/biz/ - Business & Finance

fuck off meme faggot

So you need to show ID in order to update? Kek

>>54979976
>can subscribe
>recovery backup
>>54979987
???
>x
>mobile
who cares

>>54979976
>company that had a database leak now wants a government issued identification to subscribe to a service they're providing
What could go wrong?

Unreal everything is coming to a head all at once I always laughed at people that thought crypto was started “by the person ple” muh decentralization was a memes out trap you will surrender not me ledger in the trash

>>54980008
Their software now has the ability to pull your recovery keys and upload them. Whether you subscribe or not, that can be exploited.

>>54980049
I see what you're saying. Is that how it works though?

>>54979976
>>54980049
>>54980061
I can't find anything about this. No update 2.2.1 etc.

>>54980106
https://twitter.com/_pgauthier/status/1653463160370675730

>>54980131
yeah just found the wired article
I still don't get if you are just giving them the recovery or if it pulls it from your ledger
and if it pulls it why is it seemingly only x and mobile users?

>>54979976
i only use my ledger with electrum

>>54980106
https://www.wired.co.uk/article/ftx-crypto-investors-hardware-wallets

>>54979976
>let us do a cloud backup of your seed words
>oh, and we need a copy of your passport
No. Fucking. Way.

>>54980155
>>54980177
checked yeah sounds retarded
>bUt iT's sHaRdEd
I don't get it, sounds retarded, wouldn't be too surprising but we'll have to see because I can't find any real information other than the general idea

>>54980029
this

no one has forgotten about that massive fuckup

Wtf is this shit? The whole point of me getting a pedger was so that I'd be the only one with access to my peivate key, but now it looks like the company will be able to retrieve it "for me"?? I'll wait to see the specifics of how this system works but at first pass it looks like a massive security risk. I' considering switching to trezor now.

Ledger is going to blow its load so hard once they get people to sign up for this kikery.

Here's another 'priming the pump' teasehttps://www.ledger.com/academy/what-is-digital-identity

Ledger cofounder just confirmed that your seed phrase is sent to online if you use this service. Its unironically over for ledger users

so ledger bros what you gonna do? Funds back to an exchange like goybase? Straight onto a trezor? Paper wallets?

>>54983271
Nothing?
They don't have our keys and you don't have to opt in. Also this was an inevitable step in crypto adoption and my wallets are doxxed by cexes. I couldn't care less, just won't opt in.

>>54979976
dump it where?

>>54983271
I'm never updating my ledger firmware ever again.

You all knew it was inevitable. Feds pay or scare them into doing this shit.
Expect the 20th feds cracked crypto encryption article soon when retards who opted in get vanned

>Future of Finance
Lol, lmao.

Just fucking memorise your seed phrase at this point.

>>54983278

>device is confirmed as being able to transmit your private keys online
>i-it's opt in guys i j-just won't u-use it that means it wil b-be safe r-rght?

is there a guide for setting up a cold wallet on an airgapped, never internet connected computer? looks like we have to go back to the old days.

>>54979987
>can subscribe
>can
not
>must
Fucking take your english lessons seriously abdul. Or the entire west will 'scam' you.

>>54983357
If the Ledger is physically capable of exporting your seed phrase after sign-up then it's physically capable of exporting your seed phrase beforehand.

>>54983370
This. DO NOT install the firmware which allows this.

>>54983332
>>device is confirmed as being able to transmit your private keys online
You're a dumb moron, it's the Ledger Recover service not your physical Ledger actually transmitting information.

>>54983370
>Ledger is physically capable of exporting your seed phrase
fucking lmao you really are a bunch of retards

>>54983390
How does recover get the salted seed phrase shards?

>>54983385
>>54983390
>The device sends encrypted shards of your seed to different companies if you decide to use the service. You can of course still choose to backup it yourself.
says the co-founder of Ledger. Source: https://www.reddit.com/r/ledgerwallet/comments/13itm7u/comment/jkbyyfp/

>>54983400
same like the Trezor Shamir backup, SLIP-39
https://github.com/satoshilabs/slips/blob/master/slip-0039.md

>>54983424
Right, so it is exporting your seed phrase from the device. In a multisig encrypted form, but the seed phrase is still exiting the Ledger.

what the fuck

If any of you bought a Ledger after July 2020 when it became public that they leaked everyone's personal information, you got what you deserve.
Trusting compromised and incompetent companies with incredibly difficult cryptographic problems when they can't even do something as simple as securing an email list?

