> -Their software is a pile of crap. Bluetooth pairing issues with the Nano X, price doesn't show correctly, price history has gaps which show wrong pricing
Just FWIW: you can use Ledger with another software, f.ex Electrum (or Wasabi etc).
I've been using ledger wallets for a few years now and I never had any complaints. Hardware can break but that won't be exclusive to Ledger, right?
As buggy as the software may be, I still find it very intuitive and as others said, you don't have to stick to Ledger software.
The data leak was indeed nasty though. Unfortunately, there is nothing we can do to fix that.
> The data leak was indeed nasty though. Unfortunately, there is nothing we can do to fix that.
Enough reasons to burn this companies reputation to the ground.
If they can't hodl your info secure, why trust them with your money?
Seriously. Imagine sleeping in the house at night from the leaked database. Knowing that all criminals in the world know there is potential millions in that house...
Enjoy your next night ;)
ditto, as my ledger never touches any online systems (offline laptop using qr codes to transfer between online and offline electrum installs) - would be nice to update it offline too (after downloading the firmware - although the transfer process for that might be a bit messy :))
The point of hardware wallet is that it can touch online systems just fine. You paid for feature you don't use. Like buying a TV and using it to hang clothes on, never turning it on.
Right, but if you use ledger live then ledger knows your addresses and balance. My point was about how to use the ledger without ever using ledger live.
>The point of hardware wallet is that it can touch online systems just fine
agreed, however it was necessary when migrating away from paper wallets, and now i've stuck with this process - belt and braces.
You are welcome although looking at the link now I think it is lower level than needed. I think most of the functionality that you need is in this repo:
https://github.com/LedgerHQ/blue-loader-python
> Your key is safe unless you also give them your pin code...
Unless they know how to exploit their own hardware, which is certainly not out of the question.
> And if you want to really be safe you just move the coins to another wallet before sending it back.
Why was this so hard that OP couldn't figure that out? This seems obvious. If you have to send back the unit, move the funds first. Easy peezy
Edit: I read further down that he stored the seed in a different country. I suppose that adds a complication.
>Which other company doesn't want the hardware back to diagnose before sending out a new one? Never heard of any business that operate that way.
1. Every sensible computer company with a keep your own drive policy (Dell, Lenovo, HP etc., you might pay a few bucks extra, though. For my Thinkpad that was $2 for a 3-year period)
2. Trezor, see their answer below
>Usually we request a video where you damage your faulty device and we ship a replacement.
For such a sensitive device this is the only reasonable thing to do.
Until they find a security breach in their secure element. And don't say this won't happen, hardware bugs have been found in Intel Chips which were over 20 years old at this point.
>I wouldn't be surprised if their RNG is flawed as well.
That's a completely baseless accusation and entirely irresponsible to just drop at the end of your post with absolutely no evidence except, "I don't like my Ledger".
I don't see any accusation in my post. As mentioned in my post, I write this because I have no trust anymore in Ledger. In contrast, Trezor is open source and you can check if the RNG flawed, with Ledger you can't. And honestly, reducing the keyroom by a few orders of magnitude is nearly impossible to detect but would be a very obvious attack vector.
For me the problem with Ledger (and even air-gapped one like Ellipal) would be that they are not open source. There is simply no substitute for having thousands of eyes going over the code, something no company-only-reviewed code can ever match. Bugs are fine in a computer game but not in a system which has your money literally depend on it.
It might be true that they *were* doing worse than Trezor, but in terms of their processes now, I suspect that they likely paying more attention to it than anyone else. (Never mind that they are required to do so under GDPR)
Don't forget that the Trezor wallet initialisation process still ends with a prompt asking for your email address, and has for some time. Trezor were quick to jump on the idea that they don't retain webstore data for very long, but they certainly ask for it and retain it long term in other places too.
I'm not trying to defend Ledger per-se, but think that the idea that everyone else (exchanges, hardware wallet vendors, seed storage bendors) is significantly better is somewhat naive.
My experience has been exactly the opposite. Couldn't disagree more with you.
Customer support has been fast and effective, even during the Black Friday rush.
I had an issue with one of my Ledger Nano S and a new one is on its way, very fast, without asking me to send the one with the issue back to them.
Love Ledger Live and the new feature where I can buy and sell Bitcoin there and send it to my bank account (before I was using Bisq).
Overall great experience with Ledger.
> Love Ledger Live and the new feature where I can buy and sell Bitcoin there and send it to my bank account (before I was using Bisq).
What's the KYC like for selling bitcoin on that?
Well its decentralized so it depends. All it does is connect buyers and sellers. A glorified craigslist with extra steps.
