Adding to what you said:  Ledger also pays bounties to hackers while making them sign nondisclosure agreements in exchange for the funds.  Bounties are a common practice, not just for Ledger.  But Ledger forces nondisclosure agreements and then lies, saying they've never been hacked.  For example:


Some things never change.  Ledger can't be trusted.

It's open source!  ...except for the part that isn't, which means you can add that lie to the long list of Ledger lies.

Any closed source code means the code isn't open source, because the code contains code that isn't published and thus cannot be verified to be safe.

That, right there.  That's exactly it.

The code for this stuff is beyond my abilities, so I stick to hardware wallets that are open source and whose code is used by experts I trust.  It's even better if their code is added to or improved by experts I trust.

I say this with all due respect.

Prove the Ledger Nano doesn't have any of the code that enables Ledger and other companies to gain access to the user's seed.  Don't quote Ledger.  Ledger has lied many times about many things, so the value of their word is zilch.  Prove it.  You can't, which means the device can't be trusted.

That's the difference between open source and closed source.

With open source code, if somebody has doubts, you give them the link to the code.  It's all there, published for the world to see.

With closed source code, there's no way to prove anything.  And since Ledger has lied so many times about so many things, anyone who trusts them is either ignorant, meaning they don't know better, or they're just plain stupid.  Ledger had to scrub their entire website to remove lies.

Too many people trust their Bitcoin to companies that lie to them, and Ledger is the worst of the worst.

No Ledger device can be trusted, long term.

I agree, the most likely scenario here is that somebody found the OP's seed.  Let's say it was stored in a safe.  Somebody found the combo, or somebody found the key.  Remember, OP: they don't need to steal the paper your seed is written on.  They'd just take a picture of your words.  That's all they need to steal your coins later.


Ledger hardware uses closed source code, so there's no way to prove that is true.  Sadly.  It is possible that seeds on Ledger hardware can be accessed over the internet.  The code is closed source, so we just don't know.  I wish people would stop making assumptions about the safety of devices that run closed source code.

Closed source code is like a meal where the cook won't tell you what's in it.

Closed source code cannot be trusted, because closed source code cannot be verified.  Anyone who says otherwise is someone you should not trust, if you value the security of your Bitcoin.


Probably, but not necessarily.  There's always the chance that somebody who hacked Ledger's code would sit on keys they acquire in order to not let Ledger know their code has been hacked.  I don't think this is likely in this case though, but it's a possibility.

I strongly suspect that when the code for Ledger gets hacked, we won't know about it for months, if not longer, because the hackers would want to steal as many keys as possible before Ledger realizes there's a problem, since patching the code would cut off the hacker's access to stealing people's keys.

Closed source code cannot be trusted, because closed source code cannot be verified.  Anyone who says otherwise is someone you should not trust, if you value the security of your Bitcoin.

You're on the right track - but don't think of it as a QR code.  Think of it as data.  A QR code is just a visual representation of data.  Scan the code to transcribe the data.

I would think of it like this:

How difficult it would be to make a string of data that can be recovered two different ways:

1) Unencrypted, but valid.  For example, as a decoy seed.

2) Encrypted and you have to enter a decryption key to get the real seed.  A decryption key is just a password or passphrase.  It's whatever you set up as the decryption key.

As for your original #3:


You can do that now, with Krux.  Here's how.

Create an encrypted QR code.

Let's say this is your seed phrase:

"maid water stomach exhibit much wood useless blood debris reject either green"

To make this easier to talk about, let's call that seed phrase "Green."

And let's say you want to protect it with a crazy strong passphrase.  Use Krux to make an encrypted QR code for this long passphrase (which is actually a seed phrase):

"claim pigeon depth cook clerk paper merge bachelor winner patrol surprise muffin"

To make this easier to talk about, let's call that passphrase "Muffin."

And let's say this is the decryption key for Muffin:

"nine sky red truck"

Here's the magic:  Use Krux to create an encrypted QR for your Green seed phrase, using Muffin as the decryption key (the passphrase).

So...  to decrypt your seed phrase, you'd use 2 Krux devices.

Krux A:  Scan Muffin and enter the passphrase to decrypt it: "nine sky red truck"  Then have Krux show you a plaintext QR code for Muffin.

Krux B:  Scan your Green seed, then scan Muffin on your other Krux to decrypt it.

This is yet another example of why I'm not a fan of saving a seed on a hardware wallet.  Every secure element will eventually get hacked, meaning you'll need to upgrade again and again.

There's a better way.

With a device like Krux or SeedSigner, you can save your seed on a QR code that you scan in order to load your seed.  There's no need for a secure element chip or even a PIN code to unlock the device since there's nothing saved on the device.  Plus, it's fully airgapped.

And with Krux, you can save your seed as an encrypted QR.  If somebody finds your encrypted QR, they can't scan it without the decryption key.