Ledger is the official midwit brand of crypto.

>>54980049
It always had that capability. EVERY hardware wallet plugged into your computer is nothing but a hot wallet.

You have no idea what software is running on closed source devices like Ledgers, and you can't trust the software you send to an open source device like a Trezor is what's actually running on it.

>>54983278
>>54983286
>>54983381
>>54983385
>>54983390
Reminder that every time you update your Ledger it opens a connection directly to computers Ledger controls.

You don't know what software it's updating to
You don't know if you're getting a custom backdoored version just for you
You can't save and verify the software at a later date

Ledger devices are explicitly designed for covert, targeted attacks against individual users.

>>54983458
Then how tf are we supposed to store our funds securely if no hardware wallets can be trusted?

>>54983509
Trezor is completely open source
There are even guides on how to build a trezor from scrap parts

>>54983509
You start by ignoring wallets that serve their updates in this backdoored way. Ones that let you download a file and use that file to update the device, of which the file is verified by multiple users.

It's also good to keep in mind that no large holders, exchanges, custodians, or whales use hardware wallets sold to pleb retail like Ledgers. They have operations that look more like how Certificate Authorities operate.

If you insist on using retail hardware wallets at least use multi-sig with more than one brand. But just avoid Ledegr entirely, they couldn't be shadier if they tried.

>>54983537
If you can get the parts for any of these open-source wallets it's the best way. Store/web bought Trezors unfortunately can't ever be trusted because they lack any hardware tamper protection or detection.

Just ordered trezor desu

>Kleros integrated for social recovery with ledger
>no one mentions this in the thread

Yep, I’m thinking Clement and Federico are fucking retarded

>>54983325
>head injury
>oops all my money is gone lol

>>54983735
MY BASTERDS

>>54983735
i think we're more concerned about getting butt raped by a 1337 coder than some e-celeb appearance in the credits

>>54983735
Because nobody with any value worth securing has ever heard of "Kleros."

>can't pay tax when you forget your seed phrase due to a head injury

>>54983451
that could have been a test, if sales dont go down and they keep using our product then we know these idiots will allow us to do what we have planned later for them

>>54983799
Not sure what you’re saying. If you’re saying that Clement and Federico are incompetent fucks when it comes to marketing, yeah I agree no one knows what Kleros is

However if what you’re saying is taken at face value it’s objectively wrong for the fact ledger partnered with them so there is value to be secured

>>54983836
It doesn't have to be a grand conspiracy. The obvious explanation is that these are just incompetent people who have no idea how to build robust, secure hardware and software and are in over their heads thanks to being one of the 2 original options in the early days.

The landscape has squarely passed Ledger by, made obvious to anyone when they launched some ridiculous full-screen wallet (completely unnecessary and adds to code complexity) designed by the guy who designed the iPod (only for name dropping) without addressing any of the real market needs that have appeared since 2014.

>>54983873
It's just a joke about Kleros being a zero-value shitcoin. Red flag for anybody to be partnering with something like that.

It’s over. Where do I buy a bitbox.

>>54979976
Yo what's the deal with this.
This is massive news
Shouldn't this be pinned? This is gonna fuck all of us.
I have hundreds of thousands stored on my fucking ledger what the actual fuck js this shit
How are you guys so fucking calm??

>>54984064
If you're schizo buy one from the company direct and one from some other place then open them up and compare the insides.

>>54984084
Most smart people dumped Ledgers after 2020 when everyone found out they were too incompetent to run a website securely.
Only the midwits remain and most of them were oblivious to how insecure Ledger devices are until last night, when it finally started to click.

>>54983281
Realest shit I've read today 100

>>54979976
Fuck off i just bought one

>>54979976
guess I need to buy a trezor. I'm done with this shit company. It's honestly amazing that I haven't been wrench attacked considering they leaked my data and then celsius leaked my siht as well

>>54983481
So is Trezor any better?

>>54984773
>>54983575

nano s chads, we won

>>54984907
Based on the same vulnerable closed source software and update mechanism.
Everything Ledger should have been considered DOA after 2020's hack.

>>54983481
>Ledger devices are explicitly designed for covert, targeted attacks against individual users.
This. I only ever used Ledger for coins that aren't supported on Trezor. Always use Trezor first.

>>54984773
Yes. First it didn't leak your personnal (mail, adress, phone number), like Ledger did 2 years ago.

>>54979987
>So you need to show ID
Finally, Trezor chads has won. Just waiting for NexeraID to be integrated on the interface so that no fucking third party can stop us because of ID proofs. When this one ledger?