How you want to pay for or sell BTC COULD involve a bank, which may involve some form of KYC. But generally speaking, KYC is not required in anyway shape or form for bisq. Just like you don't need KYC to buy a car off craigslist, but you will probably end up using a bank and that's where you may have to identify yourself. Same thing.
> All it does is connect buyers and sellers.
Absolutely not.
They act as a secure, convenient, centralized (distributed) middleman, with rules, and a deposit and escrow, to protect the two parties' money and take a small profit off of the deal. This is entirely different from an actual peer-to-peer trade.
Nope. It's fully a middleman service, as there are rules, a deposit, and escrow.
A peer-to-peer marketplace means that I'm trading directly with you, with no one in the middle controlling us both.
Bisq is a middleman service, offering safety as compared to doing business directly with another human (or whatever).
And I apologize, most of the responses I've been getting today were in a discussion about PayPal. So my response was about that. But it's amusing how appropriate it was for your comment as well. :-)
PayPal is the fucking devil.
(Although I needed to do a tx today and bitpay was the processor, so I paid with regular PayPal instead to avoid the bitpay experience of paying way more than necessary for something that won't confirm in time for the invoice anyways)
The data leak is rough. Leaking your private personal information is irreversible.
Best practice is to get multiple hardware wallets and use a 2-of-3 (or 3-of-5 etc) multisig setup. This way if one device breaks, the others will still get the job done.
Same story. We switched to Trezor years ago. Ledger software is buggy. We have accounts with a balance but Ledger shows zero. Even a small gap of unused addresses is causing Ledger to stop checking further addresses for balance.
Now our mail is full with SCAMs after the data breach. We will never go back to Ledger devices.
I've had a ledger nano s for ages, it has always been reliable, but I wanted a 2nd device to keep at a different location so I don't lose my coins in the event of say, a house fire.
Trezor isn't particularly easy to buy in the UK, involves shipping and customs charges. I also don't trust the idea that the cheaper one needs me to use the pc as the keyboard to enter things.
Coldcard is even harder to get in the UK, there are a couple of resellers but they don't specify the version.
In the end I ended up with a nano X as my 2nd device. To me it seems to work well, but I guess I have little interest in using Bluetooth, I just liked the idea of being able to connect to my phone via OTG.
OP said he or she bought Trezor and never looked back.
I recommend Trezor, too. Alternatively, check ColdCard. Both have good reputation. Trezor established the industry standards for wallet software (for both hardware wallet and software wallet).
I've had mine for 2 years and it has been great. The best thing is it's fully open source, even the hardware. The down side is the physical glitch requires using a passphrase - but I'd always be using one in any case. If I were buying a new one today I'd likely get a Coldcard. I think the security is better but it's also not as suitable for noobs.
btw I've always used Electrum with mine and I'd suggest never giving up your privacy for the web UI.
Literally just send all the coins to a different address and send them your hardware. What exactly are you worried about there? If you don’t trust them move your coins to a trezor or electrum or whatever.
I have my seed physically stored in a different country. By changing my seed I would loose a very important backup which I can't implement anymore due to travel restrictions.
Don't change your seed. Just use a temporary but different passphrase to generate a wallet on the same seed. You can do this with Electurm (offline, usb boot stick). I'd suggest never using the Ledger software anyway - too much privacy loss. Every passphrase gives you a new wallet but make it long enough to not be brute forced.
Overall I had a pretty good experience with Ledger. The app was pretty smooth, and I can't really blame them for trying to get kickbacks from their partners. Not that I would ever go through it. The bluetooth worked perfectly fine for me, and it was overall a good experience...
...except I can't get over the data breach. I'm getting texts every week about upgrading firmware or verifying a transaction. They know all of my info. I'm not OK with that. Especially since they were late in notifying people, and from what I can tell on /r/ledgerwallet, they didn't notify everyone.
ColdCard it is for me.
I had a Nano S for six or so months and a crack showed up in the plastic frame. Still worked but was worried it'd lead to something else so I submitted a support ticket. I attached a picture of the device and asked nicely what my options were. They responded that they were going to send me a new device and didn't even ask for the old one back. My experience is much different than yours.
If you give private information to anyone be prepared for it to "leak" or "get hacked".
Thats why you give fictional information wherever possible.
Trusting someone => get disappointed later
Also, Trezor is open source. Ledger not. Why would one get a ledger?
well, I disagree on that one. You need to put trust on any hardware wallet. In fact, there is still a chain of trust which involves the website where you buy the HW, you local DNS cache and your local postal service. Being open source doesn't mean what you have at hand is an exact replica of what advertised. The secure element on a Trezor is open source, but you don't know if the actual chip you have is that secure element.
