What a waste of money. But when my Ledger arrives, what if I don't use the "Seed/Wallet Recovery" feature? Would that be safer than a consumer device that isn't being used for anything except Bitcoin/shitcoining?
Can you cancel the order?
The feature is called Ledger Recover. Even if you don't use it, the code for it is part of the firmware for your device. And the code is closed-source, which means the only way to prove what it does is to have Ledger show you the code - which of course they will not do. It's like asking if someone's secret recipe contains artificial ingredients. Even if they say it doesn't... they can't prove it without giving you access to the recipe, which is a secret.
Realistically, a Ledger device is perfectly safe... until the day hackers crack it (or a malicious employee? Or a stupid employee gets phished again?)
A Ledger employee just got phished. DeFi users lost over $600k
Ledger confirmed the attack was the result of a hacker compromising one of its employees via a phishing attack. After gaining access to Ledger’s internal systems, the hacker planted malicious software within the Ledger Connect Kit.
--DLnews,
December 14th, 2023Even worse: it was a former Ledger employee who got phished. HHhmmmm. Why do ex-employees still have access to Ledger's codebase?
"Ledger has confirmed the attack began because “a former Ledger employee fell victim to a phishing attack.”
--
DecryptSo, that's the issue. You're safe until you're not, and when Ledger gets hacked again, there won't be any way to know ahead of time.
If you can cancel the order, that's your best move. If you can't, ask for a refund before even opening the package.