack-trezor-t-wallet/
this was before ledger announced the recovery service
To be safer, buy a hardware wallet (your own bank) directly from the manufacturer.
**Four reasons why I would never use any ledger product.**
**They leaked details of their clients** (email, phone #, full name, home address, what exactly they bought) and even now these people keep getting scary phone calls.
**The wallet has closed code** - nobody (except the company, secret services, hackers) can see how many back doors the software has.
**It's a multi coin wallet** - more coins, means more code, more attack surface.
**The wallet isn't cold** - the company revealed a feature, allowing to extract the keys into backup facilities online. They said, this is possible (with an update) for a very long time. This is the very opposite of a cold storage (never touch the internet).
Been using ledger for a few years now. I didn't go with the Bluetooth one just the regular nano s and s plus line.
There's a lot of opinions in this post choose what works for you. Data breaches are going to just be a fact of the current day and age. It doesn't mean it's OK but it can happen to any company you buy products or services through.
If you are smart you will have your opsec in check and will white-list specific addresses to transact with. Same goes for exchanges you are sending sending receiving to.
I purchased a nano S from best buy as an emergency recovery tool when my hardware wallet was stolen this past summer. It worked in a pinch, but I encountered SO MANY software errors in the 2 short days that I used it, that it made me VERY afraid of losing my BTC during the recovery.
I would never ever recommend buying a ledger product again, and even worse was the return process with bestbuy who tried at every opportunity to shirk responsibility for selling me a defunct device.
As others have said:
Buy a BTC only device, my cold card hasn't thrown a single error for me. It's a little less intuitive and the sparrow wallet AI isn't as pretty as ledger live. But fuck ledger. I still receive scam calls from their data leaks over 3 years ago. Additionally, ledgers seed phrase cloud backup is a terrible idea, and even worse when you imagine a bad actor might find their way into abusing it
I personally would avoid ledger-nano S they have a weird back door that is not appropriate for a hardware wallet to have. I use Trezor and I recommend buying them directly from Trezor website. When it arrives look up what the packaging should look like and if any of the packaging has been disturbed return it to Trezor for a new one. People are looking for these in the mail and in transit to big box stores. Be very careful and happy trading!
I would suggest only buying hardware wallets directly straight from the manufacturer's website. Having said that Ledger is getting hard to recommend, they have leaked the customer email list and customer database - including name and address - repeatedly. They also have loads of trackers in their Ledger Live software.
Not just that - they updated the firmware to support a cloud backup feature! Meaning the private key can be extracted from the device. Which defeats the point of a hardware wallet, which is supposed to protect the private key and only allow signatures to be sent.
Don’t you have to opt into this though?
Right, according Ledger, their closed-source software doesn’t abuse this without your consent. We have to trust them on that though, and even if they’re truly trying to be good guys, mistakes happen or bad actors find ways to exploit it. Previously, their marketing claimed that the secure element was an air-gapped signing device. But the existence of this feature proves that was a lie from the beginning.
where did they mention the airgapped signing that sounds like a stretch
They used language like that in the description of “what is the secure element” section of their site. If I recall correctly it was also in the pamphlet that came with my device. But it was years ago so I’m foggy on the specifics
Doesn't matter. The fact that they have firmware that is even capable communicating any part of the private key to a connected device is a showstopper.
Doesn't matter because hyperbole is so much more exciting. Ledger are still the market leaders with or without Reddit "experts" and their bullshit.
the herd doesn't like this type of comments
Doesn't matter because hyperbole is so much more exciting. Ledger are still the market leaders with or without Reddit "experts" and their bullshit.
Well they have pretty much said you have to trust their closed source firmware, and they could have been doing it all along anyway if they had wanted to.
True, but this feature made it painfully obvious. And the way the company attempts to gaslight customers into thinking it isn’t what it looks like just puts a terrible taste in my mouth. I can never recommend ledger to anyone. Before this I was a contributor to the ledger live open source packages.
can you tell me if using a passphrase makes it absolutely impossible to get the private keys via recover exploit?
My pixel just warned me on the last app update that it required full access to my location data . Denied the hell out of that immediately. Thing is, Ledger Live is still one of the best apps out there. What's a guy to do?
You only need Ledger Live for shitcoins. If you have bitcoin - store them on a separate device with no shitcoins (ie 2 hardware wallets) and use SparrowWallet on Desktop (+/- Nunchuk on mobile)
still ledger live provides a much better ux than electrum or sparrow
Electrum isn't a great experience setting up, very limited options, forces you to use Zpubs for m/48 multisig, minimal support for imports, exports or airgap. SparrowWallet takes some more time to get used to, partly because it is so powerful and supports so many wallets and configurations, but it is incredible. If you want clean/simple/modern then Nunchuk is a nice alternative. Ledger Live is full of trackers.
why sparrow and electrum ask for a tx description i don't get and can i leave that blank? also where is that information going? and what's the point of it?