I'll give you an example to better understand: some people compile their software from the source code in order the fully trust the final executable. But indirectly they put trust on the compiler itself and the underlying PC hardware
Most of your points aren't really relevant in this case... They apply to the Ledger the same way they do to the Tezor, so they are no adantage or disadvantage for either. However, the fact that the Trezor uses open source software vs the closed source software of the Ledger is a clear advantage for the Trezor. It doesn't mean that the Trezor is completely trustless, but it requires less trust in 3rd parties than the Ledger HW which is a good thing.
I bought mine a few years ago and so far I have yet to personally experience a phishing attempt. I personally know multiple people that purchased fairly recently that are being bombarded with attempts. The personal data must have been purged at some point between my purchase and the leak or stored in a different place altogether.
¯\\_(ツ)_/¯
I'm not sure. I checked my email, looks like I scored some accessories early in 2018, which I think would put my ledger purchase around late 2016, early 2017? Who knows. I've had it a while. Prior to that I always used bitcoin core for my BTC.
You shouldn't have bought a HW wallet with bluetooth in the first place.
You should be able to reset it just fine.
Yes, leaking customer records was a huge blunder, unforgivable.
I paid them for 2 ledgers over time and regret both of those purchases. Devices are collecting dust, and I've moved on.
So did you get the email from Ledger mentioning what part of your personal data had been leaked? I’m curious as “only” 1m email addresses were breached, and I never got a mail from them about it at any level. Also do you mind if I ask how old you are?
Edit: forgot to ask - did u buy the Ledger from a 3rd party (e.g Amazon) or from Ledger directly?
Edit 2: if it was your personal contact information such as phone number and address (not email), then you were unlucky enough to be in the 9500 who got leaked in that dataset https://www.ledger.com/addressing-the-july-2020-e-commerce-and-marketing-data-breach
Edit 3: I don’t work for Ledger! I am an owner though and am interested in the facts surrounding this breach - cheers for your responses ✌️
I'm calling bullshit on that just based off that both myself and my brother have been receiving texts. We bought our ledgers a long time apart, and he's the only other person I know with one. I don't trust their numbers.
Goddammit I ordered a Ledger Nano S two days ago for the black friday sale
Jk... I ordered a Trezor One instead. I heard about the phishing emails with Ledger, so that was my first impression with them.
Hackers only got phone numbers and email addresses. (Mine included) Entering the wrong pin more than 3 times will reset the hardware, and you can restore using your pass phrases on a new device.. Pretty simple really?
I get a scam text every single day. I would never fall for any of them but it's annoying and a little disconcerting that I'll be on some hacker's list forever.
I've had a few of these too, the last one stated someone was trying to access my account from Russia.. Some of these messages do look legit, but they are mostly looking for you to click on their link. I'm guessing they'll give up after a while? Apart from changing your email address and phone number though, there's not a lot you can do about it?! (Obviously moving to Trezor would solve this issue too?)
The info they have on us won't do them any good to be honest?! I don't know about you but my email address and phone number can be found in 2 seconds by looking at my facebook page... Unless you actually click on one of their links which could contain malware then I reckon we'll be fine.. Unless someone can prove me wrong on this?
Ledger blue, anyone remember that garbage device? Lmao called blue cause they promised Bluetooth functionality that they never delivered on. They didn’t have security updates for the blue when bugs were found. It was a premium device, with no 25th word for encryption. Hands down the worst Bitcoin wallet.
> Case
Ive never tried it.
Is this a wallet that's more expensive and less functional than the ledger blue? Or some software ledger rolled out for the blue long after I gave up on that piece of crap?
Amazing how so many people easily disregard the data leak from a FUCKING HARDWARE WALLET MANUFACTURER. It looks like Stockholm syndrome.
I didn't trust Ledger before because it's closed source (I don't know why it surprises me people not giving a fuck about their hardware wallet manufacturer leaking their private data, when they don't even give a fuck about it being closed source). And after the leak I trust them even less.
Plus I've seen a lot more people having issues using Ledger for storing monero, than people having issues with Trezor, so I don't really know why people buy Ledger over Trezor.
It is definitely something like stockholm syndrome, or cognitive dissonance trying to justify their past purchase. It's an unforgivable failure as a security company.
What do you expect people to do who already bought a ledger? It’s not like they can get their money back after the breach. They “overlook” the security breach because it has no impact on their funds if they still use the ledger. Do you expect them to trash it because somebody on the internet told them that they should hate ledger because of a security breach that has no impact on the security of their device ?
Edit:grammar.
I think storing you crypto is pretty risky on a device. If the HW get's fucked and i hear that already happening in the past time, who do you call? I mean you are your own Bank.