If somebody steals your device?  No worries.  There's nothing on it.  And if you use an encrypted QR, no worries if somebody finds it.  They can't scan it without the decryption key.

Best of all, the encryption is open source.  It's industry standard CBC encryption with as strong of a decryption key as you choose.  You can even save your decryption key as a QR.

Companies that make hardware wallets are never going to use the Krux/SeedSigner way of loading seeds via QR because they make money through hardware sales and upgrades.  "Oh, no!  Last year's secure element chips have been hacked!  Better upgrade to the latest model!"  It's ridiculous, but I don't blame them.  It's a business model that works.  I don't have to worry about any of that though.  I never save my seed on a device.

Pro Tip!  There's a fork for SeedSigner that enables encrypted QRs too.

How do you PROVE it?

I'll never understand why people put their Bitcoin at risk by using closed source wallets, especially when there are outstanding fully open source alternatives.

I strongly encourage you to read more about the Bybit hack.

This will happen to Ledger.  It's just a matter of time.


https://decrypt.co/307866/how-bybit-hacked-1-4-billion-ethereum

Now, to put that in context for Ledger:

Ledger created an API to enable key extraction from Ledger hardware devices over the internet.  It's baked in to the Ledger firmware.  That will get hacked.  It's a question of when, not if.


Ledger holds the master key for their key extraction scheme, which includes access to all keys stored on Ledger's servers and other companies' servers, using Ledger Recover.  That will get hacked.  It's a question of when, not if.


And, making matters worse, Ledger's codebase has been hacked.


For hardware wallet users, the lesson to be learned is this:

Never use a hardware wallet that allows internet access to the device.  No exceptions.  Your keys need to be where hackers cannot reach them over the internet.

I assume everybody here understands how hardware wallets generate transaction signatures without accessing the internet, but if you're not clear on how that works, I'd encourage you to learn about it.  Understanding how this stuff works helps to keep you safe.

Ledger's code enables key extraction from the device over the internet.  Ledger devices can't be trusted.  Ledger lied about it, every step of the way.  Ledger can't be trusted.

Never use a hardware wallet that allows internet access to the device.  No exceptions.

That sentence should tell you everything you need to know.

It doesn't mean they also lied about milk being white.  It means they are a long-term provably untrustworthy source of information and security.

Ledger's word means nothing.  What they say is irrelevant because their words cannot be trusted.

Ledger said your keys never leave your device while they were writing key extraction code.  Ledger said an employee was phished, but then had to admit it was a former employee.  Ledger prints "We are open source" on the box for hardware that runs closed source code.  Ledger says they've never been hacked but they pay bounties to those who hack them in exchange for their silence.  I wouldn't be surprised if we find out the company's name isn't even Ledger.  Nothing Ledger says can be trusted.  Nothing.  Ledger is dirtier than a pile of dirt on a dirt floor.

That would only restore a fool's trust.

The code is closed source and the company lies to their customers.  How can anyone ever believe a word anyone at Ledger says, ever again?  Only a fool would believe them.

This is what Ledger was saying while they were writing firmware for Ledger hardware wallets which enables key extraction over the internet.  This is what they were saying while working with other companies on a scheme to enable key extraction from users' hardware wallets over the internet:


Lies.


Lies.

And from the Ledger website:


Those are lies.  They were saying that while writing the code to do it.  They were saying that while signing contracts with other companies to store the data for it.

They were saying that, while writing code to enable key extraction from users' devices over the internet, and they put that code on users devices before letting users know key extraction was now built into the firmware on their devices.

Only under great pressure did they finally admit this:


How could anyone ever trust Ledger again?

Ledger can't be trusted.

Do you know of a good guide for doing that?  Is PiTrezor a common term for it, or is that just what you call it?

It's a great idea.  I've been meaning to build one for a while.  It's on my long list of "I'll get around to it, eventually" projects.

Users wouldn't be harmed by Ledger going bankrupt unless Ledger's code or keys end up in the wrong hands.

If Ledger goes bankrupt or collapses somehow, users' devices would still work.  Folks would need to switch to different hardware eventually, or they could keep using their Ledger hardware with other apps.  For Bitcoin, it's easy to use a Ledger with Electrum or Sparrow instead of that Ledger Live trash.  So that's not a problem for Bitcoiners.

The only thing that would harm users would be if Ledger's codebase or keys fell in the wrong hands:


That's horrifying.

In theory, that would only affect users who subscribe to Ledger Recover.  In theory, anyway.

In reality, Ledger's code is closed source, so we have no way of knowing how much over the internet access Ledger has to the keys on Ledger hardware, but we do know they can access the user's keys.  We know Ledger can access the keys on Ledger devices over the internet, because that's what Ledger Recover does.  So, if anything goes wrong at Ledger, there's always the chance keys can be stolen from user devices the moment they turn 'em on.  Anyone who says otherwise is making unsafe assumptions.

Ledger can access a user's keys on that user's device over the internet.  That's what Ledger Recover does.