>>54982502
encrypted with what? do you at least need your password or something to do a recovery?

>>54980061
>Is that how it works though?
Yes. In order to backup your seed phrase, ledger live can now request the wallet to send "encrypted seed shards" over USB. So now all you have to do is reverse-engineer that ledger live function and you can create malware to extract those "shards."
Now you might think, but that's not the seed phrase, its encrypted. But in order for recovery to work Ledger itself has to have the keys to those "seed shards." Consider the following:
>this company already leaked the entire customer database.
>most crypto "hacks" are just insider action
All it takes is 1 bad actor in the company and 1 piece of software to easily retrieve and decode your seed phrase.

The whole point of a hardware wallet is that shit like this shouldn't be possible.
They added an attack vector FOR THE ENTIRE CUSTOMER BASE regardless of whether they suscribe to the service or not.

>>54986422
>They added an attack vector

It was there the whole time.

>>54986659
That's speculation.

>>54983575
>Store/web bought Trezors unfortunately can't ever be trusted because they lack any hardware tamper protection or detection.
This is a bullshit talking point made up by ledger shills btw.

>>54986810
cope

>>54986830
Can you please elaborate? I actually bought a ledger instead of Trezor for that point alone HAHA.
So Trezoe actually do have tamper-proof measures in place? Like what?

>>54979976
HAHAHAHAHAHAHAH

>>54979976
Bump

>>54986830
>>54983575
>Store/web bought Trezors unfortunately can't ever be trusted because they lack any hardware tamper protection or detection.

Ho lee fuk crypto only gets worse day by day.

>>54983509
you use open source wallets

>>54984118
>Only the midwits remain and most of them were oblivious to how insecure Ledger devices are until last night, when it finally started to click.

Indeed I am one of them. I got a new ledger out of desperation and convenience since I was pressed for time at that moment. But it's time I go look for a Trezor now.

>>54983575
how the fuck am i supposed to get a trezor then i got to drive my ass to their warehouse and pay some mexican to get me one off the shelf?

>>54983537
can you link me to a good guide?

>>54983575
>If you can get the parts for any of these open-source wallets it's the best way. Store/web bought Trezors unfortunately can't ever be trusted because they lack any hardware tamper protection or detection.

Is that true pls respond porn to get attention im fucking shaking.

>>54979976
They’ll steal your crypto once you hit a certain net worth unless you allow them to digitally ID you thru injection

>>54987083
Ledger is only for coins that are unsupported by Trezor.

>>54986830
It's a factual description of the fact that generic hardware is impossible to fully secure.

In a perfect world you would be able to buy devices that were like Trezors but generic and not designed for crypto, so you can pur your own software on. Anything crypto specific has massive supply chain risk you can't get rid of.

Ledger just skips the middleman and backdoors your device for the attacks.

>>54986873
>>54987487
>>54987715
It's an unfortunate reality but the chances are you're fine. Trezor's were built for a different time, when supply chain attacks weren't a major threat and crypto wasn't as popular. Today if you insist on getting a retail hardware wallet I would probably recommend the BitBox just because they have a similar hardware security model as Ledger but aren't batshit insane as a company.

The real alpha is to order the parts or get a Raspberry Pi Zero without the wireless chip and tun that into the same thing, but it will be a pain to use and inconvenient if you're doing anything related to DeFi on a regular basis.

There is no perfect solution, the best compromise is splitting your funds into something like the above for cold storage you don't use, and then a Trezor/BitBox for high-velocity uses.

>>54986830
>This is a bullshit talking point made up by ledger shills btw.
No matter the level of shills against ledger, jews will still adopt it if they can integrate NexeraID or similar tool in case they third parties require identity verification or to face regulations..

>>54983576
But did you order it from Trezor directly or from...lol...Amazon?

>>54989166
Can’t you buy them at Best Buy now?

Since I've slowly become a BTC maxipad imma just buy a blockstream jade and be done with this shit company. they already leaked my email before, although a dummy one

>>54986422
>FOR THE ENTIRE CUSTOMER BASE
we will never know if they ship the same kind of see shard firmware on the OG ledgers and just freeze and bury this part of the functionality
could be potentially bricked in seconds with physical access once malware is available

>>54988329
>In a perfect world you would be able to buy devices that were like Trezors but generic and not designed for crypto, so you can pur your own software on. Anything crypto specific has massive supply chain risk you can't get rid of.
It exists.