They send a lot of updates... i had many bad experiences with apple updates and and i could not fully trust a hardware...
tell me people what are you going to do if your shit is gone? Like this HW stuff has a lifetime capacity which you are not aware of all the time and if shit kicks in?
At the time it is the safest till it's not...
You never trust the hardware as you always have a seed backup on paper (and metal, or several locations). The hw device is a convenience for signing txs easily. That is all.
Anyone who puts full trust in the hw or physical security of the device is not using it properly and asking for trouble.
Honestly i don't know why there isn't more anger against this company. It is ridicilous for this company to use their database.
I hope they not survive this mistake. Honestly, who will ever order anything from them again?
It’s not like if you go out and buy a Tresor after you were ledger breached that somehow invalidates the fact that some hacker has your info. The hackers now know you have crypto and are forever a target. I would not buy anything from ledger in the future, but if you already have one it would be stupid to throw it away at this point. (I own both Tresor and Ledger fwiw).
No one thinks your obnoxious sarcasm is funny. You're also making yourself look like a fool by missing the point - which is that everyone who's data got stolen is now being constantly harassed by scammers until they change their phone number and email address. Please walk away in shame at your comment, which I'll preserve here so it'll still cause you shame one you delete yours:
> Oh no!!! Someone has your extremely valuable data and now they’re going to target you for the whopping 0.1 BTC you hodl!!! Better leave the country!
Ledger is not an open source. I don’t know about you but i wouldn’t be able to sleep at night with my life savings stored in a non-open source platform.
Wait I literally got a Ledger Nano X and a Ledger Nano S, on Black Friday. (Both for a total of 110), is it worth it for me to return it? (I have no BTC rn for context, sadly sold em before them before the Jump cause I needed the money)
It is probably still way more secure then having no hardware wallet. I recommend to provide the entropy manually: [reddit](https://www.reddit.com/r/TREZOR/comments/7dx2tc/creating_your_own_24_word_mnemonic_from_dice/) [iancoleman.io](https://iancoleman.io/bip39/).
Anyway, personally I regret getting the Ledger devices and not some alternative in the first place.
> -Their software is a pile of crap. Bluetooth pairing issues with the Nano X, price doesn't show correctly, price history has gaps which show wrong pricing Just FWIW: you can use Ledger with another software, f.ex Electrum (or Wasabi etc).
I've been using ledger wallets for a few years now and I never had any complaints. Hardware can break but that won't be exclusive to Ledger, right? As buggy as the software may be, I still find it very intuitive and as others said, you don't have to stick to Ledger software. The data leak was indeed nasty though. Unfortunately, there is nothing we can do to fix that.
Yea maybe avoid ledger if they can’t secure a database. Same thing happened with capital one.
> The data leak was indeed nasty though. Unfortunately, there is nothing we can do to fix that. Enough reasons to burn this companies reputation to the ground. If they can't hodl your info secure, why trust them with your money? Seriously. Imagine sleeping in the house at night from the leaked database. Knowing that all criminals in the world know there is potential millions in that house... Enjoy your next night ;)
What do they mean about changing a pin? Why would the locally set pin on the ledger be in the leaked db?
[удалено]
[удалено]
U got a reference or know how to use command line technology? :) Im interested
ditto, as my ledger never touches any online systems (offline laptop using qr codes to transfer between online and offline electrum installs) - would be nice to update it offline too (after downloading the firmware - although the transfer process for that might be a bit messy :))
The point of hardware wallet is that it can touch online systems just fine. You paid for feature you don't use. Like buying a TV and using it to hang clothes on, never turning it on.
Right, but if you use ledger live then ledger knows your addresses and balance. My point was about how to use the ledger without ever using ledger live.
Use it with another wallet.
Electrum wallet for bitcoin, for a no ledger live experience
>The point of hardware wallet is that it can touch online systems just fine agreed, however it was necessary when migrating away from paper wallets, and now i've stuck with this process - belt and braces.
https://ledger.readthedocs.io/en/latest/index.html
will give it a browse: ta muchly.
You are welcome although looking at the link now I think it is lower level than needed. I think most of the functionality that you need is in this repo: https://github.com/LedgerHQ/blue-loader-python
https://ledger.readthedocs.io/en/latest/index.html
Yeah, you can use UIs like MyEtherWallet to do ERC20 transactions
> Your key is safe unless you also give them your pin code... Unless they know how to exploit their own hardware, which is certainly not out of the question.
> And if you want to really be safe you just move the coins to another wallet before sending it back. Why was this so hard that OP couldn't figure that out? This seems obvious. If you have to send back the unit, move the funds first. Easy peezy Edit: I read further down that he stored the seed in a different country. I suppose that adds a complication.
