Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Merits 25 from 11 users
Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
by
o_e_l_e_o
on 16/05/2023, 10:15:30 UTC
⭐ Merited by Welsh (6) ,mprep (5) ,LoyceV (4) ,Pmalek (2) ,hosseinimr93 (2) ,NotATether (1) ,RickDeckard (1) ,FatFork (1) ,DireWolfM14 (1) ,vapourminer (1) ,DdmrDdmr (1)
So the very fact that this exists, even if you don't sign up for it, means that the next firmware update for Ledger devices will create a process by which your seed phrase is extracted from your hardware device, downloaded on to your computer, and then sent across the internet. That is a massive attack vector. It negates literally the entire point of a hardware wallet to keep your seed phrase and private keys isolated from computers and the internet.

Remember when Trezor and Ledger were the two best hardware wallets out there, and every thread had people (me included!) recommending either/both of them. How the mighty have fallen! Both are complete and utter trash now, completely ruined by awful decisions such as this one. Seriously, do the management teams behind both wallets understand nothing about bitcoin?

More and more I am glad that I have moved pretty much exclusively to airgapped, encrypted, cold storage for the bulk of my bitcoin. I know that my wallets will never suddenly pose a massive security and/or privacy risk out of the blue because of some absolutely moronic decision by a third party trying to squeeze more and more profits out of their customers.