still not hacked
How do you know this? There have been complaints from users claiming that their funds disappeared without any apparent reason from addresses controlled by Ledger devices. It's the fact confirmed through their online backup service that Ledger's code allows for seed phrase extraction. Of course Ledger officials deny
under oath any connection between these incidents and their close code but the question remains
at least for me whether should we trust what they are saying.
Adding to what you said: Ledger also pays bounties to hackers while making them sign nondisclosure agreements in exchange for the funds. Bounties are a common practice, not just for Ledger. But Ledger forces nondisclosure agreements and then lies, saying they've never been hacked. For example:
In this post, I’m going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element.
An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.
I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.
--Saleem Rashid
https://saleemrashid.com/2018/03/20/breaking-ledger-security-modelSome things never change. Ledger can't be trusted.