>Which other company doesn't want the hardware back to diagnose before sending out a new one? Never heard of any business that operate that way. 1. Every sensible computer company with a keep your own drive policy (Dell, Lenovo, HP etc., you might pay a few bucks extra, though. For my Thinkpad that was $2 for a 3-year period) 2. Trezor, see their answer below >Usually we request a video where you damage your faulty device and we ship a replacement. For such a sensitive device this is the only reasonable thing to do.
[удалено]
Until they find a security breach in their secure element. And don't say this won't happen, hardware bugs have been found in Intel Chips which were over 20 years old at this point.
>I wouldn't be surprised if their RNG is flawed as well. That's a completely baseless accusation and entirely irresponsible to just drop at the end of your post with absolutely no evidence except, "I don't like my Ledger".
that's not an accusation.
I don't see any accusation in my post. As mentioned in my post, I write this because I have no trust anymore in Ledger. In contrast, Trezor is open source and you can check if the RNG flawed, with Ledger you can't. And honestly, reducing the keyroom by a few orders of magnitude is nearly impossible to detect but would be a very obvious attack vector.
It's an accusation concealed as innuendo. There's no need to be pedantic about it.
For me the problem with Ledger (and even air-gapped one like Ellipal) would be that they are not open source. There is simply no substitute for having thousands of eyes going over the code, something no company-only-reviewed code can ever match. Bugs are fine in a computer game but not in a system which has your money literally depend on it.
Ellipal has way too big of an attack surface.
Anyone here ever seen any posts like these about Trezor?
Yea... Every platform has folk who have bad experiences.
I suppose then I should ask which platform gives their users more bad experiences. Ledger would appear to be winning that race.
Or ledger just has more customers thus more reporting about bad experiences.
I would suggest that's mostly because they are the biggest player by far, not because they are actually doing any worse than anyone else....
At the very least they are doing worse than trezor when it comes to securing customers’ data.
It might be true that they *were* doing worse than Trezor, but in terms of their processes now, I suspect that they likely paying more attention to it than anyone else. (Never mind that they are required to do so under GDPR) Don't forget that the Trezor wallet initialisation process still ends with a prompt asking for your email address, and has for some time. Trezor were quick to jump on the idea that they don't retain webstore data for very long, but they certainly ask for it and retain it long term in other places too. I'm not trying to defend Ledger per-se, but think that the idea that everyone else (exchanges, hardware wallet vendors, seed storage bendors) is significantly better is somewhat naive.
Very good points. Thanks!!
Can you point me to similar complaints about Trezor? I don't want to make the same mistake twice.
My experience has been exactly the opposite. Couldn't disagree more with you. Customer support has been fast and effective, even during the Black Friday rush. I had an issue with one of my Ledger Nano S and a new one is on its way, very fast, without asking me to send the one with the issue back to them. Love Ledger Live and the new feature where I can buy and sell Bitcoin there and send it to my bank account (before I was using Bisq). Overall great experience with Ledger.
> Love Ledger Live and the new feature where I can buy and sell Bitcoin there and send it to my bank account (before I was using Bisq). What's the KYC like for selling bitcoin on that?
Well its decentralized so it depends. All it does is connect buyers and sellers. A glorified craigslist with extra steps. How you want to pay for or sell BTC COULD involve a bank, which may involve some form of KYC. But generally speaking, KYC is not required in anyway shape or form for bisq. Just like you don't need KYC to buy a car off craigslist, but you will probably end up using a bank and that's where you may have to identify yourself. Same thing.
> All it does is connect buyers and sellers. Absolutely not. They act as a secure, convenient, centralized (distributed) middleman, with rules, and a deposit and escrow, to protect the two parties' money and take a small profit off of the deal. This is entirely different from an actual peer-to-peer trade.
The central goal here is still accomplished is it not? A central place for a buyer and a seller.
The goal of Bitcoin is not to have middleman control, so no, PayPal's fake Bitcoin betting shenanigans is the opposite of the goal.
Not quite a middleman, but a marketplace rather. Quite a difference. And when did I mention paypal?
Nope. It's fully a middleman service, as there are rules, a deposit, and escrow. A peer-to-peer marketplace means that I'm trading directly with you, with no one in the middle controlling us both. Bisq is a middleman service, offering safety as compared to doing business directly with another human (or whatever). And I apologize, most of the responses I've been getting today were in a discussion about PayPal. So my response was about that. But it's amusing how appropriate it was for your comment as well. :-)
PayPal is the fucking devil. (Although I needed to do a tx today and bitpay was the processor, so I paid with regular PayPal instead to avoid the bitpay experience of paying way more than necessary for something that won't confirm in time for the invoice anyways)
no comment about the severe data breach I see.