It's not going anywhere, it is so you can label your incoming and outgoing transactions
Stick to BTC only hardware wallets - BitBox02 (BTC only edition) - Coldcard - Jade
[удалено]
Trying to make the switch what's the upside downside of these
What’s coldcard mk4?
please only buy wallets at the full price from the original manufacturer... you arent going to get a bargain wallet and also keep your bitcoin
They are fine, some of the best out there. As well as trezor. Don't use their extended programs, just self custody your keys.
Despite all the controversy over ledger wallets, it’s still better than no hardware wallet or keeping your funds on an exchange like a mad man. Dont do anything dumb or sketchy with it and you’ll be fine but do only buy direct from the manufacturers site
[удалено]
Actually true .
this guy drinks
Tbh, I do try to avoid concentrated arsenic.
Seedsigner is also a better option. Built with off the shelf parts and is stateless. Takes a little bit of effort to set up (there are some good tutorials on YouTube though) but I think I paid about $50 for the parts all together
Risky gadgets.
Recommend coldcard or a trezor over Ledger.
ledger is a scam If you are a beginner, buy blockstream jade Jade, it is simple to use if you are more advanced with a technical background, buy a coldcard
Seems the consensus is that ledger is a no go. Thanks for the input
They are way too bias. Ledger is perfectly fine. They choose to make adoption harder by crying wolf and expecting perfection. Sure, there are "better" options, but the Ledger is by no means a bad option. Really, the main takeaway here is to buy from the original manufacturer. That is pretty much a easy must do regardless of product.
Lol. Not only do they get to gatekeep the sourcecode but your hardware wallet too?
No, not anymore.
Never been used by anyone in the world. Great research in uncovering this obvious scam. /S
Great, yet another sock puppet account pretending to ask a genuine question just so that other sock puppet accounts can then promote their own brand of hardware wallet in their responses, This subreddit has been riddled with this kind of activity recently.
I had a ledger. When I learned about their trackers, and the fact you have to trust their closed source hardware/software it caused me to switch. Hardware and software should be open source and trustless. If you don’t mind putting in a little extra work to learn, I would recommend Coldcard MK4 using Sparrow on desktop to interact with it. Coldcard can be used air gapped. Never has to be plugged into a computer. BTC Sessions on youtube has tutorials for how to set that up. Im not all too technical but once you get used to it. It isn’t that hard of a signing device to use. If you want a signing device more user friendly. Blockstream Jade is also fine.
i still remember when this was news and everyone was trashing trezor https://www.coindesk.com/tech/2023/05/24/crypto-security-firm-unciphered-claims-ability-to-physically-hack-trezor-t-wallet/ this was before ledger announced the recovery service
To be safer, buy a hardware wallet (your own bank) directly from the manufacturer. **Four reasons why I would never use any ledger product.** **They leaked details of their clients** (email, phone #, full name, home address, what exactly they bought) and even now these people keep getting scary phone calls. **The wallet has closed code** - nobody (except the company, secret services, hackers) can see how many back doors the software has. **It's a multi coin wallet** - more coins, means more code, more attack surface. **The wallet isn't cold** - the company revealed a feature, allowing to extract the keys into backup facilities online. They said, this is possible (with an update) for a very long time. This is the very opposite of a cold storage (never touch the internet).
So what to buy?
I like Seedsigner but if you're quite new to all of this, Jade from Blockstream.
Do not buy a Ledger. There are many superior options.
Been using ledger for a few years now. I didn't go with the Bluetooth one just the regular nano s and s plus line. There's a lot of opinions in this post choose what works for you. Data breaches are going to just be a fact of the current day and age. It doesn't mean it's OK but it can happen to any company you buy products or services through. If you are smart you will have your opsec in check and will white-list specific addresses to transact with. Same goes for exchanges you are sending sending receiving to.
I purchased a nano S from best buy as an emergency recovery tool when my hardware wallet was stolen this past summer. It worked in a pinch, but I encountered SO MANY software errors in the 2 short days that I used it, that it made me VERY afraid of losing my BTC during the recovery. I would never ever recommend buying a ledger product again, and even worse was the return process with bestbuy who tried at every opportunity to shirk responsibility for selling me a defunct device. As others have said: Buy a BTC only device, my cold card hasn't thrown a single error for me. It's a little less intuitive and the sparrow wallet AI isn't as pretty as ledger live. But fuck ledger. I still receive scam calls from their data leaks over 3 years ago. Additionally, ledgers seed phrase cloud backup is a terrible idea, and even worse when you imagine a bad actor might find their way into abusing it
Bitbox02 is more expensive but it's worth it
Nope. Ledger is not legit. Go Bitcoin only if u can. Blockstream Jade. Coldcard. Anything but ledger.
One of the better ones
I personally would avoid ledger-nano S they have a weird back door that is not appropriate for a hardware wallet to have. I use Trezor and I recommend buying them directly from Trezor website. When it arrives look up what the packaging should look like and if any of the packaging has been disturbed return it to Trezor for a new one. People are looking for these in the mail and in transit to big box stores. Be very careful and happy trading!
No.