Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

Quote from: LoyceV on Today at 06:30:12 AM

Quote from: maxmad on Today at 12:45:20 AM

I think that the encryption part take place inside hardware wallet.

That would be my guess. And my next guess is the decryption keys are only known to Ledger and/or their "storage partners". That makes me wonder who has a backup, and how they were created. One way or another, it adds a risk that shouldn't exist in hardware wallets.

And that brings us back to this gem:

Quote

A Ledger employee just got phished. DeFi users lost over $600k

Ledger confirmed the attack was the result of a hacker compromising one of its employees via a phishing attack. After gaining access to Ledger’s internal systems, the hacker planted malicious software within the Ledger Connect Kit.

--DLnews, December 14th, 2023
https://www.dlnews.com/articles/defi/a-ledger-employee-got-phished-defi-users-lost-thousands/

Oh, but it gets better. Ledger changed their story, admitting it was a former employee who got phished:

Quote

How a Single Phishing Link Unleashed Chaos on Crypto:
"Ledger has confirmed the attack began because “a former Ledger employee fell victim to a phishing attack.”

--Decrypt
https://decrypt.co/209838/single-phishing-link-unleashed-chaos-on-crypto

How many former Ledger employees still have access to their codebase? Ledger won't say, not that we could trust any answer they'd give.