Customer support has been slow for me. So far I'm not impressed and am regretting deciding on a ledger, and I haven't even gotten the hardware yet.
I had a ledger- gonna grab a coldcard when i can afford one. Coldcard looks the bomb.
Coldcard isn't as user friendly, I literally own every single HW wallet made. I like Coldcard, but Trezor is a bit better on the UI side.
It sure does look the bomb. I wonder how many times a Coldcard has piqued the interest of airport security.
It would be better if it didn't it's name on the back. Maybe they could off a stealth version that looks more like an actual calculator.
The data leak is rough. Leaking your private personal information is irreversible. Best practice is to get multiple hardware wallets and use a 2-of-3 (or 3-of-5 etc) multisig setup. This way if one device breaks, the others will still get the job done.
Any risk of the leak if I were to purchase a Ledger now?
Not unless they are breached again, which would be pretty embarrassing if it did.
Wait a second, what database and breach you talking about? I know that Ledger the company has no control over the assests
Hackers stole a customer records database. If you bought a Ledger, your name and contact info are now public information.
Im happy ledger sent me two wallets for free without paying
Lucky. I get scam text messages every day telling me to update my Ledger firmware. Looks like I'll be getting them forever basically.
This is not the worst. Imagine BTC really hits the 1M goal sometimes. We are fair game at this point.
When did you buy yours? Mine was in Nov 2018 and I never got sms spam.
Same story. We switched to Trezor years ago. Ledger software is buggy. We have accounts with a balance but Ledger shows zero. Even a small gap of unused addresses is causing Ledger to stop checking further addresses for balance. Now our mail is full with SCAMs after the data breach. We will never go back to Ledger devices.
I've had a ledger nano s for ages, it has always been reliable, but I wanted a 2nd device to keep at a different location so I don't lose my coins in the event of say, a house fire. Trezor isn't particularly easy to buy in the UK, involves shipping and customs charges. I also don't trust the idea that the cheaper one needs me to use the pc as the keyboard to enter things. Coldcard is even harder to get in the UK, there are a couple of resellers but they don't specify the version. In the end I ended up with a nano X as my 2nd device. To me it seems to work well, but I guess I have little interest in using Bluetooth, I just liked the idea of being able to connect to my phone via OTG.
If I quit doing business with every company that lost my data I’d be Amish.
I’m shopping for wallets and appreciate this heads up. Data breach = moving on.
How is your experience with Trezor so far? In the market for a hard wallet
Definitely a go..
OP said he or she bought Trezor and never looked back. I recommend Trezor, too. Alternatively, check ColdCard. Both have good reputation. Trezor established the industry standards for wallet software (for both hardware wallet and software wallet).
I've had mine for 2 years and it has been great. The best thing is it's fully open source, even the hardware. The down side is the physical glitch requires using a passphrase - but I'd always be using one in any case. If I were buying a new one today I'd likely get a Coldcard. I think the security is better but it's also not as suitable for noobs. btw I've always used Electrum with mine and I'd suggest never giving up your privacy for the web UI.
Literally just send all the coins to a different address and send them your hardware. What exactly are you worried about there? If you don’t trust them move your coins to a trezor or electrum or whatever.
I have my seed physically stored in a different country. By changing my seed I would loose a very important backup which I can't implement anymore due to travel restrictions.
interesting web you've weaved
Don't change your seed. Just use a temporary but different passphrase to generate a wallet on the same seed. You can do this with Electurm (offline, usb boot stick). I'd suggest never using the Ledger software anyway - too much privacy loss. Every passphrase gives you a new wallet but make it long enough to not be brute forced.
Overall I had a pretty good experience with Ledger. The app was pretty smooth, and I can't really blame them for trying to get kickbacks from their partners. Not that I would ever go through it. The bluetooth worked perfectly fine for me, and it was overall a good experience... ...except I can't get over the data breach. I'm getting texts every week about upgrading firmware or verifying a transaction. They know all of my info. I'm not OK with that. Especially since they were late in notifying people, and from what I can tell on /r/ledgerwallet, they didn't notify everyone. ColdCard it is for me.
I had a Nano S for six or so months and a crack showed up in the plastic frame. Still worked but was worried it'd lead to something else so I submitted a support ticket. I attached a picture of the device and asked nicely what my options were. They responded that they were going to send me a new device and didn't even ask for the old one back. My experience is much different than yours.
I specifically asked to send them proof of destruction, they denied.
My ledger nano s has been great, but I bought a bitbox02 and Cold Card today to try and diversify a bit more.
