Ledger Hardware Wallet Risks!? Here’s Everything We Know!

Are Hardware wallets really as safe as We think they are the recent Ledger Debacle has left many of us asking that Exact question do we really have to Trust Hardware wallet manufacturers and Are they merely one upgrade away from Being able to extract our private keys Well that's exactly what I'm going to be Going through in this video so you don't Want to go anywhere Before we can dive into the weeds of Hardware wallets in general it's Important to have a bit of backstory on What exactly happened with Ledger it was A little over a week ago that the Company unveiled its recover service This is an opt-in feature that allows You to recover access to your device Should you lose your seed phrase that 12 Or 24 word sequence of random words You're given when setting up the device For the first time now this service Works by splitting your seed phrase into Different pieces or shards these shards Are then sent to three trusted third Parties Ledger coin cover and a third Provider that way if ever you were to Lose access to your seed then at least Two of these three service providers Could help you recover it all for the Low cost of only 9.99 a month Sounds great right well that's until you Find out two very important details Firstly in order to use this feature you

Need to provide ID of some sort so you Already need to trust that this Information won't get out or be shared With someone else but what really caused Alarm bells to start ringing was the Idea that a seed phrase could in fact be Extracted from the device in the first Place That runs contrary to everything that People have thought about Hardware Wallets that the private key would Remain on the device and could never be Exposed or extracted in any way the Uproar was Swift and merciless polygon Lab's Chief information security officer Said on Twitter quote The problem here is that the encrypted Key parts are sent to three corporations And they can reconstruct your keys Popular crypto Twitter personality DC Investor said quote WTF are you guys Doing this is going in the wrong Direction fast I would recommend no one Upgrade to such firmware Many others were a lot less generous With their choice of words and on the First day of the recover Services Release Ledger was in pure PR Firefighting mode They decided to hold a Twitter spaces on Release day and were pains to point out That this was only opt-in and people Didn't have to use it if they didn't Want to moreover users could decline to

Install the firmware update which Carried this new feature however this All raised more questions than it Answered for one would Ledger be Providing a separate firmware upgrade That did not include this feature they Couldn't just expect users not to Upgrade in perpetuity eventually their Ledgers would go out of date and Wouldn't support certain apps But perhaps the far more pressing Question that came from this was whether Ledger had the ability to issue a Firmware upgrade that could extract a Private key essentially are our private Keys one poisoned firmware update away From being exfiltrated how much trust Should we place in Ledger's handling of Their firmware upgrades for one thing It's not as though Ledger has the best Record when it comes to storing customer Data the hack of its database and Subsequent leak of customer records in 2020 is not easily forgotten and even if We do fully trust Ledger what happens if The company is subpoenaed what if a Government agency forces them to issue a Firmware upgrade that builds in the Backdoor functionality Now the backlash only got worse for Ledger the following day statements from The company on Twitter only seem to make An already dire PR situation worse That's because previous statements had

Been made that stated that the private Key never left the secure element chip In a tweet from November of last year Ledger had said quote a firmware upgrade Cannot extract the private keys from the Secure element yikes All of this raises some important Questions not only about Ledger devices But about Hardware wallets more broadly So let's start with perhaps the biggest Misconception that we all had that no Key data is ever able to leave the Device Now here I'm going to lean on this tweet Thread by haseeb Qureshi the managing Partner at dragonfly capital A crypto Investment fund he presented these two Infographics for us this one is how we Used to think Hardware wallets like Ledgers worked this one is how they Actually work now the secure element Chip is like a small computer that also Holds Ledger's operating system this Means that Ledger's firmware upgrades Can affect the way things function Inside the secure element so it can be Programmed to send back anything that's Requested now this is actually required In order for the device to upgrade and Support newer chains whenever there's a New app being installed on the device it Will in principle be able to extract Private key data that's because in order To support these new chains they'll need

To create a new key that's derived from The master key on the device Now I'll also leave a link to the thread By Ledger's CTO in the description for You as it goes into the mechanics in Much more detail as he makes clear in That thread using a hardware Wallet Requires a quote minimal amount of trust This means that every time you've had to Approve an upgrade on a ledger device You've had to have trust and as we all Know trust is a dirty word in crypto it Goes against the ethos on which Trustless blockchains are built moreover As I mentioned earlier it's not about Trust in Ledger per se but trusting that They won't have to comply with any sort Of government requests now Ledger's Co-founder and ex-ceo created a Reddit Post where he addressed the debacle and Said that technically governments could Recover the shards and quote get access To your funds I will caveat though that This was in the context of the recover Shards and not the issuance of poisoned Updates but surely the principle should Be the same In a recent podcast the current CEO also Waved that subpoena concern Away by Saying that it's quote not that common However he was reminded that coinbase Was recently subpoenaed for something as Simple as customer data I'll leave a Link to that podcast in the description