By baking the code for Recover into their hardware wallet firmware, Ledger created a time bomb.

I live in an area with a lot of younger people and some seasonals.  People get robbed.  Not all the time of course, but it happens.  There was a fake movers scam a while back that was brutal.

Ledger Live sold you out though.  It has tons of trackers that send out data about you and everything you do.


That's bad.


People make the mistake of thinking "doesn't support" means "doesn't contain any of the code or vulnerabilities."

The code is closed source.  Even though the original Nano S doesn't support Ledger Recover, it doesn't mean the firmware doesn't contain any of the code that enables at least some form of internet access even if it's not supported.

This is especially an issue if they're reusing any code across devices.  Any sloppy work could create unintended vulnerabilities.  And Ledger has proven their work can be very sloppy, which is why they leaked their entire customer database a while back, and why former employees still had access to their codebase (and got phished).

And with the Nano X, you have the issue of bluetooth which means potential access for online hackers to reach the device.

I'd never trust Ledger.  I'm embarrassed that I ever trusted them in the first place.

Yeah.  I think the bigger issue is if you get robbed and the piece of furniture is stolen by a thief who doesn't realize it has important info hidden in it.  Or worse: "Honey!  Surprise!  For your birthday, I got you a new (thing you had washers screwed into)!  I donated the old one to Goodwill."  Ruh roh.

The K210 hardware Krux runs on has no wifi.
It has no bluetooth.
And the device is not connected to a computer or phone.

The only ability the device has to reach the outside world is via QRs displayed on the screen, such as Bitcoin signatures.  And Bitcoin signatures are math.  If anything on a hardware wallet attempts to change any detail in a transaction, the signature will fail.

Remember: the "crypto" in cryptocurrency stands for Cryptography.  Bitcoin signatures are a form of cryptography that mathematically prove you have the keys to make one specific transaction without revealing the keys.  The signature will be different for every transaction because each signature must match the details of that specific transaction and the keys required to execute the transaction.

If any part of the transaction on the hardware wallet doesn't match what the coordinator app set up, the signature will fail because the math will fail.

Also, keep in mind, these K210 devices aren't designed to be used as Bitcoin wallets.  In fact, the use of them for Bitcoin wallets isn't even large enough to be part of the business model for the companies making these devices.  They're mostly for stuff like toy robots and handheld games.

Check this out:  Yahboom STM32 Self-balancing Robot Car--K210 module kit

But let's follow the hacking or malicious chip thought through.

Krux firmware wipes the device on install, so there's no threat of malicious code.  Krux isn't an app.  It's the OS and everything.

Even if a chip in the device was hacked at the factory to change any Bitcoin address it encounters or whatever you're imagining, every Bitcoin transaction would fail because the signature would fail because the data in the transaction on the coordinator app wouldn't match the hacked device's data.

Again, remember: these devices are QR in and QR out.

I assume you know the difference between a hardware wallet and a coordinator app.  The coordinator app has no access to the keys in the hardware wallet.  And the hardware wallet device doesn't know anything about the transaction in the coordinator app except for what it receives via the QR code.

The coordinator app generates a QR code from the unsigned transaction for the hardware wallet to sign.  The hardware wallet generates another QR code with the signature.

If the hardware wallet has been hacked to change the data in any way, the coordinator app won't accept the signature, because the signature won't be mathematically correct for the transaction on the coordinator app.

That's a really important concept to understand.

That's is how a hardware wallet keeps you safe.

An airgapped hardware wallet, such as this, is even better since there's no connection between it and any other device, including the coordinator app.

An airgapped hardware wallet just receives a QR code with the transaction details and generates a QR code with a signature for another device to scan.

Don't trust the QR code?  No problem.  It's just text.  Verify it.

Don't trust.  Verify.

You're right.  That's something to keep in mind.

I've been thinking about this stuff a lot lately because someone asked me how people in apartments can secure their seed phrase, and I realized I didn't like my answer.  My response is always "Write your seed words on paper.  Keep 'em in a safe.  Make a metal backup.  Keep it in a safe deposit box."  But many banks aren't doing safe deposit boxes anymore, and the kind of safe a typical apartment resident would have can be easily popped open or stolen and drilled.

That got me thinking about how to secure the words in metal somewhere that wouldn't be found or stolen, which led me to door hinges.  It's a big flat metal surface that can't be seen or accessed.

You'd definitely have to have some sort of reminder for yourself when you eventually move out, of course.

This stuff is fun to think about.  It's a challenge.

You're on to something there!  If you're going to build it into something, you could use metal brackets instead of washers, and stamp the words into the side of the metal that goes into whatever you're building.

Or better yet, use door hinges.  Holy crap!  I think I love this idea.

Take the bathroom door off its hinges.  Stamp the words into the side of the hinge that goes against the door and the door frame.  Put the door back up.

Every single time you use that door, you'll smile.  If anybody asks why, just tell 'em you had a truly exquisite bowel movement.