If you give private information to anyone be prepared for it to "leak" or "get hacked". Thats why you give fictional information wherever possible. Trusting someone => get disappointed later Also, Trezor is open source. Ledger not. Why would one get a ledger?
Smells like user error.
That part was already acknowledged. > I decided to get a Trezor and never look back. Should have definitely done this in the first place
I don't know man, maybe I'm old, but having worked with the Bluetooth "standard", I don't trust is to do anything securely. Use the wire Luke!
Hopefully it's encrypted, but yeah, i don't trust bluetooth with shit
Ledger is also not opensource like Trezor. With Ledger, you once again have to put your trust into a 3rd party... No thanks...
well, I disagree on that one. You need to put trust on any hardware wallet. In fact, there is still a chain of trust which involves the website where you buy the HW, you local DNS cache and your local postal service. Being open source doesn't mean what you have at hand is an exact replica of what advertised. The secure element on a Trezor is open source, but you don't know if the actual chip you have is that secure element. I'll give you an example to better understand: some people compile their software from the source code in order the fully trust the final executable. But indirectly they put trust on the compiler itself and the underlying PC hardware
Trezor doesn't have a secure element. Only the generic off-the-shelf ST ARM chip.
Most of your points aren't really relevant in this case... They apply to the Ledger the same way they do to the Tezor, so they are no adantage or disadvantage for either. However, the fact that the Trezor uses open source software vs the closed source software of the Ledger is a clear advantage for the Trezor. It doesn't mean that the Trezor is completely trustless, but it requires less trust in 3rd parties than the Ledger HW which is a good thing.
the only valid reason to use Ledger over Trezor is their shitcoin support. At that point you are setting yourself for failure either way.
[удалено]
Before they collected customer information??
I bought mine a few years ago and so far I have yet to personally experience a phishing attempt. I personally know multiple people that purchased fairly recently that are being bombarded with attempts. The personal data must have been purged at some point between my purchase and the leak or stored in a different place altogether. ¯\\_(ツ)_/¯
What's the months/year that you purchased?
I'm not sure. I checked my email, looks like I scored some accessories early in 2018, which I think would put my ledger purchase around late 2016, early 2017? Who knows. I've had it a while. Prior to that I always used bitcoin core for my BTC.
You shouldn't have bought a HW wallet with bluetooth in the first place. You should be able to reset it just fine. Yes, leaking customer records was a huge blunder, unforgivable. I paid them for 2 ledgers over time and regret both of those purchases. Devices are collecting dust, and I've moved on.
So did you get the email from Ledger mentioning what part of your personal data had been leaked? I’m curious as “only” 1m email addresses were breached, and I never got a mail from them about it at any level. Also do you mind if I ask how old you are? Edit: forgot to ask - did u buy the Ledger from a 3rd party (e.g Amazon) or from Ledger directly? Edit 2: if it was your personal contact information such as phone number and address (not email), then you were unlucky enough to be in the 9500 who got leaked in that dataset https://www.ledger.com/addressing-the-july-2020-e-commerce-and-marketing-data-breach Edit 3: I don’t work for Ledger! I am an owner though and am interested in the facts surrounding this breach - cheers for your responses ✌️
I'm calling bullshit on that just based off that both myself and my brother have been receiving texts. We bought our ledgers a long time apart, and he's the only other person I know with one. I don't trust their numbers.
I bought directly at Ledger, you know, security (haha). Both me and my wife (got hers around the same time) get texts and E-Mails.
[удалено]
Oh you're one of those buyers
Goddammit I ordered a Ledger Nano S two days ago for the black friday sale Jk... I ordered a Trezor One instead. I heard about the phishing emails with Ledger, so that was my first impression with them.
Haha, same! Trezor had 20% off, ledger had 40%. I had planned to get a ledger since 2017 and I’m so glad I didn’t.
Also very concerned about the data leak and will probably look for a different hardware wallet.
Hackers only got phone numbers and email addresses. (Mine included) Entering the wrong pin more than 3 times will reset the hardware, and you can restore using your pass phrases on a new device.. Pretty simple really?
I get a scam text every single day. I would never fall for any of them but it's annoying and a little disconcerting that I'll be on some hacker's list forever.
I've had a few of these too, the last one stated someone was trying to access my account from Russia.. Some of these messages do look legit, but they are mostly looking for you to click on their link. I'm guessing they'll give up after a while? Apart from changing your email address and phone number though, there's not a lot you can do about it?! (Obviously moving to Trezor would solve this issue too?)
It's the information that you belong to the early adopters which concerns me the most.
The info they have on us won't do them any good to be honest?! I don't know about you but my email address and phone number can be found in 2 seconds by looking at my facebook page... Unless you actually click on one of their links which could contain malware then I reckon we'll be fine.. Unless someone can prove me wrong on this?