For you folks Now one of the reasons for this Miscommunication and subsequent PR Disaster is that Ledger's code is closed Source users were never able to peer Into the repositories and see how the Secure element worked hence the reason That this all came as a shock So the result is that many are now Calling for the code to be open sourced Indeed I think that this is one of the Only ways in which users can fully Verify the security of the device as They say don't trust verify And this is also one of the reasons as To why I have always preferred Treasures Over ledgers tresor's code is open Source and hence there's no room for Confusion as to how the devices operate Moreover they have the option to Generate more than one seed phrase Through their Shamir backup now I've Talked about this in much more detail in My Tresor video but it basically allows Contingencies for seed loss without Having to hand over seed phrases to the Manufacturer or third-party custodians That said open source is no Silver Bullet by opening your code to the world You're also opening it up to all those Who may want to exploit it moreover most Treasure users don't read the code That's being pushed before choosing to Upgrade I can't read firmware code

Myself and I am going to have to hope That the white hat hackers out there are Better at auditing it than the black Hats are so there is still an element of Trust needed in third parties I'll also Add that Tresor devices are vulnerable To what are termed high voltage Glitching attacks now I won't go into The specifics of those here but I will Link to a handy video by Kraken security Labs that discovered the exploit the Caveat here though is that such an Attack requires physical access to the Device as well as the tools and Technical know-how to execute it And if you're looking for any other Wallet Alternatives then you could Consider a fully air-gapped kind these Are Hardware wallets that have Absolutely no connection to any network Or pc be it through Wi-Fi Bluetooth USB Etc they operate independently and all Transactions are signed via a QR code Now one of the better wallets of this Variety is the engrave zero which we Have reviewed before and we also have a 10 discount on the engraved device for Coinbier viewers which you can take Advantage of with the link down there in The description I will note though that The code is also closed source so there Is another element of base level trust In the firmware updates although the Team apparently intends to release a

Roadmap for open sourcing their code so You can keep an eye out for that there Are a host of other Hardware wallets you Could consider as well and I'll leave Links to all the videos and articles That we have on them in the description Too now I would personally suggest Buying more than one and spreading your Coins across them diversification isn't Only useful when it comes to the assets That you're buying but also how you're Storing them so this brings me to the Big question of what this means for Ledger ask users and the hardware wallet Sector more broadly well I think the First and most important lesson that Anyone can take from this is the Importance of crystal clear Communication from crypto companies About what exactly can and absolutely Cannot be done with their products this Is especially the case with a product Like a ledger which people rely on to Store their crypto wealth you cannot Allow the technicality of a device and Its mechanisms to justify the omission Of relevant information the Misconception that quote Keys Never Leave the secure element had become so Ingrained that it was almost inevitably Going to cause pandemonium when the Truth came to light When it comes to the recover feature Itself well I would advise against using

It or upgrading your devices indeed at The time of recording this video it Appears as if Ledger had already rolled Back the initial firmware upgrade Perhaps they've taken their users Feedback into consideration and ditched The upgrade entirely we shall see Either way this whole HooHa has opened Our eyes as to how Hardware wallets work And whether they were always as secure As we had believed if there is closed Source code an element of trust has to Exist trust that firmware upgrades are Not being pushed that could one day Threaten the security of our assets Perhaps Ledger will go down the open Source path but well I wouldn't count on It they've already shown that this isn't Something that they're keen on doing Even then open sourcing code has its own Risks and unless you plan to personally Audit the code well there are still Elements of trust you need to have in The broader community However I think the most important thing That was exposed by this Fiasco is the Constant battle between usability Practicality and security There's no doubt that paper seeds are Far from ideal you have to make sure That you don't lose that paper or worse That it falls into the wrong hands this Is something that most new users won't Fully appreciate for the next 100

Million crypto users perhaps they all Want the option to restore a wallet Without having to rely on the paper seed But that is something that should be Completely up to the user they should Not have to rely on third-party service Providers that use their ID information Perhaps a system akin to tresor's Shamir Backup would have been a better option But then again is this user friendly Especially for new users do these users Still want to hold paper backups that's Not something that I can answer and it All points to a problem that afflicts The whole crypto industry the user Experience is still a long way from Being anything close to good enough Whatever the case the last thing we want Is new users reverting to holding their Funds on exchanges because they find Self-custody too complicated companies That make these devices should be trying To find solutions that make self-custody Simple and user-friendly for all but it Should never come at the expense of the Sole purpose of the device That's my two SATs at least Well I hope you folks found this video Helpful I'm Keen to get your thoughts on The matter now though what do you think Of this debacle have you considered Other Hardware wallets and if so which Ones let me know in the comments below Don't forget that if you want to pick up

Any other Hardware wallets I have Special discounts for you in my deals Page which is down in the description so Do check it out and finally if you found This video helpful then smack a like on It don't forget to subscribe and turn on All notifications so you're ready for When our next video hits the tube thank You for watching and stay safe out there This is Guy bidding you goodbye