What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.
How safe is that against a thief who steals your Ledger and uses "Recover" to extract your seed phrase from the "secure" element?
In this case, owning a Ledger loses any meaning. This is precisely the trick with hardware wallets, that no one except you (even physically) can access the contents of the wallet.
What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.
How safe is that against a thief who steals your Ledger and uses "Recover" to extract your seed phrase from the "secure" element?
My ledger is from before this firmware update. Furthermore, the service was never active. Now, the observation is valid, and therefore requires the person to be very attentive to how they use things - like not walking around with the Ledger in their pocket.
If you have not updated firmware, this doesn't mean you are “immune” to ledger Recover. They can force you to update, for example, by limiting the functionality of older firmware versions or making them inoperable. Not necessarily directly, but for example, with the help of Ledger Live, which will stop “seeing” devices with old firmware or something like that. I’m sure Ledger will be able to figure out how to force an update.
What I say is simple: do not have Ledger Wallet installed on your PC; use Electrum or another wallet to access Ledger; and never do this type of configuration.
This is clear for anyone who wants to continue using their HW Ledger.
It's impossible to use ledger wallet without ever using ledger crap app.
First you need this crap app to install and update device firmware, so you need to install and use it minimum one time or more.
There is no way around to generate new ledger account with electrum or any other third party wallet if you have new ledger device.
Already at this stage a devilish cunning was laid down, which for some reason was not noticed for a long time.
Such dependence of ledger on ledger live completely deprives the device of autonomy and independence. This is already a serious reason to doubt.
I am not afraid of Ledger stealing the keys.
Stealing will land them in prison, so that's not my biggest worry. But leaking the keys is a real risk.
Not every
thief attacker goes to prison.
Ledger becomes vulnerable to both online and offline attacks. Why is this device needed at all?