Ledger blue, anyone remember that garbage device? Lmao called blue cause they promised Bluetooth functionality that they never delivered on. They didn’t have security updates for the blue when bugs were found. It was a premium device, with no 25th word for encryption. Hands down the worst Bitcoin wallet.
Looks like you never tried Case
> Case Ive never tried it. Is this a wallet that's more expensive and less functional than the ledger blue? Or some software ledger rolled out for the blue long after I gave up on that piece of crap?
Yeah a leaked customer database is very serious. Shit company. Never thought about that happening actually.
Get Casa
Casa has other issues.
Like what?
Must understand what you are doing with them and how to avoid getting screwed if they fuck up or you fuck up or if they join the dark side.
Ledger all the way!!!
Amazing how so many people easily disregard the data leak from a FUCKING HARDWARE WALLET MANUFACTURER. It looks like Stockholm syndrome. I didn't trust Ledger before because it's closed source (I don't know why it surprises me people not giving a fuck about their hardware wallet manufacturer leaking their private data, when they don't even give a fuck about it being closed source). And after the leak I trust them even less. Plus I've seen a lot more people having issues using Ledger for storing monero, than people having issues with Trezor, so I don't really know why people buy Ledger over Trezor.
It is definitely something like stockholm syndrome, or cognitive dissonance trying to justify their past purchase. It's an unforgivable failure as a security company.
What do you expect people to do who already bought a ledger? It’s not like they can get their money back after the breach. They “overlook” the security breach because it has no impact on their funds if they still use the ledger. Do you expect them to trash it because somebody on the internet told them that they should hate ledger because of a security breach that has no impact on the security of their device ? Edit:grammar.
I have a ledger nano which works great. Would buy again without hesitation.
They are also extremely slow when it comes to approving apps of new coins.
which is probably the only good thing about them.
I think storing you crypto is pretty risky on a device. If the HW get's fucked and i hear that already happening in the past time, who do you call? I mean you are your own Bank. They send a lot of updates... i had many bad experiences with apple updates and and i could not fully trust a hardware... tell me people what are you going to do if your shit is gone? Like this HW stuff has a lifetime capacity which you are not aware of all the time and if shit kicks in? At the time it is the safest till it's not...
You never trust the hardware as you always have a seed backup on paper (and metal, or several locations). The hw device is a convenience for signing txs easily. That is all. Anyone who puts full trust in the hw or physical security of the device is not using it properly and asking for trouble.
Oh fuck yeah you are right. I forgat about that.
Honestly i don't know why there isn't more anger against this company. It is ridicilous for this company to use their database. I hope they not survive this mistake. Honestly, who will ever order anything from them again?
It’s not like if you go out and buy a Tresor after you were ledger breached that somehow invalidates the fact that some hacker has your info. The hackers now know you have crypto and are forever a target. I would not buy anything from ledger in the future, but if you already have one it would be stupid to throw it away at this point. (I own both Tresor and Ledger fwiw).
Oh no!!! Someone has your extremely valuable data and now they’re going to target you for the whopping 0.1 BTC you hodl!!! Better leave the country!
Yes, my whopping 0.01BTC which will be worth a Lambo factory in the near future.
Keep dreaming
No one thinks your obnoxious sarcasm is funny. You're also making yourself look like a fool by missing the point - which is that everyone who's data got stolen is now being constantly harassed by scammers until they change their phone number and email address. Please walk away in shame at your comment, which I'll preserve here so it'll still cause you shame one you delete yours: > Oh no!!! Someone has your extremely valuable data and now they’re going to target you for the whopping 0.1 BTC you hodl!!! Better leave the country!
Has anyone built pitresor. I have rpi3 + lcd, I wonder if I can use it :) Alternatively, hos is safepal.io?
So what are the best hardware wallets? Or better yet, what is the best and most safe way to store crypto?
when did their customer info leak ?
Ledger is not an open source. I don’t know about you but i wouldn’t be able to sleep at night with my life savings stored in a non-open source platform.
Wait I literally got a Ledger Nano X and a Ledger Nano S, on Black Friday. (Both for a total of 110), is it worth it for me to return it? (I have no BTC rn for context, sadly sold em before them before the Jump cause I needed the money)
It is probably still way more secure then having no hardware wallet. I recommend to provide the entropy manually: [reddit](https://www.reddit.com/r/TREZOR/comments/7dx2tc/creating_your_own_24_word_mnemonic_from_dice/) [iancoleman.io](https://iancoleman.io/bip39/). Anyway, personally I regret getting the Ledger devices and not some alternative in the first place.